SecTor event highlights holes in DNS, databases

The wild world of the web

The Web was originally designed for housing public content, but the fact that it's now used to build applications housing private data make it a ripe platform for malicious attacks, according to one speaker at the SecTor 2007 conference in Toronto this week.

"The Web is where the wild things are nowadays," said Dan Kaminsky, director of penetration testing at Seattle-based security consultancy IOActive, during a session on Domain Name Server (DNS) rebinding attacks.

Essentially, DNS translates human-readable computer hostnames into IP addresses. The DNS rebinding attacks subvert the DNS same-origin policy that assumes information stemming from the same origin must be trusted identically, said Kaminsky, but the reality is, the translations during this process can change at any time.

DNS rebinding attacks take advantage of this fundamental Web design flaw, breaking the Internet's security policy and converting browsers into open network proxies, said Kaminsky, adding that this ultimately exposes every corporate network. "Corporate firewalls are bypassed via lured browsers."

One of the contributing issues is people tend to use DNS TTL (Time to Live) -- which defines how long records should live before getting discarded -- as a security technology, he said, when in fact overriding the TTL can be "quite trivial".

Considering that in DNS, multiple IP addresses can be transmitted besides the genuine one, it's possible to create a VPN (virtual private network) into a corporation, said Kaminsky.

Kaminsky acknowledged the challenge facing organizations given the wide variety of DNS rebinding mechanisms out there, but he did share some suggestions that might help corporations, including configuring corporate servers to not transmit valuable information back to unrecognizable host systems.

Also, he said, it's useful to perform external to internal routing checks to stop sites on the Internet from routing to internal targets on the corporate Intranet.

Also at SecTor 2007, challenges around corporate database attacks and methods to perform forensic investigation on SQL Server 2005 systems to determine possible data breaches were discussed.

The database has become a critical asset to organizations because of the critical information it holds, like financial, healthcare and human resources data, said Kevvie Fowler, manager of managed security services at Longueil, Quebec-based healthcare and financial technology provider Emergis Inc. "All this critical stuff that organizations need to share, maintain, process."

Besides that, there is an industry trend toward scaling down to fewer consolidated systems, given the high cost of maintenance of databases, said Fowler.

Given these single mission-critical systems are often targeted by attackers, he said, it's important for organizations to secure and log underlying database transactions upon which to perform forensics.

However, traditional forensic investigations typically exclude the plethora of evidence housed in databases probably because people fear what they don't understand, he said.

Furthermore, most organizations' database servers, said Fowler, are ill-equipped for potential forensic investigations, but there are available methods that can be applied "without the dependency on shiny appliances, logging appliances, or apps."

Internal IT staff can take advantage of certain repositories -- like transaction log files and volatile database data files -- within the database that contain valuable evidence of potential breaches, he said.

The transaction log files, for instance, he said, aren't so complex to be useful as most people think. Each transaction can have up to 101 different data elements logged, he said. "That's 101 different chances to have critical data that you need to support an investigation that you're working on."

But before collecting this data, organizations should first determine the scope of the investigation and how much information is required to be collected, said Fowler, adding they should factor in the "relativity of the data based on the investigation you're investigating."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stephanie Lau

ComputerWorld Canada
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?