The internet is a cornerstone of our daily existence. It integrates into every aspect of our lives and is the underpinning of modern communication, work dynamics, and the way we access information across our personal and work lives. However, the foundation of the internet — the Domain Name System (DNS), a system that translates domain names into IP addresses, allowing us to access websites or other online services — remains a mystery to many.
A convergence of factors like increasing remote work, IoT connectivity and internet users’ expectations of seamless and secure online experiences are all drawing renewed attention to the need for reliable DNS solutions.
Advancements in DNS
The sudden transition to remote work in 2020 changed work as we knew it. Businesses scrambled to adapt their operations, and employees had to learn how to access information from disparate locations — inadvertently creating new vulnerabilities in their networks and making them susceptible to a multitude of cyber threats.
A recent Vercara survey revealed that 52% of respondents work outside of company offices, demonstrating that remote work is more than just a passing trend and return to office mandates are still not that prevalent. As individuals access sensitive corporate networks from disparate locations, the vulnerability of DNS infrastructure to cyber threats looms particularly large.
DNS technology has quietly continued to evolve to meet the demands of the modern internet landscape. While the core principles of DNS remain unchanged, several developments have emerged in authoritative and recursive DNS as a response to the shift to remote work, reshaping how organizations leverage DNS to support their distributed workforces. Some developments include optimization for remote access and enhanced security measures.
DNS security challenges amid remote work
With remote work came expanded networks, and with expanded networks came more connected devices and “Bring Your Own Device” (BYOD), which brought new and serious security concerns. Research also revealed that 58% of respondents access work accounts from personal devices, solidifying the need for increased security awareness for remote workforces.
According to IDC’s 2020 Global DNS Report, 79% of organizations experienced a DNS attack, and 82% suffered application downtime (cloud and in-house). Specifically, DNS hijacking attacks — which involve unauthorized changes to DNS settings, redirecting users to malicious websites, or altering DNS records to intercept traffic intended for legitimate servers — emerged as prevalent threats, jeopardizing the integrity and availability of internet services.
The shift to remote and hybrid working models, coupled with the more recent return to travel, presented new challenges for cybersecurity, as employees began connecting to corporate networks from various locations, such as public Wi-Fi networks, and devices, including personal laptops, tablets, and smartphones, creating new entry points for attackers to exploit. DNS hijacking attacks are particularly effective in compromising victim’s devices because they allow attackers to closely mimic legitimate services.
Using DNS to reduce security risks
Authoritative DNS services can provide capabilities to counter most common DNS based security threats. Services with integrated protection against DNS based DDoS attacks feature high-capacity networks and DDoS specific technology. Domain Name System Security Extensions (DNSSEC) is a feature in authoritative DNS that ensures that DNS responses you receive come from a valid source preventing DNS hijacking attacks.
Recursive DNS can also be used to provide an additional layer of security. The repercussions of a security breach or a successful ransomware attack are significant, with an average cost of $2.8 million per incident. However, the potentially devastating financial and operational consequences can be avoided by proactively implementing Protective DNS to help detect and mitigate threats in real time, safeguarding against unauthorized access and data exfiltration.
Protective DNS involves the use of security policies to control and restrict access to specific domains or categories of websites based on their reputation or content. By filtering out malicious domains and blocking access to phishing sites, malware distribution networks, and command-and-control servers, organizations can significantly reduce the risk of employees inadvertently accessing malicious content or falling victim to attacks.
Continuous monitoring of DNS traffic allows organizations to detect and respond to suspicious activity in real-time. By analyzing DNS query logs for anomalies, such as unusual query patterns, sudden spikes in traffic volume, or requests for known malicious domains, security teams can identify potential threats and take proactive measures to mitigate them before they escalate into full-blown security incidents.
The expanding role of DNS in security postures
Adept IT departments and application owners have been quick to adopt the various security capabilities that authoritative DNS has to offer. DDoS protection is an essential part of protecting the availability of DNS, and DNSSEC ensures the integrity of every DNS transaction.
Training employees and stakeholders on best practices for securely accessing corporate networks and identifying potential threats is a critical component of any comprehensive cybersecurity strategy. Fostering a culture of cybersecurity awareness and accountability can empower employees to take proactive measures against cyber threats. This is a good first step, but it is not enough. Attackers are persistent, well-funded and creative. Eventually, some users will make the mistake of clicking on the wrong link or attachment. This is where recursive-based protective DNS comes into play and prevents that user’s system from accessing the malicious content and completing the attack.
Understanding the critical role of DNS in maintaining connectivity and security is essential. By demystifying DNS and addressing the security challenges posed by remote work, we can ensure the resilience and integrity of the internet with confidence, protecting against emerging threats while embracing the opportunities that lie ahead.
