There have been a large number of vulnerabilities ranging in distribution and seriousness over the years (we after all are only just recovering from Kaminsky 1. It is crucial that we all take patching of this infrastructure extremely seriously as ultimately name resolution can be the keys to the kingdom (given that most applications or users tend to perform insufficient application/transport level validation). If an attacker controls your DNS, they can do some very scary things with your web presence or internal environment. After all, redirecting banking sites to a web server with a non matching SSL certificaite unfortunately will not raise alarms for most users - they will just click ignore!
So, ensure you appropriately secure DNS; there have been serious vulnerabilities against Windows, Linux and UNIX alike. Keep it patched and isolated running with minimal privileges. Ideally run a baseline system against the zone files to monitor for unsolicited changes.
James Lyne, Senior Technologist, Sophos
http://www.sophos.com
IBM Sponsored Resources
Resources from our Sponsor
- Oracle Exadata vs IBM: Netezza Compared
- Forrester TEI Report
- CIA Whitepaper
- Harnessing the Power of Advanced Analytics
- Tapping into Unleashed Business Potential with Advanced Analytics
- Unlock Analytic Performance with Revolution R for Enterprise and IBM: Netezza Data Warehouse Appliance
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
