Question 37 : What is DNS Hijacking and How it works ?

I have a question ...

DNS hijacking is a process in which an individual redirects queries to a domain name server (DNS). It may be accomplished through the use of malicious software or unauthorized modification of a server. Once the individual has control of the DNS, they can direct others who access it to a web page that looks the same, but contains extra content such as advertisements. They may also direct users to pages containing malware or a third-party search engine.

ISP hijacking

DNS hijacking is also done by some Internet service providers, such as Comcast, so that they can link users to their own search pages when they visit a web page that no longer exists. Many claim this is to improve the users experience; however, this can also be another great source of extra revenue since they control the site and get paid off any advertisement clicks. Currently, there are no laws against an ISP doing this to its users.

How DNS Hijacking Works?

As mentioned before, DNS is the one that is responsible for mapping the user friendly domain names to their corresponding IP addresses. This DNS server is owned and maintained by your Internet service provider (ISP) and many other private business organizations. By default, your computer is configured to use the DNS server from the ISP. In some cases, your computer may even be using the DNS services of other reputed organizations such as Google. In this case, you are said to be safe and everything seems to work normally.

DNS Hijacking

But, imagine a situation where a hacker or a malware program gains unauthorized access to your computer and changes the DNS settings, so that your computer now uses one of the rogue DNS servers that is owned and maintained by the hacker. When this happens, the rogue DNS server may translate domain names of desirable websites (such as banks, search engines, social networking sites etc.) to IP addresses of malicious websites. As a result, when you type the URL of a website in the address bar, you may be taken to a fake website instead of the one you are intending for. Sometimes, this can put you in deep trouble!

Src: gohacking, Computer Hope 

Cisco Next-Generation Firewall (NGFW)

In our Technomaxresdefaultlogies Category I would like to talk about  Cisco Next Generation Firewalls.

Last year , Cisco gained strength in next-generation firewalls via Sourcefire code.The official acquisition of Sourcefire by Cisco on October 2013, has allowed him to build a firewall unique its kind.

With this acquisition, Cisco has been able to expand its range and skills in security area.  This approach is a vision of security that is to intervene before the attack, during the attack and After attack.

Cisco – SourceFire …

Cisco is historically known for his expertise on before the attack, this is the security access where Cisco  excelled for many years, while SourceFire is rather an expert after the attack, Forensic, the detection of intrusion, the management of security events. So the fusions of two companies in terms of skills and technology solutions provide completeness that can provide new solutions related to the attacks.

Historically …
There’s 10 years iASA 5500-2t was used firewalls that were intended to  open  and control ports because of attacks of the protocols types. But hackers have moved quickly their interest to take part of application vulnerabilities to launch attacks, so we started talking about Application Firewall , Next-Generation Firewall.Today almost all the attacks are carried through illegal and authorized applications. So we must be interested in the threat, to attack itself to be able to make good decisions; just the application control is not enough.

Example …

If weimages (2) imagine an attack whose goal is to exfiltration of data, then the first phase of the attack is to send a phishing email to a user to control his machine.Typically this will pass through an authorized port and an authorized application:email application.

So far there was no Exploit on the mall itself, it’s just the content that contains the threat ; we will have much interest to know the threat in order to make a decision.
As this attack aims to exfiltration information, so hackers will make sure to pass through authorized flows, in order to get out of the network and outputs the data (it will be https, ssh).
Once again as are authorized flows, we will have fewer means to make the right decision based on the application only : It will take several correlate security events that match informations managing the threat. Hence the Firewall Next-Gen with IPS next-Gen.

What is this Firewall ? …

It encompasses several areas, the basic of connection and routing is Cisco ASA technology, which is known for its advanced-threat-security-cyber-security-for-the-real-world-15-638robustness and performance, and is now the most deployed firewall in the world. The part of application control and IPS Next-Gen intelligence are the legacy of SourceFire.

All customers who have an ASA X in their network have the ability to implement the full functionality of next generation firewall by upgrading, the aim is to bring more functionality on what already works.