What is DNS security?
DNS security refers to technology, protocols and other protective measures intended to prevent cyber criminals from initiating malicious attacks on an organization’s Domain Name Server, or DNS.
A DNS converts user-friendly web addresses to IP addresses that computers can read. The DNS layer can also be used as a point of enforcement for an organization’s outbound web requests, ensuring that employees and the organization’s systems can only reach acceptable and non-malicious websites.
Why is DNS vulnerable to attack?
The DNS layer is vulnerable to attacks because malicious actors take advantage of the plaintext communication between clients and the DNS server.
The need for DNS security
Email and the web are source of nearly all security incidents and breaches, and more than 90% of malware and domain spoofing attacks target uses the web – and DNS specifically – to successfully gain unauthorized access and compromise sensitive data. Yet despite the severity of this threat, a large number of organizations don’t monitor or filter their DNS activity at all.
This DNS security problem is made markedly worse by the trend toward a more mobile workforce, with users working outside the office – and outside the protection of corporate firewalls and other defenses. Employees also increasingly use work devices to browse Internet sites unrelated to their jobs, increasing the risk of an attack that used the web to enter.
Most organizations simply don’t have DNS security solutions that can effectively monitor the DNS layer to filter malicious or unacceptable uses of the web, and many organizations lack any DNS security defenses whatsoever. For some organizations, this may be due to a lack of resources. For others, it’s the reality of being saddled with disjointed, on-premises security systems that are rapidly becoming obsolete.
Mimecast Web Security provides a cloud-based solution that addresses these issues, enabling organizations to quickly, easily and cost-effectively add a DNS security-based service to their security portfolio.
Choosing a DNS security solution for your company
When choosing the best DNS solution for your organization, it may be helpful to look for services that offer:
- DNS activity monitoring: Monitors DNS layer activity and logs to help you spot unusual patterns that can signal risks.
- DNS protocol enhancement: Adds data privacy on top of the typical DNS to lower the chances of a malicious actor intercepting your queries and communications.
- DNS filtering: Filters access to a specific website's IP address rather than the domain name to help prevent attacks.
Stop threats with Mimecast DNS security solutions
As an industry leader in solutions for email security, cyber resilience and information archiving, Mimecast now also provides web and DNS security with Mimecast Web Security. This simple but highly effective service functions as a web security gateway to protect against malware and malicious web activity and usage that may be initiated by a user action.
When a user makes a request for a web-based resource – for example, clicking a link or typing an address into a browser – the request is sent to Mimecast Web Security for resolution, inspection and filtering. Mimecast evaluates the safety and acceptability of the web resource based on advanced threat intelligence gathered from visibility into tens of thousands of email and web security clients globally as well as using multiple types of analytics and threat intelligence sources. Mimecast also evaluates the web resource based on the organization’s acceptable use controls and bypass exceptions, which may deem certain websites or categories of web resources unacceptable for business use.
If the web resource is determined to be safe and acceptable, the user is allowed access immediately, without delay. But if the resource is found to be malicious or inappropriate, the user is blocked from accessing it and notified via a customizable block page.
Advantages of Mimecast DNS security services
Mimecast Web Security solutions are easy to implement and manage, and enable organizations to improve web security by:
- Blocking users from visiting malicious sites or sites that are inappropriate for business use.
- Protecting data from exfiltration.
- Protecting employees whether they are on or off the organization’s network.
- Preventing devices containing malware from communicating with the cyber criminals
- Inspecting files downloaded from the web to make sure they are free of malware and safe to open.
- Controlling the types of websites that employees are able to browse.
- Getting greater visibility into how employees use the Internet for work.
- Simplifying administration via a cloud-based solution that can be managed from a single administrative console.
Mimecast Web Security services are built on a multi-tenant cloud architecture that enables fast and easy scaling, and IT teams can leave the monitoring, management and upgrading of the DNS security system to Mimecast.
DNS security solutions for email and web
Mimecast Web Security integrates with the Mimecast email security service to provide a cloud-based solution for email and web leveraging DNS. This integrated service protects the two most targeted vectors – email and the web – while enabling security policies to be consistently applied throughout the organization. Administrators can automatically apply policy configurations, directory synchronization, user accounts, roles and permissions, branding and audit reporting to both email and web security, accelerating deployments and simplifying administration.
DNS protection FAQs
Why is DNS security important?
DNS security solutions that monitor and filter at the DNS layer can be a critical component of an organization’s defenses. Email and the web are used to deploy 99% of malware[i], and DNS is usually central to these attacks. By implementing effective DNS security solutions, organizations can more effectively protect users, data, customers and partners from the devastating consequences of a major security breach.
How do I improve DNS security?
Improve DNS security by:
- Restricting zone transfers between authoritative servers to eliminate superfluous traffic
- Enlist the help of Mimecast’s cloud-based Web Security service
What are some common attacks involving DNS?
Some of the most common types of DNS attacks are:
- DNS rebinding attack
- DDoS attack
- DNS tunneling
- Cache poisoning
- Distributed Reflection DoS attack
- Basic NXDOMAIN attack
- Domain lock-up attack
- DNS Tunneling
- DNS hijacking
- TCP SYN Floods
- Phantom domain attack
- Amplification and reflection attack
What are some DNS protection best practices?
There are a few best practices when it comes to DNS protection. Here are the top 3:
1. Limit the type of data that is accessible on the servers and hide your primary DNS server. Restrict access to primary servers to IT professionals within your organization only.
2. Enable DNS logging to monitor DNS activity.
3. Filter DNS to prevent users from accessing a malicious website or a domain.
[i] Verizon DBIR 2018