Unified Communications Manager Cloud for Government (UCM) – Formerly Hosted Collaboration Solution for Government (HCS-G)

Iron Bow’s UCM (formerly HCS-G), powered by Cisco, is a FedRAMP Authorized cloud-based collaboration service built to help you improve communication capabilities, empower your mobile workforce, meet cloud-first mandates and maintain stringent security standards. Check out this video and see how we can help your agency overcome key IT and business challenges.

See what VDI can do for your agency.

The case for Virtual Desktop Infrastructure (VDI) has never been stronger. Agencies are looking for better approaches to securing and managing end-user devices. Check out this infographic and see what’s driving the interest in VDI solutions—and what concerns are slowing agencies down.

About TechSource

Welcome to Iron Bow's TechSource, a blog about the issues facing the government and industry today and the technologies being adopted to help overcome them.

Agencies Need Continuous, Automated Monitoring to Tackle Future DNS Attacks

Rob Chee, Technical Director, Cyber Security, Iron Bow Technologies

March 15, 2019  |  Cyber Security

In late January, the Department of Homeland Security (DHS) issued an emergency directive to mitigate the effects of a domain name system (DNS) hijacking campaign.

DHS’ Cybersecurity and Infrastructure Security Agency noted in a letter to agencies that it was aware of multiple executive-branch domains targeted by the attacks, which redirected and intercepted web and mail traffic from government websites.

DNS is a protocol that translates a domain name, like DHS.gov, into a corresponding IP address. Essentially, when a user types a web address into their browser, the DNS resolver locates the proper IP address to open up the website.

During a DNS attack, a bad actor compromises a DNS administrators account and modifies DNS by replacing a legitimate IP address with a rogue address. So when someone types in a URL, instead of linking to the correct IP address, the DNS connects to an IP address that directs traffic to an illegitimate website. Often, the site mirrors the one the user was originally trying to access. When users click on links, they unintentionally download malware and malicious code.

In the instance of a government website, the attack could not only infect the computers of common users, but also agency systems and personnel trying to access their own sites.

DHS quickly set out to a directive to explain the severity of the issue and provide required actions to mitigate the exposure.  We go into some of the actions and recommendations below.

Continuous monitoring is one of the only ways to truly cut off attackers before they’re able to infiltrate systems. With DNS that means recursive monitoring with reporting that gives real-time insights into network activity. Being able to analyze DNS traffic as it’s happening, as opposed to relying on log-based reporting mechanisms, is crucial to preventing DNS-based attacks.

This kind of monitoring can’t be done alone. It would take endless man-hours to track and trace traffic effectively. Deploying an automated system provided by a trusted vendor will free up agency IT teams to focus on only the most imminent threats. The private sector, with massive networks that reach across the world, is perfectly positioned to help the federal government stop DNS hijacking before damage is done.

With Cisco Umbrella Investigate provides a complete view of the relationships and evolution of internet domains, IP addresses and autonomous systems to pinpoint attackers’ infrastructures and predict future threats. It provides easy access to a company’s DNS resolution and anything changing associated with the DNS resolution.  This an effective way to monitor DNS records.

Protection of the accounts used to administer DNS records is also vitally important.  Multi-factor authentication is a required action as part of this directive.  Cisco Duo Security can provide the multi-factor authentication in an easy to use manner.

While this directive is focused on the Federal government it is also relevant to the private sector as well.  The same recommendations should be seen as highly recommended actions for the private sector.

Cyberattacks are evolving at break-neck speed. Bad actors are constantly finding novel ways to infiltrate systems, and DNS-based attacks like those on government websites in January aren’t going away. It takes leading-edge technology to stay ahead of hackers and foreign actors. Cisco and Iron Bow can help make that process easier.

For more information about how Iron Bow can help prevent future attacks, visit our cyber security webpage.

TechSource in your Inbox

Sign-up here to receive our latest posts by email.

  • This field is for validation purposes and should be left unchanged.