Defend against a DNS spoof by using techniques such as setting to protect your DNS servers and resolvers, use DNS security extensions, and use two-factor authentication when using a domain name registrar.
- View Offline
- [Instructor] DNS is an important protocol.…We know that there are attacks against DNS,…so we should take steps to defend against DNS attacks.…Defend your servers.…First line of defense is keep…your systems patched and updated.…Disable any unnecessary services on the machine.…Enable cache locking.…Cache locking is a feature on Windows server…that allows administrators to control whether…or not the DNS cache can be overwritten.…
Now on the network, DNS servers publish DNS data,…and DNS caches, or non-authoritative…servers retrieve DNS data.…To defend both of them, your cache servers…should have a separate IP address from the DNS server.…If you use a domain name registrar, there are some things…you can do to ensure more rigid control.…Use two-factor authentication.…That way if the password is compromised,…there's still another authentication factor such as…a one-time password being delivered to the mobile phone.…
Implement some type of a verification,…such as a security word that is used…before any changes are made to the DNS setting,…
Note: The topics in this course will prepare you for key objectives on the Certified Ethical Hacker exam. Find an overview of the certification and the exam handbook at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Sniffing network traffic
- Passive vs. active attacks
- Comparing IPv4 to IPv6
- MAC and macof attacks
- Investigating DHCP attacks
- Detecting ARP and DNS spoofing
- Sniffing tools and techniques