DNS Spoofing

    Mimecast Web Security adds monitoring and security at the DNS layer to stop DNS spoofing, malware and other malicious web activity.

    Interested in learning more?

    Schedule a Demo

    The dangers of DNS spoofing

    Domain Name System spoofing, or DNS spoofing, is a cyberattack that redirects traffic away from legitimate servers to fraudulent sites that appear quite similar to the original. When a user arrives at the fake site, they may be prompted to enter their login credentials or reveal sensitive data like credit card data, bank account numbers and Social Security information. Attackers can then use this information to steal money, data and identities, or to access corporate networks to launch other attacks.

    DNS spoofing attacks are carried out by altering DNS records or by intercepting communication with a DNS server. DNS spoofing is just one example of the many ways in which cyber criminals use DNS to launch attacks. In fact, DNS is used in 91% of malware attacks, and one out of every 13 web requests leads to malware.

    Despite the dangers of DNS spoofing and other malicious activity, most organizations don't monitor their DNS activity at all. Yet the rise of DNS spoofing and other DNS-related attacks makes it clear organizations must deploy anti-spoofing solutions as well as monitoring technology that provides insight into what is happening at the DNS layer.

    The dangers of DNS spoofing

    Prevent DNS spoofing with Mimecast Web security

    Mimecast Web Security adds monitoring and security at the DNS layer to stop DNS spoofing, malware and other malicious web activity before it reaches your network or devices. This Mimecast service protects against malicious activity both coming from or going out to the Internet at the DNS layer. It also supports and enforces acceptable use policies and helps to mitigate uncontrolled usage of cloud applications.

    Mimecast Web Security enables you to:

    • Block malicious websites and websites that violate acceptable use policy.
    • Protect employees on and off the network.
    • Protect guest Wi-Fi networks.
    • Enable site, user and group-specific policies and exception lists.
    • Manage web security through a single administration console.
    • Use an intelligent proxy to inspect content and file downloads from suspicious sites.
    • Allow or block top level domains.
    • Integrate with Mimecast Secure Email Gateway with Targeted Threat Protection for a coordinated email and web security.
    • Get seamless off network protection with Mimecast Security Agent for Windows, Mac and mobile devices.
    • Deploy and set up defenses in minutes to protect against DNS spoofing and other malicious web activity.
    Prevent DNS spoofing with Mimecast Web security

    How Web Security works

    When a user initiates a request to access the Internet by entering an address in the browser or clicking a link in an email or website, a DNS request is forwarded to the Mimecast Web security service. As Mimecast inspects and resolves the DNS request, acceptable use policies established by the organization are applied to the request, blocking access to content that is deemed inappropriate for business use. At the same time, the target website is scanned for malicious content. If the site is determined to be safe, the user is granted immediate access. But if the site is deemed to be suspicious or malicious, Mimecast blocks access to the site and the user is notified via a message in the browser about the reason why.

    How Web Security works

    Advantages of Mimecast's DNS monitoring service

    Mimecast Web Security enables you to:

    • Adopt a proactive defense against web threats. Mimecast Web Security stops web threats before they can reach your network or endpoints, and blocks websites that deliver malware or that are part of phishing attacks. Intelligence from multiple sources helps to rapidly identify threats while DNS monitoring helps to stop attacks like DNS spoofing.
    • Enforce acceptable web use policies. Mimecast makes it easier to keep employees productive on the web by blocking access to sites that aren't appropriate for business use. Administrators can use granular web category selections to apply policies to specific users, groups or the entire network.
    • Reduce the risk of shadow IT. Mimecast Web security delivers Application Visibility and Control for greater insight into uncontrolled usage of cloud applications that represent a risk of shadow IT. Administrators can monitor cloud apps to understand usage and manage or block access to specific apps.
    • Protect users on and off the network. Mimecast Web Security protects remote and mobile workers no matter where they are or what device they're using, and it enables administrators to apply consistent security and controls to all employees and devices.
    • Protect guest Wi-Fi. With Mimecast, you can prevent guest network users from accessing malicious or inappropriate sites, and control what cloud apps can be accessed via your guest Wi-Fi network.
    • Improve visibility and reporting. Mimecast provides quick and simple visualizations of key metrics like top accessed domains, site categories, blocked domains and requests leading to malicious sites.
    Advantages of Mimecast's DNS monitoring service

    FAQs: what is DNS spoofing?

    What is DNS?

    DNS refers to the Domain Name System (or Domain Name Server), which translates domain names that users can read into IP addresses that machines can read. Every device connected to the Internet has a unique IP address that enables other machines to find it. DNS eliminates the needs for users to memorize long and complex IP addresses and to use simpler domain names instead.

    What is DNS spoofing?

    DNS spoofing is a cyberattack where DNS records are altered or where DNS communication is intercepted in order to route users to a different IP address. Typically, DNS spoofing reroutes traffic to a fraudulent website where users are duped into revealing sensitive information or login credentials.

    What is website spoofing?

    Website spoofing is a form of cybercrime where an attacker registers a domain name and creates a website that looks very similar to the domain name and website of a trusted brand. Attackers then lure the brand's employees, customers and other parties to the website where they may be tricked into revealing valuable information.

    What is email spoofing?

    Email spoofing is when a cybercriminal sends an email that appears to be from a trusted source. Attackers may spoof an email address by creating a fake "from" address in the email header, or by gaining access to a user's account to send a fraudulent email. Companies can use the email validation system DMARC to identify spoofed emails. DMARC builds on the SPF and DKIM authentication protocols and adds additional layers of protection. An email message must authenticate with SPF and/or DKIM to pass a DMARC test. Additionally, a DMARC record specifies whether an email that fails to authenticate should be blocked, quarantined or sent on to the user.

    FAQs: what is DNS spoofing?

    Expert Web Security Insights

    Web Security resources you may be interested in: