![]() ![]() Instead, they could visit websites using human-friendly names like. And since there are too many websites on the Internet for a computer to store a comprehensive list of corresponding domain names and IP addresses, this task is outsourced to designated DNS servers. You probably use DNS thousands of times a day without knowing it – every time you connect to a website, open a mobile phone app, or update software, your device queries DNS servers to find the IP address associated with the domain. That’s why we often refer to DNS as the foundation of the internet. Research DNS-layer security solutions and you’ll quickly find that they come in two varieties: recursive DNS security and authoritative DNS security. Understanding the difference between these two options requires knowing a bit more about how the domain name system works. Let’s go back to our phone book analogy for a moment. Your browser needs a copy of the phone book in order to find the corresponding IP address for that domain, so: Imagine you sit down at your computer and type into your browser.Your computer connects to a recursive DNS server (sometimes called a DNS resolver).There are thousands of recursive DNS servers across the world, and most users rely on the resolvers provided by their ISP or cellular provider.Your computer asks the recursive DNS server, “What’s the IP address assigned to ?”.The recursive DNS server connects to an authoritative DNS server that holds a copy of the phone book matching the IP address of the Cisco Umbrella website with its associated domain name.The authoritative DNS server sends the right IP address to the recursive DNS server, which sends the information back to the computer (and browser) that requested it.Your computer connects to the Cisco Umbrella server using the IP address, allowing the website to load.Whew, that was easy! Well, it was easy for the computer and DNS servers at least – this whole process usually happens so quickly that users don’t notice it happening unless something goes wrong. But plenty can go wrong – a DNS server outage will prevent users from connecting to websites, while slow DNS servers will bring website load times to a crawl. And that’s not even accounting for DNS security compromises. You’d think that a system which functions as the bedrock of internet connectivity would be designed with cybersecurity in mind. ![]() In fact, unless you’ve invested in DNS-layer security, odds are that none of the solutions in your security stack even inspect DNS activity. In most instances, DNS packets – which normally contain IP address information – enter networks through unblocked ports without first being inspected by security protocols. Furthermore, DNS activity in a network is almost never monitored. This makes the DNS layer into the perfect blind spot for cybercriminals to exploit. Many of today’s sophisticated attacks rely on DNS activity. Malware, ransomware, phishing, and other scams often use DNS to stage the internet infrastructure used to support each stage of their attacks. ![]()
0 Comments
Leave a Reply. |