Taking down a Domain Name System (DNS) on the web is like shutting down the air traffic control system in the air
Preface
If your DNS service failed ... would you know the address of Google.com?
So you go to the Web, and you can't get Google.com from your browser. What should you do? Well, if you are at home, you ping your router (eg 192.168.0.1) and if that works, we can then ping the Google DNS server using ping 8.8.8.8, and if you can ping it, your DNS service is probably down:
In Turkey, there has been a move by citizens towards using the Google DNS service (8.8.8.8), as it avoids governmental control of accesses. If you want to determine the IP address of google.com, here it is:
You can then put https://62.252.232.35 into the browser and you'll get google.com.
So, if the DNS from your ISP fails, you might just have to setup a Public DNS, such as 8.8.8.8 or 8.8.4.4, and which will use Google's DNS server. In our labs here, we get our students to check their connectivity by ping'ing 8.8.8.8. If they can ping that address, but can't ping www.google.com, it is normally the DNS service which is blocked by the firewall.
Introduction
I've been highlighting how fragile our Internet infrastructure is over the past few weeks, and it is further highlighted by a DNS DDoS attack on the Library of Congress on 17 July, and which lasted for three days. It brought down many other services too, including Congress.gov, and the US Copyright Office, along with incoming and outgoing email. Overall it was another case of the DNS infrastructure providing the platform for the attack [here]:
Peter Tran of RSA perhaps articulates the risks of DNS in bringing down the Internet with:
"Taking down a Domain Name System (DNS) on the web is like shutting down the air traffic control system in the air"
The major problem with mitigating DDoS is that it is difficult to differentiate between malicious and non-malicious traffic. Many companies now use load-balancing systems in the Cloud in order to create new instances of the server infrastructure, and then share the attack over a number of servers. This, though, can be expensive, as the company requires to pay for the extra servers and also for traffic flows. Another method is to create a fully redundant network, which only comes into play on an attack (or in periods of heavy traffic).
Government agencies running SOCs
While it is not thought there was any criminal intent for the attack, many countries around the world must be worried in that attackers could target governmental networks around the world. An outage of even a few days in any country would cause large-scale economic damage, along with the social impact. For example the inability to collect taxes would cause major problems for government funds.
Like it or not, government networks tend not to be as secure as corporate systems, as the funding tends to be lower. Many companies now run 24x7 SOCs, which few government agencies can afford.
ith an ever increasing number of breaches within corporate and government networks, government departments are starting to realise that they need to follow best practice from other industries who store high-risk data.
The HM Revenue and Customs (HMRC) is one of the first to move towards the setup of a Special Operation Centre (SOC) along with a new phishing training programme for its staff. The infrastructure will integrate all the related data in one place, and then use Hadoop analysis for analysing threats against the HMRC.
Overall they are following the setup of 24x7 SOC setups which are typical in the finance sector, and where events are gathered and analysed from across the network. Also the HRMC aim to recruit a cyber-security senior analyst, to add to the recruitment of a number of new cyber-apprentices. The difficulting faced by the HMRC is to recruit specialist skills, who are often in high-demand, so that many companies are turning to the recruitment of cyber-apprentices instead, as it is almost impossible to recruit the right level of cyber security staff.
Overall the HMRC have some of the most sensitive information around, and the recent hack of HR details in the US shows that data is now the target for many intruders. It would be a major embarrassment for the UK Government if details of tax affairs, business accounts, pensions and payroll were released on the Internet, and even worse if it related to their customers.
Cyber Warfare
While many of the recent attacks have been sustained over a few hours, they nightmare scenarios for many countries is a sustained Cyber attack from another nation. A Cyber war could be fought within just a few hours, but end up decimating the infrastructure of the county, and which it would be difficult for it to recover from:
The only solution is for government agencies to take a lead from the finance sector, and invest in system which monitors the critical infrastructure of the country, and to cope with any signs of an attack.
The usage of public DNS has increased as some governments have used DNS to control access to forbidden content:
If you want to see how we get students to setup a network, and ping 8.8.8.8 ... here it is: