The Domain Name System (DNS) security directly impacts both end users and service providers, as the system’s critical nature makes it a sought-after target for those attempting to compromise or disrupt Internet services via DNS attacks.
DNS is the Internet directory that allows the translation of domain names/URLs into IP addresses and is a critical component of how users are able to interact with the vast number of resources at their fingertips. DNS is deployed in a hierarchy where root level DNS servers communicate with top-level domains, top-level domains with domains below them, and so on. Depending on how an organization implements DNS, they might manage and be responsible for a DNS subdomain.
A survey by EfficientIP of 1,000 security and IT professionals found that 77% of organizations were subject to a DNS-based attack, and the average cost of downtime, response, and business loss due to a DNS attack was $715,000.
Common DNS Attacks noted by Infoblox include:
Managing a DNS system for your organization can be a daunting task given the security requirements that must be implemented. Fortunately, most of these attacks can be mitigated with proper technologies and configurations that guard against them.
Amazon Web Services offers services such as Amazon Route 53, Amazon CloudFront, Elastic Load Balancing, and AWS Web Application Firewall, which help create a dynamic barrier to defend your hosted infrastructure.
DNS configuration standards, including CIS benchmarks and DISA STIGS, along with other AWS best practices provide an accessible path to security and can be implemented to limit exposure. Adherence to the principles in those configuration best practices can now be monitored using Halo Cloud Secure’s newest integrations with Amazon Route 53.
Learn more about how Halo Cloud Secure can give you security visibility into your inventory of DNS and help you figure out your external domain exposures. Request a customized demo.