As cybercriminals look for new ways to attack organizations, the National Security Agency takes a hard look at how DNS can be manipulated and makes recommendations on how to secure it.
The bad guys are spending a lot of time focusing on the specifics of how network communications work, looking for ways to hijack, reroute, obfuscate, and overall utilize your network and its configuration as an asset to help make their cyberattacks more successful.
According to a newly release report by the NSA, organizations today need to include DNS in their list of security concerns. Cyber attackers work to both eavesdrop and manipulate DNS traffic as part of attacks. The NSA makes three recommendations in this report:
- Using only “designated enterprise DNS resolvers” so that DNS queries are being received from known-secure services that align with your organization’s cybersecurity defenses
- Use DNS over HTTPS (DoH) so that DNS traffic is encrypted to protect against eavesdropping and manipulation
- Have enterprise DNS resolvers point to known external DoH servers
While these changes in how your organization leverages DNS are intended to help to quickly and easily secure this portion of network communications, creating a more secure stance against cyberattacks, the reality is this may be one of those solutions looking for a problem. Sure, it’s possible that DNS traffic could be impacted by a man-in-the-middle DNS attack, but historically, DNS has only been used as a tunnel to move malicious traffic, or by modifying DNS client settings to point to malicious DNS servers.
I’m all for making the organization more secure, so as long as implementing the NSA’s recommendations are easy enough, sure – go ahead. But I wouldn’t necessarily put too much emphasis on this as an attack vector that requires all of your attention.