(From an email newsletter, signup with the link below)

========================================================================

1) SECURITY WATCH:

- DNS Security Basics
Your DNS is a sweet spot for hackers who want to compromise your network; learn to protect it.

By Joern Wettern

While it may seem that computer names and their corresponding IP addresses wouldn’t be of much value to hackers, attacking a DNS server can be a hacker’s first step toward compromising an entire network. The Domain Name System (DNS) is the standard for resolving computer names on the Internet to IP addresses. It has also become the primary method for name resolution in corporate networks.

That can be a potentially dangerous combination. All too often network administrators neglect DNS security. Here are some DNS security basics you should put into effect:

SPLIT PERSONALITY
When Microsoft adopted DNS as the primary name resolution method for Windows — instead of using the older WINS — it was an important step toward making networks work together well and making them easier to use. However, by using the same name resolution method for corporate networks that the Internet uses, internal and external name resolutions are often combined.

Internet users find your company’s Web site by going to www.companyname.com. Your internal computers also have a DNS name that would be something like computer.yourcompany.com, or another DNS name that’s in the same or at least a similar zone. This can result in internal computer names and addresses being accessible on the DNS server that resolves names from the Internet. Good security practices dictate that you separate internal and external name resolution. This is known as a split DNS design.

A network penetration test I did a couple of years ago offers a good illustration of how dangerous it can be to not maintain a split DNS.  My task was to find ways an intruder could break into a small corporate network. All the information I had to start out with was the company’s domain name.

My first step was to find an externally accessible DNS server for this company and get all records for the DNS zone using a zone transfer. To my surprise, the zone data included the names and IP addresses of all their internal computers — even domain controllers, application servers and client computers.

More: http://redmondmag.com/columns/article.asp?editorialsid=1655

Joern Wettern, Ph.D., MCSE, MCT, Security+, is the owner of Wettern Network Solutions, a consulting and training firm. He has written books and developed training courses on a number of networking and security topics. In addition to helping companies implement network security solutions, he regularly teaches seminars and speaks at conferences worldwide. jwettern@redmondmag.com

========================================================================
Security Watch
Redmond Media Group
16261 Laguna Canyon Road, Suite 130
Irvine, CA 92618-3608
Phone 949-265-1520
========================================================================

Find other related newsletters and sign up today. Forward to your peers! https://newsletters.1105pubs.com/nl/RMG.do?NL=4902&PC=SECNLF

Free subscription offer! Got Windows? Get Redmond magazine. Each free monthly issue brings you hands-on problem solving, tactical hard-core tech info, real-world reviews, expert columnists, news analysis and strategic insights into all things Microsoft. Available in both print and a digital PDF format. Start or continue your subscription today!

https://subscribe.1105pubs.com/sub/MI?WP=NEWFREE&TC=1&P=enews4
========================================================================
Newsletter problems, e-mail: RED@1105service.com 

To review our Privacy Policy, visit our Web site at http://www.1105media.com/privacy.aspx

Copyright 2007 1105 Media, Inc. Security Watch may only be redistributed in its unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. Contact mdomingo@1105media.com