• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Electronic Security
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustry
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Resources
    • The Tribe Resources Library
      The following resources are available for download to members of The Tribe, Agilient's free membership portal. Discover more about The Tribe
    • working-together-newJoin The Tribe
    • hacking-detected-shutterstock_newResources
  • Training
    • Training Courses
      Agilient's extensive experience has led to the development of the following security training modules. Prepare yourself or your staff with these courses ranging from personal & physical security to cyber & information security
    • managers-dealing-customer-agression-agilient-training-newAll Training
    • coach-newCoaching & Mentoring
  • Articles
  • Contact Us
Contact Us

DNS Hijacking – What is it?

You are here: Home / Security News / DNS Hijacking – What is it?

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 19-01 in January this year, warning of Domain Name Server (DNS) manipulations for US government sites. IP address

A Domain Name Server (DNS) translates domain names to Internet Protocol (IP) addresses, so browsers can load Internet resources. Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP) while Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol. An example of this in action is www.google.com which in IPv4 becomes 216.58.199.78 and in IPv6 becomes 2404:6800:4006:80a::200e. IPv6 is becoming more popular, as the original IPv4 addressing becomes exhausted by the number of devices on the Internet. IPv6 also offers enhanced address management.

A Domain Name Service holds more information than just webserver addresses – it also holds infrastructure information for the domain such as mail server and name server IP addresses. DNS records are maintained by a domain administrator, who authenticates to the DNS server to change DNS entries. This is usually infrequent and pre-empted by changing the DNS data update frequency to a shorter interval.

Using compromised DNS administration credentials, attackers were able to access the DNS records for mail servers and name servers while web hosts were changed to unauthorised hosts, redirecting the traffic destined for the legitimate server to the attacker’s servers instead. Further, as the attackers had access to the administration of the domain, they could generate valid certificates enabling them to read encrypted messages.

DNS hijacking is not just limited to US Government. DNS is used across the Internet by everyone, it is a fundamental part of the World Wide Web, and companies doing business on the Internet need their DNS services to function correctly for uninterrupted operations.  Many companies outsource their DNS through a Domain Name provider.

The Department of Homeland Security’s CISA recommends:

  1. Verify DNS records for accuracy;
  2. Change passwords for DNS Administrative accounts;
  3. Implement Multiple Factor Authentication for DNS Administrative accounts; and
  4. Monitor Certificate Transparency logs for certificates created not requested by the appropriate process.

Agilient has Cybersecurity Consultants and Auditors who can assist with these checks as a specific task, or as a wider security review.

Follow our LinkedIn page for all the latest security updates, and Contact Us to see how we can assist your business.

Author: David Steele, Agilient Cyber Security Consultant

 

Tweet
Share

Security News CISA,  cybersecurity,  Cybersecurity and Infrastructure Security Agency,  Department of Homeland Security,  DHS,  DNS,  government,  internet,  Internet Protocol,  IP address,  IPv4,  IPv6

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2019 Agilient · Level 3, 655 Pacific Highway, St Leonards, NSW 2065 · 1300 341 692