Tag: networks

Learning something new: DNS vulnerability

I had previously been (woefully) unaware of the opportunities for abusing various naming systems

(NOTE: this post deals with a particular company, and though they didn’t sponsor it, I was the grateful recipient of some excellent swag from them at an industry conference, and promised to write an article as thanks!)

A year ago, I visited RSA Conference North America in San Francisco. This was far from my first trip to RSA, which is one of the great (and probably the biggest) global security conferences. There’s a huge exhibitor hall – in fact, several – and many people attend just this, rather than the full conference. I always make a point of having a look at all of the different booths to see if there are any new companies or organisations in the areas that interest me or to find out about things I was previously unaware of. There are people using all kinds of incentives to try to get you to pay attention to them, from food to magicians, from give-away swag to prizes. I’d been doing a lot of walking around and was tired, and happened to discover quite a large booth which had some little seats to sit on. The deal, of course, was the if you sat down, you had to listen to the company pitch – and at the end, they’d do a prize draw and you might win something fun.

At it happened, I’d not heard of the company before and didn’t really have much interest in what they seemed to be talking about – DNS security, it looked like – but I really needed to rest my feet, so I sat down and reminded myself that I had a chance of winning something, even if the subject was as boring as many of the pitches I’ve heard over the years.

It turned out not to be. The company was Infoblox and, to my surprise, I went back several times to find out more about what they do and the research they publish. I went back even after I’d managed to secure one of their prizes, what they do is specialise in an area which I had previously known almost nothing about. On leaving the conference, I promised to write a blog post about what they do, as a gesture of thanks. And I realised as I was preparing to travel to RSA this year (it starts next week, at time of writing) that I’d never fulfilled my promise, and was feeling about it, so this is the post, to assuage my guilt and maybe to prompt you, my dear reader, into finding out more about network security solutions, or what they call DDI (DNS, DHCP, and IPAM) management.

Most companies at exhibitions and conferences spend most of their time telling you about their products, but Infoblox took a different approach – which I heartily recommend to anyone in a similar situation. Rather than just pitching their products and services, they presented the research that they do into the various vulnerabilities, bad actors, criminal traffic distribution systems (TDS) and rest. They had the researchers talking about the work, and made them available after the brief pitch for further questions. Did they mention their products and services? Well, yes, but that wasn’t the main thrust of the presentations. And the presentations were fascinating.

I had previously been (woefully) unaware of the opportunities for abusing the configuration and control of the various naming systems around which our digital lives revolve. I suppose that if I’d thought about it, I might have realised that there would be bad actors messing with these, but the extent to which criminal – and state-sponsored – actors are using these systems shocked me, if only because it’s an area of security that I’d hardly thought about in the 30 or so years that I’ve been in the field. Criminal gangs hijack domains, trick users, redirect traffic and sometimes camp out for years in quiet areas of the Internet, ready to deploy exploits when the rewards seem worthwhile enough. I’ve written over the years about attackers “playing the long game” and biding their time before employing particular techniques or exploiting specific vulnerabilities, but the sheer scale of these networks honestly astounded me. I can’t do justice to this topic, and the very best I can offer is to suggest that you have a look at some of the research that Infoblox provides. They do, of course, also provide services to help you protect your organisation from these threats and to mitigate the risks that you are exposed to, but as I’m not an expert in this particular area, I don’t feel qualified to comment on them: I recommend that you investigate them yourself. All I can say is that if Infoblox do as thorough and expert job around the services they provide as they do in their research activities, then they’re definitely worth taking seriously.

Photo by Alina Grubnyak on Unsplash.