This vulnerability, brought to public attention last year by security researcher Dan Kaminsky, allows criminal elements to engage in “DNS cache poisoning” for the malicious hijacking of domain names, and results in consequent damage from large-scale identity theft, among other illegal activities.
Cache poisoning causes erroneous addresses to be provided to users, directing them to fraudulent websites where their sensitive data can be “pharmed.”
Continued advances in processing speeds have made it much easier for criminal elements to exploit this fundamental DNS vulnerability. For example, a major Brazilian financial institution was recently the subject of a pharming attack launched from a poisoned DNS cache at a leading Brazilian ISP.
Cache Defender is a patent-pending system that deploys proprietary NeuStar appliances both in the core of an ISP network and at each node of NeuStar’s UltraDNS Directory Services Platform.
This creates a secure link between each recursive and authoritative server, preventing malicious DNS responses from poisoning the recursive server’s cache and protecting all of the participating ISP’s customers.
While it may well take years for Domain Names System Security Extensions (DNSSEC) to be widely adopted by the industry, Cache Defender is currently the only global solution that can protect Internet users and brands with the most useful benefits of end-to-end DNSSEC, NeuStar claims.
“The security of DNS infrastructure is critical to the security of the Internet as a whole,” said Lydia Leong, research director for Enterprise Network Services at Gartner.
“Businesses need to keep in mind that their Internet presence is only as available and secure as their DNS infrastructure. New DNS vulnerabilities continue to emerge, and need to be taken seriously by businesses and service providers alike.”
The recursive DNS server is the first step for all internet activity, as it begins and ends the DNS resolution process that directs users to their desired websites by providing IP addresses for requested domains.
Cache Defender uses NeuStar’s UltraDNS Directory Services Platform, a DNS infrastructure that powers the DNS for over 20 million domains and thousands of enterprise customers globally, the company says.
“The DNS vulnerability identified by Dan Kaminsky represents one of the most serious threats ever to face the Internet,” said Rodney Joffe, senior vice president and senior technologist at NeuStar.
“Until DNSSEC has been adopted by the entire Internet community – an event that is still many months and possibly years away – NeuStar’s Defender can help an ISP protect its recursive servers from malicious cache poisoning.”
