How IoT is Impacting DNS, and Why It's Scaring Both CISOs and Networking Pros

What impact is the internet of things having on enterprise networks and the way we use DNS?

shutterstock 370525337
shutter stock

What impact is the internet of things having on enterprise networks and the way we use DNS? For many network and security pros today, the answer is “no clue,” due to the lack of source address validation combined with the explosive growth of IoT, expected to hit more than 75 billion connected devices by 2025[2].

From embedded sensors laced with unknown code to devices that can exfiltrate data from otherwise secure networks, IoT devices are already leading a new wave of cyberthreats, from sensors designed with little or no thought towards security to network connectivity relying on default passwords, that can lead to cameras that query SQL databases. This blog post looks at some of the dangers with a view to how DNS can help stop them before they do harm.

If projections are anywhere near expectations, there will be over 75 billion IoT devices in use by 2025, every one of them with a unique IP address that can only be resolved by – wait for it – DNS.

However, we don’t have to wait until then to grasp the impact on security and data exfiltration that IoT systems can bring. In 2017, CSO reported on an unnamed US university where over 5,000 IoT-connected vending machines and lightbulbs were commandeered[3], leading to a DDoS attack that left most students and faculty unable to use the university’s internet at all.

That attack was preceded by hackers who just months before accessed millions of internet-connected digital cameras, home network devices, baby monitors and others to launch a similar DDoS attack on Dyn, a company that provides DNS services to popular sites including Twitter, Spotify and PayPal. Both attacks had one thing in common – a reliance on less-than-stellar DNS security that amplified the attacks.

Although DDoS attacks may get the most attention, there are other ways DNS can be used maliciously. DNS naively resolves malware, botnet and phishing attacks as requested, and DNS can be taken ‘hostage’ becoming a messenger for DNS tunneling, cache poisoning, and spoofing attacks, all of which can lead to data exfiltration – or worse.

From the CISO perspective, IoT represents billions of new attack vectors that because of their ‘fixed function’ nature is not often designed with security in mind. For example, many lack support for the installation of agents. Still business users frequently demand access to corporate networks and resources for these less-than-secure devices. For the networking professional, figuring out just how to integrate this explosion of new endpoints into the namespace without confusing DNS and identity and access systems is a challenge of its own.

Both camps recognize the need to reduce their DNS threats and risk exposure to support the explosive growth that is coming. For example, businesses with a multitude of IoT devices could experience a breach that leads to becoming unwitting participants in a DDoS, DNS tunneling, or other DNS-based attack, which is why whitelisting IoT devices via DNS is a critical way to leverage DNS to secure the growing IoT challenge.

Beyond recognizing when attacks are taking place and taking policy-based, automated steps to mitigate these new risks, enterprises need to realize their existing on-premises DNS infrastructure may be woefully inadequate—when it comes to handling the endpoint explosion and more importantly to ensure security and IT pros are immediately notified when an attack is underway, for example by noting unusual high-volume activity or a device such as a security camera suddenly querying a database – and sending the appropriate alert ASAP. Embracing an enterprise DNS approach that supports digital transformation, IoT, and a multi-cloud hybrid environment may be the best way to short-circuit IoT DNS attacks before they occur.

About BlueCat

BlueCat is the Enterprise DNS Company™. The largest global enterprises trust BlueCat to provide the foundation for digital transformation strategies such as cloud migration, virtualization and security. Our innovative Enterprise DNS solutions portfolio, comprised of BlueCat DNS Integrity™ and BlueCat DNS Edge™, enables the centralization and automation of DNS services and the ability to leverage valuable DNS data for significantly increased control, compliance and security. For more information, please visit www.bluecatnetworks.com.

Copyright © 2018 IDG Communications, Inc.