It’s amazing how the guidance of old can stay relevant or become even more prudent over time. Enter DNS Security, where guidance for improving the security has long been ignored and not adopted.
What is DNS Security?
Here’s a brief overview for the lay person. Get out your pocket protector and prepare for nerdification.
DNS Security is making sure when you type in “www.somewebsite.com” you actually get to the legitimate website, and not the “evil twin” imposter hosted by a baddie.
Think of DNS as a phone book. When you want to call a business, you look up its phone number. When you do so, how do you find the number? By looking up the name of the business, of course! For instance, Secureside can be reached at 888-555-1234. Well, DNS is the phone book equivalent for browsing the web. Hence, DNS stands for the name “Domain Name System.” It’s all about the NAMES.
- Want to go to ‘google.com’? You can find that at 172.217.23.142.
- ESPN? 52.222.158.29
- Or put .33, .193, .239 instead of .29 at the end, just like multiple business numbers or extensions!
Every website is actually tied to an IP Address. You may be familiar with your home network IPs – 192.168.1.5 or similar. Well, all of the IP addresses of the world range from 1.1.1.1 to 255.255.255.255. How many of these are there?
2^32 = 4E9 or 4,294,967,296
Amazing. Now, you probably already reached the conclusion that it would be impossible to have a working Internet if we only relied on the numbers themselves. Would it be more secure? Probably, but it would be SO unusable. Remember:
You want to be
HERE
Security >—————————|————————-< Usability
So now that you have earned your DNS tech geek badge, let’s get to the point: DNS Security is still crap, despite all of the warnings, guidance, and current pushes to make it better. Want to know all about it? Google it.
Why am I bringing DNS Security up now?
COVID-19 and the rise of a new era of remote workforce criticality.
Now that the whole world has people working from home, we have arrived in an unprecedented situation as far as user exposure outside of the protective umbrella of the corporate network. Sure, remote work has been around for a while. But, in general, laptops and mobile devices dock with the mothership when personnel come on-site at work. Hackers still mostly target businesses proper because people do most of their work while they are, in fact, at work. Hacking home networks may bear fruit, but much less. Well, now things are different.
Here’s the new situation – you are now home for 8+ weeks behind a home router that is insecure. In general, home routers:
- Do not get patched by vendors
- Do not offer SMB or Enterprise-grade security
- Have default settings, which means they are not hardened (default password ‘password’ anyone?)
- Are not designed to withstand or defend against cyber attacks
Home networks also:
- Have all kinds of devices on them, including insecure IP cameras and IoT devices
- Are not monitored by anyone at all
- Could have persistent malware infections just waiting patiently for the right time to attack
Problems brewing? Yes. Big ones.
I’ll be writing another article to illustrate why endpoint protection must evolve drastically, but for now let’s circle back to DNS Security and close this out.
Your router provides the DNS lookup service. When you open Chrome/IE/Firefox/Safari and type in for ‘wizards.com’, your home router tells your device the IP address to it can connect. To hack your session, all an attacker has to do is compromise the DNS service on your router. If an attacker controls this service, instead of going directly to ‘wizards.com’, you can be taken anywhere. The biggest concern for me is if you go to office.com, dropbox.com, or a major service, and you land on an evil twin site.
Evil twin sites look the same as the real site, and much like a jeweler or antique roadshow guru spotting a fake, you won’t know the difference. Now you are exposed and at high risk of infection and credentials being stolen. What happens next?
- Enter your username. Enter your password. Thanks, now I have your credentials. I download all of your data, try your password against every other service out there. If you re-use your password everywhere, you are done for.
- Pop-up message, “Please install the latest plugin” or “latest version on your desktop” or “update your browser”, all of these followed by “click here” link. You think, “Oh my, I have to stay secure” and then you click. Now you are doomed.
- Perhaps the worst case – you load the evil twin site and your browser and operating system are out of date with critical vulnerabilities. Malware downloads and installs without you clicking or knowing it. How long will that malware be there before you or anyone else notices? Does it spread to everything on your network?
How do I protect myself or my business?
The general answer here is straightforward – run a solution that detects and prevents these sorts of things from happening. If you don’t have one or are curious to learn more about business protection solutions, reach out to us at info@secureside.io and we’re happy to help from there.