My last blog was about the hacking incident that one of the popular websites in Nelson was hacked through a DNS attack. In that blog, I discuss the cause of DNS attacks, its types and the general overview of the scenario faced by the organization.
In this blog, I will be discussing the mitigation step for DNS hijacking.
In general, DNS hijacking can occur at the end of the client system, in the name server or resolver and at the end of site owners. Here are some of the common mitigation method anyone can implement.
Mitigation Methods for the end-user
The end-user can protect from DNS hacking by installing security measures in their machines like installing and updating anti-malware software, activating firewalls, using an alternative trusted DNS service like google public DNS, cisco OpenDNS if the ISP is hacking their DNS.
Mitigation Method for Name Server or Resolver
Since Name servers are highly sensitive that can be hijacked using DDOS attacks. So there must be strong security measures. Here are some of the steps that can be done for the security of the DNS resolver.
Monitor DNS resolver in the network
Placing firewall and controlling access from the outside network
Terminating unnecessary resolver
Restricting access to the name server by implementing multi-factor authentication, physical and network security, firewall and only permitting the authorized user to access the system
Updating patch know vulnerabilities Segregating authoritative name server
Restricting Zone request and transfer
Mitigation at end of site owners
The site owners that logs the DNS registrar can take the following steps to avoid the DNS hacking and redirecting to a malicious website
Secure the access of the server DNS registrar by implementing multi-factor authentication, restricting to certain IP to access DNS setting
Maintaining change Lock or client lock in the DNS registrar to prevent changes to DNS records
Using a trust-able alternative DNS name server with restricted Zone that avoids DNS poisoning, hacking or DDOS attack.
Comments