CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [133]
A registrar manages your domain name. Most registrars require an annual renewal fee. If these fees aren’t paid, another company will be able to hijack your domain name. Such hijacking has embarrassed many organizations.
DNS servers can be used internally for private functions as well as externally for public lookups. DNS-related attacks aren’t common, but they generally come in one of three types:
Domain Name Service Denial of Service attacks Domain Name Service Denial of Service (DNS DoS) attacks are primarily aimed at DNS servers. The intention is to disrupt the operations of the server, thereby making the system unusable. To address these attacks, make sure your DNS server software and the operating system software are kept up-to-date. Doing so will tend to minimize the impact of DNS DoS attacks.
Network footprinting Footprinting is the act of gathering data about a network in order to find ways someone might intrude. When you footprint, you’re looking for vulnerabilities and any means of entry. A great deal of information about your network is stored in DNS servers. By using one of the common DNS lookup programs, such as NSLOOKUP, an attacker can learn about your network configuration. DNS entries typically include information pertaining to domain names and mail, web, commerce, and other key servers in your network. Keep the amount of information stored about your network in external DNS servers to a bare minimum.
Compromising record integrity DNS lookup systems usually involve either a primary or a primary and a secondary DNS server. If you make a change to a primary or secondary server, the change propagates to other trusted DNS servers. If a bogus record is inserted into a DNS server, the record will point to the location the attacker intends rather than to a legitimate site. Imagine the embarrassment to a corporation when its website visitors are redirected to a competitor or, even worse, to a porno site. Make sure all DNS servers require authentication before updates are made or propagated. Doing so will help ensure that unauthorized records aren’t inserted into your servers.
DNS poisoning is a problem that existed in early implementations of DNS. It hasn’t been a serious problem for a while, but you should be aware of it for the exam. With DNS poisoning (also known as cache poisoning), a daemon caches DNS reply packets, which sometimes contain other information (data used to fill the packets). The extra data can be scanned for information useful in a break-in or man-in-the-middle attack.
A similar attack, Address Resolution Protocol (ARP) poisoning, tries to convince the network that the attacker’s MAC address is the one associated with an IP address so that traffic sent to that IP address is wrongly sent to the attacker’s machine.
Hardening NNTP Servers
Network News Transfer Protocol (NNTP) servers provide the capability for delivering network news messages. NNTP servers are also commonly used for internal communications in a company or community. These newsgroup servers should require authentication before accepting a posting or allowing a connection to be made.
NNTP servers in many public settings have become overwhelmed with junk mail. Moderators, as well as automated tools called robots, are usually used to screen as much of this junk as possible from subscribers. Newsgroups that don’t use these types of approaches have become virtually useless as communication tools.
NNTP servers can become overwhelmed by spam and DoS attacks. Many newsgroups started out as small groups of users who shared a common interest. Typically, newsgroups use a moderator to ensure that spam messages aren’t propagated to subscribers of the newsgroup. However, some newsgroups have grown to include tens of thousands of members worldwide, and the amount of traffic or messages on these servers has long since surpassed the level