Recent years have seen the re-emergence of a type of threat that many of us in the cyber-security industry had hoped was a thing of the past. DNS hijacking attacks work by redirecting users to fake or malicious web pages and operate in such a simple way that they can be very hard to detect and combat.
In order to understand what DNS hijacking is, it is necessary to know how your computer knows where to find websites and other services. Though websites are typically identified by the .com or .net address that we type into a browser, in reality, all web hosts are assigned a unique IP address, just like all other computers and devices. The domain name system (DNS) is the global service that translates fully qualified domain names (for example www.eccouncil.org) into the IP address.
Protecting Yourself: Do The Basics First
Since the most common way in which DNS hijacking is implemented is through man in the middle or malware attacks, the techniques you can use to protect yourself are very similar to those used to guard against many other forms of attack.
Primarily, this means doing all the basic stuff that you are already doing (or should be) to protect yourself online. Use updated security software, and make sure that security patches and updates are installed on all your hardware as soon as they are available. Avoid clicking on suspicious links in emails or on social media, and be wary of sites that you are not familiar with or that look untrustworthy. Protecting your router is also an important factor in combating DNS hijacking attacks. Make sure that your change the default admin username and password for the router, as every hacker on the planet knows the default ones!
Other forms of DNS hijacking are more difficult to avoid. You cannot do anything about a website being compromised, for instance, but you should be able to spot unusual pop-ups or other elements in pages that you visit regularly. You should also avoid using public Wi-Fi networks to send or receive personal information, or to log into sites that require a password or username. You should also be very suspicious of public networks that allow you to log in without presenting you with a ‘terms of service’ page.
Shore Up Your DNS Security
There are also more specific ways of protecting against DNS hijacking. A good first step is to implement Domain Name System Security Extensions (DNSSEC) on all your machines. This is an industry-wide security standard that allows domain owners to monitor traffic on their own domains, and thereby check for suspicious activity. Domain owners are also able to register their Domains’ zones, enabling DNS resolvers to verify the authenticity of all DNS responses.
Another good way of protecting yourself against DNS redirects is to change your default DNS server. By default, computers and routers will connect to the global DNS service based on your local internet service provider (ISP). For example, if you subscribe to a Comcast internet package, then you have access to Comcast’s version of the DNS database, which will typically route your traffic in the most efficient manner.
However, there are third party options available that can take over responsibility for DNS routing. [5] Two of the most popular services are OpenDNS and Google DNS, both of which offer free solutions. By simply redirecting your router’s DNS settings to the third party addresses, you can bypass your ISP completely.
If you change your DNS server, though, be wary of any DNS solution that does not come from a reputable company or nonprofit organization. Giving control of your DNS addresses to a rogue group could actually increase your risk of DNS hijacking. The most secure solution is a paid offer from OpenDNS, which will automatically filter out suspicious traffic from fraudulent websites.
Encrypt Connections
Virtual private networks are most commonly associated with businesses or individuals who want to make remote access possible through secure channels. But the advantages of VPN services extend to other aspects of networking, including protection from DNS hijacking.
When you configure a VPN connection from a computer or mobile device on your local network, an encrypted tunnel is created between your ISP and the VPN host. Information between these endpoints cannot be hacked or stolen. This works in a similar fashion as third-party DNS tools, as a VPN will bypass your router settings and perform DNS lookups automatically.
Be warned, however, that not all VPNs are created equal. There are in fact (at least) four different types of VPN, ranging from client-level browser add-ons to more secure ‘tunneling’ systems like IPSec [6]. Just like with DNS alternatives, you need to be able to trust the developer of the VPN solution you choose. While there are hundreds of companies selling VPN services – as with the DNS tools mentioned above – the pool of choices that provide service worth paying for is smaller. MUCH smaller. You should be aware some VPN providers will filter your network traffic, block certain websites, and even log your browsing habits.
In general, OpenVPN is generally considered to be the best protocol for VPN traffic [7], many people prefer to use L2TP/IPSec because these protocols can improve performance over encrypted connections. However, if you are are using a VPN to protect against DNS hijacking, or in fact, any other threat, do not use L2TP/IPSec if you can help it. Put simply, it is not as secure as a fully featured VPN service, and a slightly slower connection is a small price to pay for greatly improved security.
Keep Vigilant
If a hacker manages to infiltrate your local network and launch a DNS hijacking attack, the impact could be felt in a number of ways. [8] First, you may notice that web pages are loading slowly or appearing differently then they did before. This is evidence of a spoof attack, where the hacker has redirected your browser to a dangerous look-alike of a popular website, such as Apple or Amazon’s homepage.
Cross-site scripting (XSS) attacks are often paired with DNS hijackings, as they will allow hackers to obtain private information through a web browsing session. For example, XSS can allow for rogue JavaScript code to be run and initiate a pop-up window or automatic redirect. From there, any entry of email addresses, passwords, or other personal information can be stolen and used with malicious intent.
The simple rule for protecting against XSS and similar attacks is to always be mindful of what URL your browser is pointing to. If the domain portion of the address, which contains the .com or .net, looks unfamiliar then you should immediately close the browser and check your DNS settings for potential vulnerabilities. It’s also important to verify that the website you’re viewing has a valid secure sockets layer (SSL) certificate, indicated by the lock icon in the top address bar. You should never enter credit card numbers or personal information into a web form that is not secured with SSL.
Final Thoughts
Obviously, no solution is foolproof but just in case you presume yourself to be residing in a magical bubble of invulnerability from hack attacks like DNS hijacking, let us be the ones to say you probably aren’t.
This kind of nefarious behavior hits real computer systems and hurts real people every day. You’re not immune. Please take the preceding cautions to heart and you just might jam up a few bad guys along the way.
No comments:
Post a Comment