| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
BIND
|
|
Domain Name System (DNS) Security The Domain Name System (DNS) is vital to the Internet, providing a mechanism for resolving host names into Internet Protocol (IP) addresses. Insecure underlying protocols and lack of authentication and integrity checking of the information within the DNS threaten the proper functionality of the DNS. The Internet Engineering Task Force (IETF) is working on DNS security extensions to increase security within the DNS, known as DNSSEC. These security issues and solutions are presented in this paper.
By Diane Davidowicz, 04/22/2004
|
|
DNS Cache Snooping This research paper presents a technical overview of the technique known as DNS cache snooping. Firstly, a brief introduction to DNS is made followed by a discussion on common misconceptions regarding DNS sub-systems. Then this relatively unknown technique is introduced, followed by a field study to assert the overall exposure of the Internet to this threat. Also, a set of devised abuse scenarios that rely on cache snooping is presented. This paper concludes with recommendations on how to reduce exposure to this problem, including proposed changes to the BIND DNS server implementation.
By Luis Grangeia, 04/22/2004
|
|
Sidewinder 5.1 Split DNS Architecture This paper provides an operating system overview of Sidewinder, a short overview of a Generic Split DNS Architecture, and explains Sidewinder's Secure Split DNS Architecture. It also outlines two (2) important additional DNS security statements that should be included in all Name Server configuration files.
By Charlene Keltz, 04/05/2004
|
|
The Achilles Heal of DNS One of the four categories of Denial of Service (DoS) attacks list by Scambray, McClure, and Kurtz is "Routing and DNS attacks."1 This refers to attacks which corrupt the information these systems use to perform their functions. Information Poisoning, though more general, is a more accurate term for categorizing these types of attacks. It is also more inclusive of attacks such as ARP Poisoning which employ similar tactics and are possible because of a common vulnerability. Each of the protocols associated with these attacks either completely lacks or has very poor methods of authentication. Attackers capitalize on this weakness to undermine the trust relationship between two systems. This paper will attempt to illustrate consequences of this deficiency. Buffer overflows and other attacks on specific software that implement DNS will not be covered.
By Christopher Irving, 03/23/2004
|
|
DNS Security Considerations and the Alternatives to BIND This paper is going to discuss the important considerations of the DNS Security. Due to the continuous break-ins to BIND 8 (one of the most popular choice of DNS server) in the past, this paper proposes either (a) securing your BIND 8 by running as an unprivileged user with chrooting into jail, (b) upgrading to BIND 9 and securing it running as an unprivileged user with chrooting into jail or (c) switch to using other alternatives. By the end of this paper, the reader will have some ideas on a more secure implementation of the DNS server.
By Seng Chor, Lim, 03/23/2004
|
|
Current Issues in DNS Security: ICANN's November 2001 Annual Meeting After a brief, policy-level introduction to DNS and ICANN, this paper summarizes the results of a 4-day meeting held during November 2001 on DNS security issues. The discussions addressed three primary topics: existing DNS security measures, the security risks in the DNS and number management, and the responses by ICANN and the community.
By James Sweetman, 03/23/2004
|
|
Defense in Depth for DNS This paper will focus on security for the most widely used DNS server on the Internet, namely the Berkeley Internet Name Domain (BIND). Some of the perimeter defense techniques may be applicable to other implementations of DNS. In this paper we will be taking a layered approach to DNS security. First, we will investigate configurations on the DNS server itself to secure it. Next, will be a section on perimeter defenses to protect your DNS server, and lastly, is a section on backup considerations for DNS. With the application of proper precautions to your DNS servers, you can mitigate many of the risks and vulnerabilities associated with the service. As always, a prudent DNS administrator should also keep up with the latest news about bugs or vulnerabilities to stay ahead of the malicious hacker.
By Cheng C. Teoh, 03/23/2004
|
|
Why is securing DNS zone transfer necessary ? What can be done to secure your DNS information? DNS queries, zone transfers, and dynamic updates can be secured. This paper will focus on the reason for securing DNS zone transfers between DNS Name Servers. It will concentrate on the use of allow-transfer statement in Berkley Internet Name Domain (BIND) DNS to accomplish the goal of preventing DNS poisoning or spoofing.
By Steven Lau, 03/23/2004
|
|
How Secure are the Root DNS Servers? This paper is intended as an overview for a general audience. References and links are provided for those who want more technical insight. The purpose is to provide the current state of the root name server system and its operation. The reader will be left to do a final evaluation of the confidentiality, availability and integrity strength of the root name servers and the root name server system.
By Susan Baranowski, 03/23/2004
|
|
DNS, DNSSEC and the Future The domain name system (DNS) is the means by which hosts find out the IP addresses of other machines from their universal resource locator. The key to DNS is its hierarchical nature that makes delegation so easy. It is very important to set-up and document the DNS with best practices firmly in mind or the corporate system will crumble. The aim is to mitigate the risks of mis-configuration and attack so down time is kept to a minimum or compensated for by reducing the single point of failure.
By David Hinshelwood, 03/23/2004
|
|
Page: 1 2 |
