Categories
General Topics and tips Products

What is Domain Name System (DNS) Poisoning?

DNS Poisoning Definition:

Domain Name System (DNS) poisoning is a type of cyber-attack that chokes the DNS server to divert the web traffic to non-legitimate destinations. In addition, the user may receive a chain of unwanted unregulated events that can potentially harm the system. Let’s understand DNS poisoning step by step.

Updated On: june 30, 2021

What are DNS and a DNS server?

The DNS is like a telephone directory on the web. We, humans, are much more familiar with domain names rather than confusing IP addresses. But web browsers interact through IP address. So, DNS simply translates those domain names to IP addresses so the browser can retrieve internet resources and the end-user only has to remember the domain name. The process of converting a domain name into an IP address is referred to as DNS resolving.

How does DNS Caching Work?

DNS servers are a collection of servers that involves in the process of DNS resolution. It undergoes multiple steps like root name server, top-level domain name server, authority name server lookups. Giant service providers do the complete networking setup and provide DNS as a service to the end-user. Cloudflare, Google DNS, Quad9, ClouDNS, Akamai DNS are some of the most popular DNS providers.

DNS resolver basically helps in converting IP addresses to domain names. A DNS resolver will store the request queries for a certain amount of time (TTL –Time to Live). This is how the resolver will be able to serve the request more quickly without communicating further with other DNS networks.

Now let’s talk about DNS Poisoning:

Imagine a huge bunch of keys tagged with their associated correct locks🔐. Now the culprit rushes and shuffles the key tags intentionally and leaves the room. The manager will put a hell of a lot of effort but won’t get lucky in finding the key for a particular lock just because the tags are mismatched. Let’s relate this with DNS poisoning.

Domain Name Server (DNS) cache poisoning is an attack in which altered DNS records are used to redirect online traffic to a malicious website that resembles its intended destination. Here, locks are the IP addresses and tags are the DNS records. We won’t be able to open the lock until we attach the correct key. Same as this, traffic will be redirected to the wrong place until DNS records are inaccurate.

Basic graphical definition of DNS poisoning.

How is DNS poisoning done?

A DNS can become poisoned if it contains incorrect entries. Attackers poison the DNS records by impersonating the nameservers and alters the reply for that query. Hence, the user will get totally unexpected results. And if the DNS resolver fetches the wrong entry, there is no legitimate source to verify that value.

For example, if an unauthorized party gets control of a DNS server and changes some entries in it like pointing the domain X to some other IP address. So any user request for the domain X will be redirected to the incorrect IP (usually this IP belongs to attackers) and that website may breach the user privacy or data.

And as the theory says “poison”, it spreads.! Yes, with various poisoned DNS records, it may spread across the internet and incorrect entries will be cached.

DNS Poisoning Process:

Mostly, DNS services work on UDP protocol which is extremely fast but volatile at the same time. UDP protocol does not require any acknowledgment of the communication and there lies the whole trap. Whereas, TCP requires both ways of communication to initiate and verify the connection. With UDP, there is no such guarantee that a connection is open and the receiver is active and verify who the sender is. The attackers actually use this and perform the exploitation on DNS and pretend that the response is coming from a legit source.

This looks vulnerable but not as easy as it looks. The attacker has very little time to peak in and pass their entries as the DNS resolver also queries the authority name server.

The Great Firewall of China:

The Great Firewall of China is an example of DNS poisoning on a very large scale. One of the primary methods of query filtering that the GFW relies on is DNS response poisoning. When a query is poisoned by the GFW, the infected or altered result is returned. This leads to the inaccessibility of the websites which come under GFW compliance. Twitter, Facebook are some of the examples.

Solution:

DNS level security is the solution. We can implement some setup where we can verify the entries and their integrity. Adding a layer of cryptography is a plus. This will ensure that the records are original and not exploited in between. DNSSEC (Domain Name System Security Extensions) is a collection of extensions for securing data communication in DNS.

Using VPN is also a considerable workaround as it allows communication via encrypted tunnels and adds an extra level of security. Checkout VPN basics in this article.

Hits: 19

Categories
General Topics and tips Products Storage

Why File Sharing is Essential for Enterprises?

“TEAM”.! The word refers to “Together Everyone Achieves More”. Teamwork is the concrete element for any organization. By the digital transformation, all the businesses have made file-sharing paperless. And in such a scenario, without having a reliable way to run the same task one may end up messing the whole ecosystem.

Sesame Disk provides easy yet efficient file sharing and collaboration medium
Photo by Sharon McCutcheon on Unsplash

Due to enforced work-from-home caused by the covid-19 pandemic, the remote workspace has emerged and become essential for businesses to carry on their functionalities. As a result, the working perceptions are shifting to a modern approach and remote working is globally accepted even after the pandemic. Available tools and technology are some of the main reasons to make this transition so seamless.

There are mainly two categories of workspace file sharing applications: consumer-grade and enterprise-grade. Consumer-grade products offer basic collaboration facilities. We design such tools for day-to-day tasks and personal use. Whereas, business file sharing offers more features like automated workflows, file-based access control, document tracking, and versioning.

Secure, up-to-date, private file storage made easy.! Try Sesame Disk where we offer other services like web office, file sharing, etc..

Such a third-party provides offers ease of access by hosting the documents centrally with real-time sync. Besides, an efficient file sharing system can bridge the silo effects and improve employee productivity and well-being. Sesame disk offers full data control with backup strategies, making sure you never lose your critical data. Also, a simple yet effective interface with the admin panel helps organize data in a particular manner.

Today, file sharing tools are fast, affordable, and powerful with a wide range of options. But which one is right for your team’s requirement? Here, your primary focus should be security, ease of accessibility and collaboration, cost and time saving, and security compliance. We’ve quoted Sesame Disk quite a few times above which is a product primarily designed for core collaboration elements. When you choose our tool as your file-sharing strategy you unlock the powerful features that help to keep your team productivity at its peak.

Hits: 8