Scribd Logo
Upload

Welcome to Scribd!

  • 46 views

    Domain Name System Security: Rabia Noreen L1S10MSCS0002

    Uploaded by

    haleem81
    This document discusses the Domain Name System (DNS) and DNS security. It begins by explaining what DNS is and its purpose of translating human-readable domain names to IP addresses. It then discusses why DNS is needed since humans find names easier to remember than IP addresses. The document outlines how DNS works hierarchically from the root domain down to subdomains and host names. It describes common DNS attacks like cache poisoning, spoofing, and ID hacking. Finally, it explains that DNSSEC aims to secure DNS by using public key cryptography to authenticate data origin and integrity and prevent denial of service attacks.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Domain Name System Security: Rabia Noreen L1S10MSCS0002

    Uploaded by

    haleem81
    46 views29 pages
    This document discusses the Domain Name System (DNS) and DNS security. It begins by explaining what DNS is and its purpose of translating human-readable domain names to IP addresses. It then discusses why DNS is needed since humans find names easier to remember than IP addresses. The document outlines how DNS works hierarchically from the root domain down to subdomains and host names. It describes common DNS attacks like cache poisoning, spoofing, and ID hacking. Finally, it explains that DNSSEC aims to secure DNS by using public key cryptography to authenticate data origin and integrity and prevent denial of service attacks.

    Original Description:

    Original Title

    DNS Security

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses the Domain Name System (DNS) and DNS security. It begins by explaining what DNS is and its purpose of translating human-readable domain names to IP addresses. It then discusses why DNS is needed since humans find names easier to remember than IP addresses. The document outlines how DNS works hierarchically from the root domain down to subdomains and host names. It describes common DNS attacks like cache poisoning, spoofing, and ID hacking. Finally, it explains that DNSSEC aims to secure DNS by using public key cryptography to authenticate data origin and integrity and prevent denial of service attacks.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    46 views29 pages

    Domain Name System Security: Rabia Noreen L1S10MSCS0002

    Uploaded by

    haleem81
    This document discusses the Domain Name System (DNS) and DNS security. It begins by explaining what DNS is and its purpose of translating human-readable domain names to IP addresses. It then discusses why DNS is needed since humans find names easier to remember than IP addresses. The document outlines how DNS works hierarchically from the root domain down to subdomains and host names. It describes common DNS attacks like cache poisoning, spoofing, and ID hacking. Finally, it explains that DNSSEC aims to secure DNS by using public key cryptography to authenticate data origin and integrity and prevent denial of service attacks.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 29

    Domain Name System

    Security

    Rabia Noreen
    L1S10MSCS0002
    What is DNS?
    Domain Name System
    Domain Name System(Service or Server), an
    Internet service that translates domain names into
    IP addresses. Because domain names are
    alphabetic, they're easier to remember. The
    Internet however, is really based on IP addresses.
    Need Of Domain Name System
     Humans can’t think like computers. They just
    can’t remember dozens of IP addresses. They
    need easy-to-remember names to locate their mail
    server or their favorite web pages. For example,
    instead of typing an IP-number like140.90.99.144
    on your browser you type in www.amazon.com.

     Another reason is that if you have to change IP


    address for whatever reason, the name can
    remain the same as long as DNS gets updated.
    How DNS Works
    DNS Server

    DNS server is a special type of computer


    on the Internet used to support the
    Domain Name System.
    DNS works on application layer.
    DNS Name Space

    DNS is a hierarchical system. DNS


    organizes all registered names in a tree
    structure.
    DNS work in hierarchy
    Root domain
    This is the top of the tree, DNS domain name, it is
    stated by a trailing period (.) to designate that the
    name is located at the root or highest level of the
    domain hierarchy. In this instance, the DNS
    domain name is considered to be complete and
    points to an exact location in the tree of names.
    “example.Microsoft.com.”
    Top-Level Domain

    A name used to indicate a country/region or


    the type of organization using a name.

    Example:
    ““.com”, which indicates a name registered
    to a business for commercial use on the
    Internet.
    Second-Level Domain
    Variable-length names registered to an individual
    or organization for use on the Internet.

    Example:
    ““microsoft.com. ”, which is the second-level
    domain name registered to Microsoft by the
    Internet DNS domain name registrar.
    Sub Domain
    Additional names that an organization can create
    that are derived from the registered second-level
    domain name.

    Example:
    “example.microsoft.com.”, which is a sub domain
    assigned by Microsoft.
    Host Or Resource Name
    Names that represent a leaf in the DNS tree of
    names and identify a specific resource. Typically,
    the leftmost label of a DNS domain name identifies
    a specific computer on the network.
    Example:
    ““host-a.example.microsoft.com.”, where the first
    label (“host-a”) is the DNS host name for a
    specific computer on the network.
    DNS Query Types
    Why Domain Name System
    Security?
     DNS data is too readily changed, removed
    or replaced between the “server” and the
    “client”.
     This can happen in multiple places in the
    DNS architecture.
    DNS Attacks
     DNS cache poisoning
     DNS spoofing
     DNS ID hacking
    DNS Cache Poisoning
    It is a security or data integrity compromise
    in the Domain Name System (DNS). The
    compromise occurs when data is introduced
    into a DNS name server's cache database
    that did not originate from authoritative
    DNS sources.
    DNS Cache Poisoning
    DNS Spoofing

    DNS Servers keep a database of domain


    names and corresponding IP addresses.
    DNS Spoofing attacks are made by
    changing a domain name entry of a
    legitimate server in the DNS server to point
    to some IP other than it, and then hijacking
    the identity of the server.
    DNS Spoofing
    DNS ID Hacking
    DNS uses ID number to identify queries and
    answer, so the hacker needs to find the ID
    the client is waiting for.
    For that, he will use DNS ID hacking. With
    DNS spoofing, the hacker will try to
    impersonate the DNS reply so that the
    requesting client is misdirected, but
    without touching the DNS cache of the
    impersonated DNS.
    DNS ID Hacking
    Attacks Objectives

     Denial of Service
     Masquerading
     Client Flooding
    DNSSEC

    DNSSEC provides cryptographic


    proof that the data received in
    response to a query is correct.
    DNSSEC Scope
     Key Distribution
     Data Origin Authentication
     DNS Transaction and Request
    Authentication
    How Do We Secure DNS?
     DNSSEC is based on public key
    (asymmetrical) cryptography
     Private key is used to sign DNS data
     Public key is published via DNS so that
    validators can retrieve it
     The public key is then used to validate
    the signatures, and there-by, the DNS
    data
    Conclusion
    Extensive use of public key cryptography to
    provide:
     Authentication of origin
     Data Integrity
     Denial of services

    No attempt to provide confidentiality


    Thank You
    If you have any query than you
    can ask.

    You might also like