Networking / Beginners

Social Threat Mitigation

Although "user education" is desirable for preventing risks from similar hostnames and automatic name completion, it is not the only option:

Monitor Similar Domains: Constantly search for domain name variations. When similar hostnames are identified, DNS providers can be asked to shut them down. Although this is a complicated and time-consuming task, there are services that specialize in monitoring for similar domain names.

Lock Domains: Use domain registrars that support domain locking. This requires additional information such as account information or passwords to transfer domain names.

Use Valid Contacts: Providing one or more valid contact values in the domain registration permits users and registrars to contact the domain owner. But, this does not require specifying people's names or personal information-a social engineer could use this information to attack the domain owner.

24/7 Support: Select a domain registrar that provides round-the-clock support. Be sure the registrar can be contacted at any time in case there is a domain issue.

Self-Hosting: Large companies may choose to become their own registrar for their domain.

If a domain is hijacked, immediately contact the domain registrar. If the registrar is unavailable or unable to resolve the issue, contact the TLD. For example, VeriSign is the contact for .com and .net domains. In addition, ICANN can be contacted by emailing transfers@icann.org.

Optimal DNS Configurations

BIND is the most common DNS server implementation. There are many documents that specify how to tighten the configuration of BIND servers. Some of these documents include "Securing BIND: How to Prevent Your DNS Server from Being Hacked" (http://www.giac.org/certified_professionals/practicals/gsec/0756.php) and "Defense in Depth of DNS" (http://www.sans.org/rr/whitepapers/dns/867.php). In addition, the Internet Security Consortium offers many resources for configuring and securing BIND (http://www.isc.org/index.pl?/sw/bind/).

The availability of security-oriented server documentation varies between vendors. Although BIND has many supporting documents, other servers offer few resources (or none at all).

[Previous] [Contents] [Next]

In this tutorial:

  1. Domain Name System (DNS)
  2. DNS Common Uses
  3. Hostname-to-Address Mapping
  4. Common Lookup Tools
  5. Naming Confusion Attack Vectors
  6. Dotted Names
  7. Name Formatting
  8. Exploited Anonymity
  9. Mail Servers
  10. Sender Policy Framework Overloading
  11. Domain Keys Overloading
  12. DNS Protocol
  13. Packet Information
  14. Simple DNS Server
  15. Distributed Architecture
  16. Top Level Domain Servers
  17. Generic Top Level Domain (gTLD)
  18. Secondary Level Domain (SLD)
  19. Primary and Secondary Servers
  20. Caching Servers
  21. DNS Management
  22. DNS Direct Risks
  23. DNS Performance versus Security
  24. DNS Cache Poisoning
  25. Corrupt DNS Packets
  26. DNS Domain Hijacking
  27. DNS Server Hijacking
  28. Dynamic DNS
  29. Similar Hostnames
  30. Domain Renewals
  31. Hostnames
  32. Zone Transfers
  33. Host Listing
  34. DNS Fields
  35. Mitgation Option
  36. Technical Threat Mitigation
  37. Social Threat Mitigation
  38. Defining Trusted Replies