‘Grey websites’: The importance of DNS decision-making

In 1983 – the year the internet was born – the potential cyber attack surface consisted of a tiny 4.29 billion addresses. Now, 35 years and tens of billions of devices and websites later, Internet Protocol version 6 (IPv6) can support a baffling 340,282,366,920,938,000,000,000,000,000,000,000,000 – 340 undecillion internet domains.

This vast network of devices and websites has created an unprecedented cyber security predicament – how can experts decipher which websites are to be considered good, which are bad, and which fall somewhere in between? More importantly, how does this change the approach we need to take towards security?

>See also: Securing DNS against threats from the Internet of Things

Turns out, these are extremely timely and important questions to ask. According to a recent Neustar survey on DNS attacks, over a 12-month period, 75% of US- and UK-based organisations claimed to have experienced a DNS attack, with 86% of those attacked having been hit more than once. This particular frequency and intensification of DNS attacks highlights the volatile and unstable potential of cyber attackers and their willingness to wreak havoc on an organisation’s DNS.

The traditional approach

Traditionally speaking, the most effective way to protect an organisation’s online presence would have been to separate all web traffic into two buckets, through whitelisting and blacklisting. Whitelisting, which essentially works based on a no trust principle, denies all incoming traffic aside from a specific and handpicked list of trusted sources. On the other hand, blacklisting quite simply details known malicious sources that should not be allowed access into a computer’s system or network.

Both approaches have been used in the past, but many cyber security experts have recently showcased their support of whitelisting as the superior approach to keeping an organisation safe from malware and cyber threats.

>See also: Telecoms industry and DNS attacks: attacked the most, slowest to fix

As the cyber security landscape continues to evolve, and with businesses unsure about where the next attack will come from and what form it will take, whitelisting makes a great deal of sense when considering both small and large scale threat prevention and protection efforts.

But, what happens in the case of the in-between websites – those that are considered neither good nor bad? These sites, also known as ‘grey websites’, have recently become increasingly common as a result of the push towards digitalisation and the adoption of ‘cloud-first’ strategies. And while it’s overall a great transition, it’s made protecting an organisation’s Domain Name System, also known as ‘DNS’, quite critical.

Next steps

Being able to address these unknown or grey entities is the first and most important step in securing DNS. To do this, it’s imperative that an organisation has a holistic view of their inbound traffic.

In addition, they must have a way to monitor all web activity so they are able to determine a comprehensive database of DNS names, IP addresses and timestamps, which can then be used to automatically determine if the web traffic is legitimate or suspect.

>See also: DNS-based attacks ‘cost businesses more than $2M annually’

Beyond that, it’s important that organisations adopt a multifaceted approach to DNS protection and, in most cases, layered defences are considered to be the most common and most effective approach. Though the utilisation of sophisticated investments involving appliances, third-party services and hybrid configurations, organisations can protect themselves through a combination of hardware and cloud-based mitigation – ultimately protecting themselves from all angles.

Overall, the ability to improve decision-making about DNS activities is only one tool in the cyber security professional’s toolkit, but it is an important one. With undecillions of websites and devices continuing to come online, being able to handle black, white and shades of grey will prove imperative in keeping organisation’s DNS and online assets secure.

 

Sourced by Chris Roosenraad, director of Product Management, Neustar

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...