Courses:

Offensive Countermeasures: The Art Of Active Defense: SANSFIRE June 15-16, Blackhat USA July 27-28 & 29-30


Defensive Countermeasures: Foundations for Becoming A Devious Defender: Blackhat USA July 27-28 & 29-30


Conferences:

Check out the entire PaulDotCom crew at BsidesRI June 14-15th!



Subscribe:

Blog:
Videos:
Podcast:


PaulDotCom EspaƱol


Hack Naked TV


Hack Naked At Night


Stogie Geeks


Sponsored By:


www.coresecurity.com


www.tenablesecurity.com


www.sans.org



Follow Us On:


twitter.com/pauldotcom

PaulDotCom YouTube Channel


Bind DNS - The new Internet Kill Switch

By
John Strand
on February 25, 2011 11:28 AM |

I still maintain that attackers will not take down the Internet, for the most part. So, there are types of attackers that want to do damage, so-called "Hacktivism" groups. However, these tend to be more targeted attacks, such as the DoS attacks launched by Anonymous against Paypal and other credit card companies. Most of the attackers are out there making big money on the Internet, and can't afford massive outages. Reports are that there is no public exploit, which I never believe. I just believe we haven't seen one in use.

I relate it to the mafia. If you study mafia history, you know its tough for a bunch of criminals to get along. They try to avoid a full-scale war within their families because "war is bad for business". Of course, they are criminals, and it happens from time to time, but for the most part it is (criminal) business as usual.

kick-assjpg-bae226e72e442c48_large.jpg
What "business as usual" might look like

The other thing we need to keep in mind about this is just how fragile things can be when we work in a monoculture. Granted, there are a number of issues that arise when we move away from monocultures, but we need to balance the pros and cons of both. For example, take a look at the system you are on right now. There is a wide variety of software that is installed which is consistently installed on almost all systems. Flash, Java, Adobe Acrobat, Firefox are just a few examples of software that is ubiquitous on almost all systems. But it does not stop there. Now, look at the protocols that everything supports. As we have seen in the past, even simple protocols that we all follow, like DNS, can have design issues in the way the RFCs are implemented that can lead developers down a bad path.

LittleKidBigHill (1).jpg
This will end well

So, what to do? To be quite honest, you need to look at the path data takes to and from the heart of your environment. For example, Internet > Edge Router > Firewall > IDS > Web Server > Database. If you look at this chain there is a particular vendor or product that produces all the products leading up to your Web Server. You may want to think through how you would deal with a vulnerability that impacts all of those products that make up your security support structure.

-PaulDotCom and strandjs

Originally on episode 232.

Categories: