You’ve all already know DNS. The internet’s phone book.
When I was running my MSP, I’d ask each and every technician I’d hire and ask them to explain what DNS is in a way that even their grandma would understand. It’s such an important part of everyday work that we can explain at least the very basic principle behind DNS. It’s always a DNS problem is also the running joke among many teams.
DNS has long been the target of attackers. Whether it’s looking for reconnaissance for further attacks or they are looking to take secret corporate data, all we’ve been seeing at this point is a consistent use of DNS-related issues to attack and defraud clients of MSPs.
While many DNS-based attacks have been rooted in brute-force attacks—and I’ve been noticing these continue throughout our community—attackers are also looking into more complicated attacks running from an internal network.
Today I am not going to get into all the details of DNS, but I want to focus on some very basic information that your team should be thinking about and looking at. This information will be extremely useful in helping clients with keeping or applying for cyber insurance policies AND should help you keep track and monitor for DNS-related attacks.
What I’ve seen in the past few weeks and why I’m writing about DNS this week is because I want everyone in the MSP community to start thinking about monitoring DNS within their networks.
This week in our SecOps call I will dive into problems that MSPs are facing—both preventative measures like cyber insurance tactics and DNS auditing and the hard reality of ransomware attack leading from unmonitored and sometimes unknown DNS entries.
Here are three things to look for to help shore up your DNS security:
Use Multi-Factor Authentication—implement strict access controls to limit who is able to modify your DNS settings. This is probably an obvious one, but MFA is sometimes harder to get buy in with tech teams than elsewhere in your organization.
Monitor authoritative DNS activity logs—to spot issues quickly, you will want to alert on suspicious activity. I just talked to one MSP this week who had a client that fell for a brute force attack and no one was the wiser. This was a break fix client without a cyber stack. Make sure all of your clients have some basic stack and include some monitoring to prevent this type of attack.
Enable DNS security extensions—DNSSEC protects the integrity of DNS information by having DNS digitally signed and a level of verification. This will help you make sure traffic is valid and can help you detect suspicious activity.
The one piece of advice that I’d want every organization to do is to audit their DNS. Know what records are published. Be on alert for attacks. The more you see your footprint, the better off you will be managing and limiting what really is needed.
Hackers are targeting MSPs and their clients. They are researching how to exploit DNS. Having a solid DNS hardening policy will help you limit DNS attacks.
My word to you—start auditing your DNS zones and keep track of your DNS servers. Make sure you reduce your DNS public information as much as possible.
Auditing what you have is your first step to keeping your team and clients secure.