Dr. Frank Kardasz
November 29, 2017
Domain Name System (DNS)
A typical Domain Name System (DNS) works behind the scenes though servers located throughout the world that translate (resolve) common website hostnames into the more complicated Internet protocol (IP) addresses required for cyberspace communications. Each DNS server contains a database of public IP addresses and their associated website hostnames. Most servers are free for public use and operate at various capabilities. The servers routinely perform their translation service and then communicate the information to and from senders and destinations.
DNS servers operate with varying levels of efficiency and security. A nice listing of various DNS servers, including a list of their features, is provided by Lifewire at: https://www.lifewire.com/free-and-public-dns-servers-2626062
Domain Name Spoofing
Domain name spoofing can occur when a malicious actor creates a website with a common name that is closely related to the name of a similar site. The intent of the malicious actor may be to impersonate the legitimate site and to attract unsuspecting users to the fake site. When the victim visits the fake site, the offender might then expose the victim to malware, phishing or other malicious activity.
Many of the public DNS servers contain the common names and IP addresses of both benign and malicious websites without any notifications to the users about whether or not a site is malicious. Many users' computers are configured by default to send web traffic through DNS servers that do provide filtering protections.
Quad9 - A Threat Mitigator
A free service known as Quad9, with the IP address of 9.9.9.9, purports to mitigate some of the threats from malicious websites. The DNS servers controlled by Quad9 contain the names and IP addresses of websites that are known to be malicious. Users of Quad9 are prevented from visiting known malicious websites.
For Quad9 to work, users must re-configure their computers' DNS settings to direct the computer web traffic through the Quad9 servers. The Quad9 servers act as filters and block traffic from known malicious sites. The reconfiguration process is a simple change of each computer's network settings and is nicely described in videos at the Quad9 web site: https://www.quad9.net/#/#setup-quad9
=-=-=-=-=-=
The following information is directly from the Quad9 Web Site at: https://www.quad9.net/#/about:
Quad9 is a free, recursive, anycast DNS platform that provides end users robust security protections, high-performance, and privacy.
Security: Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting malware or phishing sites. Whenever a Quad9 user clicks on a website link or types in an address into a web browser, Quad9 will check the site against the IBM X-Force threat intelligence database of over 40 billion analyzed web pages and images. Quad9 also taps feeds from 18 additional threat intelligence partners to block a large portion of the threats that present risk to end users and businesses alike.
Performance: Quad9 systems are distributed worldwide in more than 100 locations at launch, with more than 160 locations in total on schedule for 2018. These servers are located primarily at Internet Exchange points, meaning that the distance and time required to get answers is lower than almost any other solution. These systems are distributed worldwide, not just in high-population areas, meaning users in less well-served areas can see significant improvements in speed on DNS lookups. The systems are “anycast” meaning that queries will automatically be routed to the closest operational system.
Privacy: No personally-identifiable information is collected by the system. IP addresses of end users are not stored to disk or distributed outside of the equipment answering the query in the local data center. Quad9 is a nonprofit organization dedicated only to the operation of DNS services. There are no other secondary revenue streams for personally-identifiable data, and the core charter of the organization is to provide secure, fast, private DNS.
=-=-=-=-=-=
Conclusion
Quad9 appears to be a useful cybersecurity tool, and it is free. Obviously, the administrators at Quad9 must keep their service up-to-date as newly-created malicious web sites can appear at any time. Quad9 will need to quickly add malicious sites to their servers so that their service can remain relevant.
One might also expect that the Qua9 servers could be hit with DDos attacks at some point in the future, because no good cybersecurity deed goes unpunished, and hopefully they are prepared for such an attack.
=-=-=-=-=-=
Questions and reference information for cybersecurity students:
What is a DNS Server?
Fisher, T. (2017). What is a DNS Server? Lifewire. Retrieved from
How does DNS works?
Quad9 DNS. (Nov. 15, 2017). How DNS Works. Quad9DNS. Retrieved from https://www.youtube.com/watch?v=kURzoJ0Qj9o
What is a Domain Name System?
Beal, V. (2017). Domain Name System. Webopedia. IT Business Edge. Retrieved from https://www.webopedia.com/TERM/D/DNS.html
What is the list of free public Domain Name Systems?
Fisher, T. (2017). Free and Public DNS Servers. Lifewire. Retrieved from https://www.lifewire.com/free-and-public-dns-servers-2626062
What is an Internet Protocol (IP) address?
Beal, V. (2017). IP address - Internet Protocol (IP) address. Webopedia. IT Business Edge. Retrieved from https://www.webopedia.com/TERM/I/IP_address.html
What is Recursion?
Computer Science Wiki. (2016). Recursion (in Computer Science). Retrieved from https://computersciencewiki.org/index.php/Recursion
What is Anycast?
IT Business Edge. (2017). Anycast. Webopedia. Retrieved from https://www.webopedia.com/TERM/A/anycast.html
What is a DDOS attack?
Beal, V. (2017). DDoS attack - Distributed Denial of Service. Webopedia. IT Business Edge. Retrieved from https://www.webopedia.com/TERM/D/DDoS_attack.html
What is Quad9?
Quad9. (2017). Community-Driven Internet Security. Quad9. Berkley, CA. Retrieved from https://www.quad9.net/#/about
=-=-=-=-=-=
MCMP650, BCC395, CJ1500, AJS524, AJS572, BCC401, BCC403
=-=-=-=-=-=
https://kardasz.blogspot.com/2017/11/dns-and-cybersecurity.html
=-=-=-=-=-=
=-=-=-=-=-=
https://kardasz.blogspot.com/2017/11/dns-and-cybersecurity.html
=-=-=-=-=-=
No comments:
Post a Comment
Thank you for your thoughtful comments.