Ysera
Assistant Engineer
Assistant Engineer
  • UID634
  • Fans0
  • Follows0
  • Posts44
Reads:39536Replies:2

How to protect DNS - the heart of internet

Created#
More Posted time:Dec 9, 2016 15:50 PM
How to protect DNS - the heart of internet
Dyn, a US-based DNS service provider, suffered massive DDoS attacks at 19:11 on Oct 21, 2016, Beijing time, leading to the service suspension of many websites and access failures to a majority of US-based websites including Twitter, Spotify, Netflix, Airbnb, GitHub, Reddit and New York Times.
The red spots are regions with no access to the internet.

Many people may question why such an obscure DNS can have such wide influence? According to Wu Hanqing, chief security commentator of Alibaba Cloud, DNS is the heart of the internet, and also the security short slab of many enterprises. This DNS-caused paralysis didn't affect China, but it sounded the alarm for all enterprises to pay attention to security. Just image, what happens if a man has something wrong with his heart? Today let's talk about how to safeguard the “health” of DNS.
What is DNS?
Dyn, suited in Manchester, New Hampshire, the US, is a major domain name server (DNS) provider in the country. The domain name is the starting point and entry for netizens to visit the internet and also the basis of global internet communications. DNS, as a system ensuring the normal usage of hundreds of millions domain names in the world, is important infrastructure of the internet.
Who is to blame?
The large-scale network paralysis is a result of the DDoS attacks to Dyn servers. DDoS stands for Distributed Denial of Service. The most basic DDoS attacks refer to that the hackers utilize reasonable service requests to occupy as many service resources as possible, resulting in no service response to the users' requests. When the Dyn was under DDoS attacks, the DNS query requests of many netizens failed to be completed, and users could not visit Twitter, GitHub and other websites through the domain name as a result.
How far is DNS-caused network paralysis from us?
Such “tragedies” are not exclusive to the US. There have been many DNS-caused internet failures in China. The most severe DNS fault in the Chinese mainland happened on January 21, 2014. All the generic top-level domains (.com/.net/.org) suffered DNS cache poisoning. All the domain names pointed to an IP address (65.49.2.178) in the US. Some websites reported that: At present, the domestic hacking attacks have formed an industrial chain. The internet is full of attacking tools and trojans, providing convenience for attackers. Some hackers even put a clear price on their services. For example, 1GB of traffic to a website for one hour is priced at only 50 yuan on the internet. After the hackers master some kinds of attacking “weapons”, they may be driven by the benefits, or become actively hired to attack some high-profit industries, such as the finance and gaming industries.
The security risk is approaching the internet of all?
According to foreign media, the zombie networks targeting IoT devices may be an important source of this DDoS attack. The chief security officers of Level 3 Communications, a backbone internet service provider, said around 10% of Mirai-infected devices participated in this DDoS attack. With the internet of all, Wu Hanqing holds that the Internet of Things will definitely invoke a lot of security issues. While the just-over “Black Friday” only miniatures the future security issues. At present, there are around 600,000 zombie or trojan-injected IoT devices in the internet. If these devices wage attacks together, they can easily initiate a nearly 1T of traffic flood attack (equivalent to the traffic of a province in China). “Generally, companies are not capable of combating against the attackers any more,” said Wu Hanqing.
How to avoid CDN-caused network paralysis
Dyn of the United States provides users with DNS hosting and parsing services, as one of the internet infrastructure. The impact of DNS attacks is very large. In China, Alibaba Cloud also provides DNS hosting services for users.
Alibaba Cloud integrates Alibaba Cloud DNS into the high-defense services and improves the parsing capability of DNS utilizing the elastic extension features of cloud computing. It also establishes a full-chain security system between network access and website access. The peak defense capability of Alibaba Cloud DNS cluster is: 300G+, 500 million QPS. At the same time, Alibaba Cloud deploys seven major BGP (Border Gateway Protocol) rooms around the world, with the access data going effective within seconds, meeting the access needs of users in different regions around the world.
Alibaba Cloud: World-class security service
Every day, Alibaba Cloud helps 37% of websites in the Chinese mainland to defend against 800 million attacks successfully. Every day, Alibaba Cloud identifies and defends against attacks from 35,000 malicious IP addresses, defends against 2,000 DDoS attacks, 200 million brute force password-cracking attacks and 20 million web attacks. In the just-concluded 2016 G20 summit in Hangzhou, Alibaba Cloud provided a large number of professional security and Managed Security Services to protect stable operation and news transmission of the G20 official website and government and civilian websites in Zhejiang province. In specific, Alibaba Cloud Security Anti-DDoS system successfully defended against nearly 30,000 DDoS attacks, with the peak value reaching 439.7 Gbps; The web application firewall successfully defended against more than 100 million attacks during the G20 summit, including SQL injection, XSS attacks, and code execution among other malicious attacks.
[Cloudy edited the post at Dec 26, 2018 17:42 PM]

Kash1999
Intern
Intern
  • UID9291
  • Fans0
  • Follows0
  • Posts12
1st Reply#
Posted time:Sep 16, 2021 15:39 PM

If you are using any kind of technological solution in the modern era then you will have to make sure that you are completely safe from each and every type of threat out there as we might have moved towards the digital era at a very fast pace but at the same time, we have to deal with a long list of issues, especially related to the world of hacking and security. Well, if you are not going to take special measures to keep your technological solution safe then you might have to deal with a disaster that is going to shut your business forever and your dream of making your business successful will vanish.

Well, the same thing can be said about DNS as well. One of the most important things that you will have to understand here is that DNS is the heart of the internet and if you will not take steps to keep your DNS safe then you might have to face hacking issues. Even the criminals out there know that they can target the DNS and get the important information out of the user or the business and this is why almost all the businesses out there have started working on keeping their DNS safe. We can say that DNS is the basis of global internet communication and this is why it holds so much importance. Here are a couple of things you can do to keep the DNS safe.

Two-factor authentication

One of the best things that you can do to keep your DNS safe is to start using the power of two-factor authentication. With the power of two-factor authentication, you will be able to keep all the evil-minded people looking forward to hacking your data at bay. You should know that in the basic login system, you just have to enter your password and login-id and you are good to go but in the powerful two-factor authentication system, you will be sent an OTP to your registered mobile number, every time you will try to log in and there is no way you can access the files without entering the OTP. This is what makes security layers like two-factor authentication safe for each and every type of user.

Keep the server up to date

Another important thing that you can do for keeping your DNS server safe from each and every type of attack is to keep the server always updated. There are many people or business owners out there who don’t give much attention to keeping their DNS server up to date and this is where the real problem begins. Every update comes along with a new security update and new layers of security are also added to the server which makes the DNS server ultra-secure. So, always keep tabs on new updates and make sure not to use outdated DNS servers as this will make your data and applications vulnerable to security threats and then you will have to deal with a long list of issues related to data security.


Rockdean
Intern
Intern
  • UID11992
  • Fans0
  • Follows0
  • Posts1
2nd Reply#
Posted time:Nov 24, 2021 20:15 PM
I use cloud flare to protect my tennis stringing machines network to protect DNS.
Guest