ANTenna Blog -- Security
DNS Woes: How Worried Should You Be? Pretty Dang Worried!
Posted by Keith Ferrell Friday, Jul 25, 2008, 12:21 PM ET
Yesterday's news that the first DNS attack strategies are circulating was no surprise: once a vulnerability -- large, small or in-between -- is discovered, the exploit code follows like rats nipping at the heels of the Pied Piper. The question is, how worried should you be about this particular vulnerability? Pretty worried, is my take.
Dan Kaminsky, who revealed the flaw in the Domain Name System (DNS)that accurately routes traffic on the Internet, took a deep breath and posted a long, thoughtful and essentially jargon-free guide to DNS operations and the DNS flaw.
Kaminsky notes that he wrote the entry, at least in part, as a document to be shared with management, the sort of thing to pass along to those whom you want (or wish) to know more about what it is you're up against in keeping systems safe and effective and functional.
As Kaminsky points out, as everybody has been pointing out (bMighty included), the industry's patch response to the problem has put the tools out there to begin dealing with the potential attacks, if not, alas, to thoroughly address the fundamental weaknesses in the naming system.
The problem, and the reason I'm arguing that the DNS situation is a cause for real and ongoing worry, is that we've seen again and again that a large percentage of businesses and a far larger percentage of users take a laissez faire (at best!) approach to patch management, even for well-known and already under-attack vulnerabilities.
Never was any excuse for such laxness and there is a lot less excuse now. If you're running DNS servers, patch them; make sure that your Windows machines have the Windows DNS patch installed.
And once you've done that -- and run a DNS test; there's a DNS tester on Kaminsky's page -- keep worrying.
Because you don't have any guarantee that the DNS server next door or down the block or halfway around the world has patched its holes. You can, in fact, be pretty confident (if that's the word) that plenty of them haven't.
Check out, for instance, this story about the slow ISP response to patching the DNS flaw.
And if some of the biggest businesses are dragging their patch management feet, think about how things are going at smaller, underfunded and overworked companies.
DNS flaws and available but uninstalled patches: What, me worry?
You bet.
Security
Business & E-Business
| IT
| Internet/Web
| Management
| Operations
| Server How-To
| bMighty
This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
- Phone Systems Guide - What kind of phone system is right for your business
- Web Design Guide - What to look for in a Web designer
- Merchant Services Guide - Credit card processing and more
- Online Marketing Guide - Leverage the Net to market your business
- Alternative Financing Guide - How to find the cash your business needs
- View all guides
Explore ANTenna Blog
Most Recent Posts
- Twilight's Latest Hacking: Vampire Byte Scam Targets Stephanie Meyer Fans
- Great Tips For Getting The Most Out Of Ubuntu Linux
- SAN Vs. NAS: From No Contest To Fair Fight?
- Quark Promote Enters Web-To-Print Market
- Yes, Virginia -- There IS A Google Phone
ANTenna Blog Topics
- Apple
- Backup
- bMighty
- Business & E-Business
- Business Continuity
- Cloud Computing
- Company Size: 1,100-1,500
- Company Size: 250-999
- Company Size: 50-249
- Company Size: 1-49
- Disaster Recovery
- Economics
- Education
- Entrepreneurs
- Finance/Accounting
- Finance/Banking/Insurance
- Government
- Green Business
- Hardware & Software
- Healthcare
- Hospitality
- How-To
- HR
- Imaging How-To
- International
- Internet/Web
- iPhone
- IT
- Linux
- Management
- Manufacturing/Mining
- Messaging
- Mobile
- Networking & Communications
- Non-Profit
- Open Source
- Operations
- Piracy
- Printers/Printing
- Professional/Creative Services
- Retail
- Unified Communications
- Sales/Marketing
- Start-Ups
- Security
- Server How-To
- Services
- Social Networking
- Software-as-a-Service
- Storage
- Strategy/Analysis/Biz Dev
- Technology/Telecom
- The rANT
- Transportation
- Travel
- Windows
- Web 2.0
- Women in Business
ANTenna Bloggers
ANTenna Blog Roll
- ANTenna Archive
- Ars Technica
- Business Know-How
- ChannelWeb Hot Topics
- ChannelWeb The Chart
- Datamation
- Duct Tape Marketing
- The Entrepreneurial Mind
- Freakonomics
- GigaOmNet
- Guy Kawasaki
- Inc.com
- IT Organization Management
- IT Manager's Journal
- IT Toolbox
- LifeHacker
- Mashable
- MonkeyBrains
- Network Computing Blog
- Scott Berkun
- Search Engine Land
- Search Engine Watch
- SmallBizResource
- SmallBizTechnology.com
- SmallBusinessHub
- Small Business Trends
- TechCrunch
- Technologizer
- Tech Republic
- The Secret Diary of Steve Jobs
- USA Today Small Biz Connection
- Valleywag
- Walt Mossberg Feed - All Things Digital
- Web Worker Daily
- WorkHappy.net
- WSJ's Business Technology
bMighty email newsletter!
Browse by Category
bMighty Tech
Term Of Day:
Boost your tech
vocabulary!
bMighty's SMB
TechEncyclopedia
defines more than
20,000 IT terms.
FREE Technology Services Locator!
Search our database of 200,000 solution- provider locations by business activity, technology, vertical market, and customer size. Find a technology partner NOW.
go
|
