Whenever we open launch a Web browser (whether it is Firefox, Opera, Safari, Chrome, Edge, etc.) and enter a URL (which is essentially the domain name), the entire process takes just a matter of seconds to accomplish. Certain factors may impede load times, such as the speed of your Internet connectivity and how graphics intense the website you are trying to access is. For example, if there is a lot of dynamic content, such as videos, the website might take longer to load versus a website with only static content.
But within these few seconds, a lot transpires behind the scenes. For example, the domain name that you entered is transmitted to what is known as the Domain Name System (DNS). From here, the domain name of the website you are trying to access is then broken down into what is known as an IP Address. In other words, the domain of www.name.com could have an IP Address of 192.168.1.1.
This conversion process is technically known as the DNS Resolution. From this point, the DNS then locates the specific Web server upon which this IP Address is hosted and then transmits your request to it, so that you can access that particular website. But this process has its own set of security issues, and attempts have been made to overcome these obstacles; that will be the focus of this article.
The Shortcomings of the DNS
There are several key security issues with the DNS, which are as follows:
- Any requests transmitted to the DNS are sent in a plaintext format and remain unencrypted. This means the information/data that is transmitted can be seen by anybody, including a Cyberattacker. The bottom line here is that if the request is intercepted, it could serve as a huge backdoor which a Cyberattacker can leverage and deploy malicious payloads, such as Ransomware, Trojan Horses, and other forms of malware. But it is not just the DNS Servers and the device of the end user that are grave risk. All other network nodes involved in transmitting the domain name are exposed as well, which can have a cascading effect.
- All intermediaries involved can use the information/data being transmitted. Because the DNS translation is done in an unencrypted fashion, all other intermediaries that are involved, such as other Internet Service Providers, governments of nation state threat actors, etc. can use the information/data for covert surveillance, censorship, and even the hijacking of Personal Identifiable Information (PII) of the end user.
- The DNS is very prone to Spoofing. For example, a firewall or router that has been misconfigured or tampered with intentionally, can quite easily modify or replicate the request submitted by the end user. Thus, the DNS may not even receive the request, and instead, the end user will be directed to a spoofed website that looks almost like the real website he or she was trying to access in the first place.
Up Next: What can be done to resolve these security issues?
What can be done to resolve the security issues described in this article? That is where the DNS over HTTPS comes into play. We’ll address that topic in the next article in this series.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.