Securing the Steering Wheel of the Internet
Yousif Hussin
Student ID: 23048362
MSc Information Systems Security
Systems and Applications Security
Table of Contents
Abstract: 3
Introduction: 3
The Attack Surface of the DNS System: 4
Development Timeline of a Secure BIND DNS Server Implementation: 5
Zone Transfer Security Issues: 5
Software Code Vulnerability - Format String Vulnerability in nslookupComplain() Function (CVE-2001-0013) 6
DNS Cache Poisoning: 7
Advanced DNS Cache Poisoning and the Kaminsky DNS Attack: 8
DNS Server Advanced Protection Techniques 9
DNS Server Operating System Hardening: 9
Authenticated DNS Server-to-Server Communication: 10
The Integrity of DNS Data, and DNSSEC: 11
References 13
…show more content…
Introduction:
The Domain Name System (DNS) is the system (or agent) responsible for resolving Domain Names (such as www.google.com) to IP Addresses (such as 212.0.130.23), which is required to make the Internet usable. This resolution list is distributed throughout the Internet in a hierarchy of authority. There 's normally a DNS server hosted by ISPs (Internet Service Providers) to serve their clients (Rouse 2005). The basic operation of DNS in a single Internet resource request is shown in Figure 1 (AFNIC 2009). It functions like a database that is distributed over DNS machines that interact with each other to be able to respond to a user 's query. The top of the DNS hierarchy contains the top level domains, such as .com, which are controlled by top level DNS servers. The DNS server implementation which is used for this paper is BIND, which is the most widely used DNS server implementation on the Internet today.
The Attack Surface of the DNS System:
The following are the general categories of attacks on DNS Servers, in terms of the nature of the vulnerable target, which give the attacker the ability to impact on the normal behaviour of the DNS Server and the Internet:
• DNS Protocol and Software Bugs specific attacks
• DNS Infrastructure Attacks
The first category of attacks concerns vulnerabilities within the anatomy of the DNS protocol and the software implementation of the protocol. The second category of attacks concerns
DNS (Domain Name System) : used to translate the internet protocol services. Stand-alone daemon run by script named.
DNS is a commonly used service in the Internet. Explain the roles of the local name servers, the authoritative name servers, and the root name servers.
DNS stands for ‘Domain Name System’. It is an internet service that works like a
DNS- DNS stands for domain name server and is a network of servers that keep track of Internet Domain Names. Its main job is to authenticate and find domains. It translates IP Addresses into numbers, for example, 172.194.40.143 translates into
This type of attack is any event that diminishes or eliminates a network’s capacity to perform its expected function. These attacks are launched against server resources
It was three days of intense exercise and note-taking that focused on restoring motor control patterns we are born with. The purpose of DNS is to take us back to basics. Back to the days before we started sitting at a desk hunched over for 8 hours a day. Back to
DNS is critical in the footprinting of a target network. It can sometimes save the attacker a lot of time, or at least corroborate other information that has been gathered. DNS is also a target for several types of attack.
The DNS port 53 is transported in plaintext and unencrypted. The operating system (OS) patching and hardening would have prevented critical vulnerabilities regarding DNS attacks in the company.
If a casual user of the internet were to Google a search for the word “privacy” as of June 2015, there would be close to 2 billion hits. Discussions of privacy, piracy and internet breaches are everywhere. The numerous Google hits show there is nearly universal agreement that (1) we have less privacy and more information than we used to, and (2) this is bad.Information itself is, of course, not bad, but as we have witnessed recently, even personnel record maintained by the United States government are subject to unethical hacking by all sorts of unscrupulous individuals and governments. Clearly, privacy is something that a great many people and businesses are concerned about. Whilenew information technologies (IT) have created the possibility of making lives easier or better, new IT has also created new conflicts with our existing business and personal norms, and laws and our traditional ethical principles. IT has even caused the creation of a new field“Information Systems Ethics” to cover these changes ( ).
Attackers attack the network by identifying a weak point in the network and create a network threat. There are four primary classes of threat: Unstructured Threats, Structured Threats, External threats and internal
1984: The year 1984 saw the introduction of Domain Name System (DNS). The DNS is a decentralized naming system for computers, services, or any resource connected to the Internet or a private network. It links information with domain names allotted to each of the partaking entities. Most importantly, it interprets more readily memorized domain names to the numerical IP addresses required to determine the location of and to identify the computer services and devices with the fundamental network protocols. The first domain name registered was symbolics.com on March 15, 1985.
The topic of regulating the internet has been a growing concern for many Americans. There are many people including myself that feels the government should catch up with the internet and create some type of regulation for the context published on internet sites, epically social media. However, there are also people who believe they are protected under the “freedom of speech act” so they post whatever they want online.
Alternative type of attack is called a Distributed Denial of Service (DDoS) attack. DDoS attacks are launched form numerous linked devices that are spread across the Internet. They are commonly harder to deflect, because of their sheer volume of devices involved. Unlike DoS attacks, DDoS assaults be apt to target the system infrastructure in an effort to drench it with huge volumes of traffic.
Internet safety has been an extensive issue for children and adolescents since accuse to the Internet has become readily available in homes. With Internet use increasing at such rapid rates and a large proportion of adolescents using the Internet daily, the awareness of Internet safety should be addressed. The term Internet safety can be defined as “the knowledge of maximizing an individuals safety to private information, and self protection from using the Internet”. The impact and influence that the Internet has on adolescent life is far-reaching and research findings by Norris (2007) indicate that one-quarter of the American youth that go online at home, do so in the privacy of their rooms. Additionally, with the recent trend of wireless connections there has been a profound expansion in private Internet usage. The diverse means by which adolescents are using the Internet has become coupled with inherent risks of unsupervised and uneducated use.
DNSSEC is a set of DNS extensions that authenticates the origin of zone data and verifies