ABSTRACT
This chapter addresses the threats to an information infrastructure and end sytems as well as the mechanisms used for defending them.The learning goals for this chapter are as follows:
◾ Understand the factors that must be addressed in protecting the Domain Name System (DNS)
◾ Explore the various facets of cache poisoning and its effect on the DNS ◾ Learn the importance of Dan Kaminsky’s cache poisoning attack ◾ Understand why authentication and integrity are a long term solution to DNS problems ◾ Learn the role played by DNS Security Extensions (DNSSEC) in protecting the DNS ◾ Understand the role of the Border Gateway Protocol (BGP) and its impact on router security ◾ Address the security measures that can be used with BGP ◾ Learn the techniques that are applicable to email security and spam defense ◾ Understand the methods used in phishing, fast-flux DNS, and the means by which to
identify them ◾ Learn the techniques employed in Web-based attacks and defense ◾ Understand database defense and the importance of a SQL injection attack ◾ Learn the methods employed in a Botnet attack and the mechanisms used for defense
26.1.1 A CACHE POISONING ATTACK
Since DNS responses are cached, a quick response can be provided for repeated translations. DNS negative queries are also cached, e.g., misspelled words, and all cached data periodically times out.
