http://www.networkworld.com/news/2008/123008-dns-security.html By Denise Dubie Network World 12/30/2008 The discovery of a major DNS flaw in mid-2008 landed the technology in many headlines, but with economic concerns weighing on many in IT, industry watchers worry that revamping systems and security around domain name servers could be put on hold in 2009. The vulnerability discovered by director of penetration testing at IOActive Dan Kaminsky motivated numerous vendors to upgrade their products to protect enterprise networks against cache poisoning and other DNS attacks, such as distributed denial-of-service (DDoS). IT directors were encouraged to upgrade their DNS systems to guard against potential threats, but a survey by The Measurement Group revealed that about 25% of servers had yet to be upgraded by mid-November. Now, with the year coming to a close, DNS experts worry the projects will take a back seat to cost-cutting measures. "These name servers are trivially vulnerable to the Kaminsky attack. With an effective exploit script, a hacker can insert arbitrary data into the cache of one of these names servers in about 10 seconds," says Cricket Liu, vice president of architecture at Infoblox. A separate survey of 466 enterprise online customers conducted by DNSstuff in September revealed that 9.6% hadn't patched their DNS servers and 21.9% didn't know if they were patched. The findings show that despite the DNS community's and several vendors' efforts, a significant number of server administrators have yet to take action. As for the reasons behind the lack of patches, more than 45% cited a lack of internal resources, 30% said they were unaware of the vulnerability and 24% reported they didn't have enough knowledge of DNS to take the appropriate steps. DNSstuff's customer research also found that the most common DNS issues among respondents include e-mail downtime for 69%, DDoS attacks and cache-poisoning attacks for nearly half and spoofing for 18.5%. [...] _______________________________________________ Please help InfoSecNews.org with a donation! http://www.infosecnews.org/donate.htmlReceived on Wed Dec 31 2008 - 01:07:24 PST
This archive was generated by hypermail 2.2.0 : Wed Dec 31 2008 - 01:17:55 PST