Tuesday, 4 June 2013

Intruder Alert

By Raul Bernardino

Introduction:
The “Domain Names Systems (DNSs) are supporting the internet infrastructure to resolve the host names to the internet protocol (IP) or from IP to the host names,” (Davidowicz, D. (1999). The function of the DNS is similar to the telephone directory, in which is helping human being to easily memorize the host names rather than computer numeric addresses. The fundamental functions of the DNS are follows:
  • Forward resolution: The forward resolution known as translating from host name in to the IP address
  • Inverse resolution: The inverse resolution known as translating the IP address in to the host name

Initial the DNS is designed with a security embedded. It is public database and not restricted of the accesses. Therefore, it is vulnerable and the bad guy can be intercepted the message, as it shows in the below diagram:


How DNS Poisoning happen?
First of all DNS resolves the query internally then if it is not found, the DNS server will be passing the query to the other servers. The following server may contain wrong information and replying to the requested server.  Here is the caching of the poison happened as it shows in below diagram:


The host-1 is willing to browse 'ourdns.example.org'. The local server has not have the answer. The local server then passing the query to the other server and other server responding with the 'brokendns.exemple.org' information. It is now cached in the local server. From now on, anyone from the same network that request or browse the address of 'ourdns.exemple.org' the local server will be giving the wrong information. Here, we called DNS cache poisoning. The attacker can be used this opportunity to establish communication with the host-1 as the victim.
The attacker intentional formulate misleading information with the rogue server name as it shows in  the below diagram:



 The established communication called spoofing of the host name.

How to prevent?
To prevent and minimized the DNS cache poisoning, the network administrators are adding firewall, proxy, Gateways, and Intrusion detection system.
The firewall is isolating a private network to the internet connection in which to allow several packets to pass through and also block several packets, as it show in the below diagram:

The gateway or router firewall: The gateway application functions as follows:
  • Filtering the packets on the application data as well as on the TCP/IP/UDP
  •  Allowing several internal users to use telnet to communicate outsider as it shows in the below diagram:



The intrusion detection system (IDS) as follows:
  •  Filtering Packets: The packet filters are operation on the TCP or IP headers and it is not related to the check among session
  • IDS: The IDS has a deep inspection to the packets such as to identify the strings with the antivirus data-base and attack string. It is also examining the related packets over port scanning, network mapping, and Denial of the service attack

As it is shows in the below diagram:
In conclusion: DNS is designed to be a public data-base and have no security embedded. Therefore, we have to configure our network with firewall or router firewalls whereas to minimized the attacks and prevent the spam’s or viruses going to our network.
References list:
  1.  Kurose, J.F. & Ross, K.W. (2010) Computer Networking: A Top-Down Approach. 5th ed. Boston: Addison Wesley
  2. University of Liverpool/Laureate Online Education (2011) Lecture notes from Computer Networking Module Seminar 7 [Online]. Available from: University of Liverpool/Laureate Online Education VLE (Accessed: 16  September 2011)
  3.  Security in the Network, [Online]. Available from: http://www.informit.com/articles/article.aspx?p=31339&seqNum=2  (Accessed: 17 September 2011)
  4.  Davidowicz, D. (1999), Domain Name System, [Online]. Available from: http://compsec101.antibozo.net/papers/dnssec/dnssec.html  (Accessed: 17 September 2011)

No comments:

Post a Comment