Don’t Mess with your DNS!

Don’t Mess with your DNS!

“Is Kumar coming over today?” asked my 10-year-old son last Saturday morning.?

As it happens, Kumar is not a friend, relative, or neighbor — but he’s starting to feel like all three.?Kumar is our plumber.

And, thanks to his recent and frequent visits to our house — we’ve had a rash of bad luck related to our dishwasher, garbage disposal, sink, and toilet (actually, two toilets, but who’s counting?) — my kids have started looking forward to Kumar’s arrival. He’s very friendly and always takes a few minutes to chat with them.

The truth is, I look forward to Kumar’s visits too, although not for the same reasons. For me, and while I would certainly prefer that our plumbing issues just magically went away,?Kumar is a trusted, reliable, expert resource… one who shows up quickly whenever there is a problem.

DNS is Like Plumbing

Plumbing is great when it works happily in the background. When it doesn’t, you better have someone like Kumar on speed dial.?The same can be said for DNS (Domain Name System), the directory that tells Internet infrastructure how to route traffic.

Is DNS important? Only if you want emails sent to you to show up in your inbox and those who type in your company URL to land on your home page. That’s DNS at work — like plumbing, you don’t usually notice it until it stops working properly.

Unlike?plumbing, of course, DNS isn’t a physical thing — it doesn’t clog, break, or wear out.?But… if somebody fools with the settings, well-intentioned or not, the mess it leaves can be much worse.

We need only look as far as the?Facebook / Instagram / Whatsapp misstep?from a couple of weeks ago (a six-hour shutdown of all three services, Facebook’s internal employee network, and even the security badges that allow access into buildings on the Facebook campus) to get a sense of the havoc a bad DNS configuration can wreak on an unsuspecting company.

?In other words, DNS is serious!

DNS Touches Many Aspects of Your Business

It would be an overstatement to claim that every small business owner needs to become a DNS expert. That said, I do find myself involved with it on a fairly regular basis. That’s because DNS comes into play when performing a number of common business activities, including…

… changing your web hosting provider

… setting up email marketing or automation tools

… verifying domain ownership with Google, Apple, Microsoft, and others

… tightening up email security with DMARC or SPF

The point is, there are lots of reasons to go into an organization’s DNS settings.?Any reasonably-sized company could expect to make a change or two at least once a year.?

Unfortunately, and because DNS falls under the heading of “fairly mundane, blocking and tackling tech stuff,”?many small companies pay little attention to who has access.?For example:?

  • Does your marketing intern have access because it’s his/her job to acquire additional domain names or set up new marketing services?
  • Do former employees or contractors still have access to your DNS?
  • Do you know which (or even, how many) current employees could change your DNS?
  • Do you perform regular access controls reviews?
  • Do you know where your DNS records are housed?

I’m not saying all this to scare you (okay, maybe a little). But I do want you to take DNS management seriously.?Three suggestions in that regard:

#1.?Limit the number of people who have access.?

You don’t let anyone and everyone have access to your company bank accounts; you want the same level of vigilance with your DNS. For most medium-sized companies, that means giving access to just three people: two senior technical folks and one other trusted person. Remember that with each additional person that has access, your risk increases?exponentially.

#2.?Turn on Multi-Factor Authentication.

This additional layer of protection helps ensure that the bad guys, of which there are many, can’t get in and that your company stays on the Internet and your business keeps flowing.

#3.?Institute a change management process.?

Whenever making adjustments to DNS settings, it’s critical that change control is in place (i.e., a standardized, systematic process) and that these changes are reviewed by a peer.

Conclusion

As of this writing, it is still unclear what exactly caused the Facebook meltdown, let alone how much money the company lost in those six hours of downtime. Whatever the reason(s), if it can happen to Facebook, it can happen to any of us.?Take steps now to ensure that your DNS management is well thought out and properly controlled!

As for me, and based on how frequently he’s been at the house, I’m thinking I should probably invite Kumar over for Thanksgiving dinner. Let’s just hope he doesn’t send me a bill.

Want to get great cybersecurity content delivered to your inbox??Click here?to sign up for our monthly newsletter, Tales from the Click.

This article was originally published on the Fractional CISO blog.

Clint Dovholuk

Head of Developer Experience, Developer and Zero Trust Evangelist

3 å¹´

It’s not DNS There’s no way it’s DNS It was DNS seriously though - nice post! of course you could just install the #OpenZiti Desktop/Mobile Edge and invent your OWN DNS names... And have some sweet zero trust sprinkled in for good measure!

Kote Saadineni CPA CMA

I empower Business Organisations to grow profitably by aligning Financial Operations with Strategic Objectives. I am a strategist, catalyst, and pragmatist, trying to find my Ikigai.

3 å¹´

Rob Black I love the way you drive the point.... absolutely love it. Subbarayudu Tallapragada I am sure you must be enjoying thoroughly and feeling happy that Rob Black too shares your thoughts.

Really great article. DNS is one of those foundational bits that is often overlooked - love this approach!

Zack F.

GRC Professional | CISA

3 å¹´

Great DNS management tips!

Samantha Rutledge, CISSP

Manager, Cyber Security Analysts at Fractional CISO

3 å¹´

Great advice!

要查看或添加评论,请登录

Rob Black的更多文章

  • Cybersecurity Needs Your Attention

    Cybersecurity Needs Your Attention

    December. That magical time of year when so many conversations turn to… … the pick and roll, great team defense, smart…

    3 条评论
  • Cybersecurity’s Unanticipated Benefits

    Cybersecurity’s Unanticipated Benefits

    Longtime readers of this newsletter may assume that the only professionals I ever call to my house for assistance are…

    11 条评论
  • Cybersecurity Controls – All Are Not Created Equal

    Cybersecurity Controls – All Are Not Created Equal

    The last time I bought a new pair of ski boots was the late 90s. Just to give you some sense of how long ago that was…

    4 条评论
  • Why you need a Quantitative Cybersecurity Risk Assessment

    Why you need a Quantitative Cybersecurity Risk Assessment

    You are presented with two arguments about who is going to win the Super Bowl this weekend. Which sounds more…

    3 条评论
  • Top 5 Rob & Rob Videos of 2024!

    Top 5 Rob & Rob Videos of 2024!

    I am settling into my role as the principal member of the one-man short-video sketch comedy troupe Rob & Rob. This…

    8 条评论
  • Prepare for the Cybersecurity Championships!

    Prepare for the Cybersecurity Championships!

    The NBA season kicked off last night. This year, our beloved Boston Celtics are favored to win it all, again! I…

  • Let’s Get Physical

    Let’s Get Physical

    “Dad, the house alarm went off!” This is not great news at any time of day, but it’s especially unnerving when your…

    3 条评论
  • What’s Your “After Action” Plan?

    What’s Your “After Action” Plan?

    It shouldn’t have been a problem. After all, what could possibly go wrong helping a vacationing neighbor whose plants…

    7 条评论
  • Do You Have a Golden Cybersecurity Questionnaire?

    Do You Have a Golden Cybersecurity Questionnaire?

    It’s that time of year again – my two kids head off this month to overnight camp. They had a great time last summer:…

    12 条评论
  • Don’t Ignore the Warning Signs

    Don’t Ignore the Warning Signs

    Our house is only 18 months old. At this point, few things need repairing, painting, or upgrading.

    6 条评论

社区洞察

其他会员也浏览了