For about a month, computer security experts have been working feverishly to fix a major flaw in the design of the Domain Name Server (DNS) system that could allow unsuspecting Web users to get redirected to bogus versions of trusted Web sites. The flaw is significant enough that a Technology Security Advisory was issued by the U.S. Computer Emergency Readiness Team and the U.S. Department of Homeland Security.
The problem was worrisome enough that John Conway, the president and CEO of Ananke IT Solutions, flagged it as a high-impact problem that could lead to catastrophic damage – the first time in his career that he has done so. Conway talked to PBN recently about the DNS issue and the future of Internet security.
PBN: Ananke recently put out press releases and public service announcements reinforcing the severity of a security alert issued by U.S.-CERT [the U.S. Computer Emergency Readiness Team, a partnership between the U.S. Department of Homeland Security and other public- and private-sector organizations] in mid-July. Can you describe the newly uncovered server vulnerability?
CONWAY: A few months ago, a security expert discovered a vulnerability in the way that DNS servers communicate. When computers communicate with each other over the Internet, they use unique identifiers called IP addresses (likened to a phone number of a telephone or the longitude/latitude of a building). Rather than trying to remember every IP address of every computer, we use “friendly” names that are easy to remember and the DNS servers (similar to 411, the phone book, or our address book) translate these easy-to-remember words, into IP addresses.
DNS Servers (like directory assistance) are a trusted entity and the information provided by the DNS server that “owns” the information provided is considered the authority. To protect the integrity of the information supplied by these servers, there is information that is exchanged in their communications. Hackers monitor the communications to/from the DNS servers for 8-16 transactions and using an algorithm, can spoof or pretend to be the authoritative DNS server. Subsequently, the hacker can provide the incorrect response to the request. This response is remembered or cached on other servers and they, in turn, give it to other computers and so on. This is called DNS cache poisoning.
Once the wrong information has been provided, people will now type one address in their browser and it will go to the wrong site, or they will send an e-mail and it will be delivered to the wrong place, or financial transactions will occur and sensitive information or even the electronic funds will be delivered to the wrong account.
Here is a Web site example:
1. You want to go to PBN’s Web site
2. You type in your Web browser, “http://www.pbn.com”
3. Your computer asks a DNS server for the IP address
4. The hacker has monitored and poisoned the DNS cache
5. The DNS server should respond with the IP address 64.49.252.2
6. Instead the DNS server responds with the IP address of the Hacker’s malicious Web site that looks the same
7. Your Web browser goes to “http://www.pbn.com” but it is really the hacker’s Web site
8. You never go to PBN’s Web site … you enter your user ID and password…
This vulnerability cannot be remediated by simply fixing your own servers, thus cannot be controlled. All DNS servers exposed to the Internet must be patched to completely protect the integrity of the information.
We at Ananke are dedicated to the protection and betterment of the businesses and people of Rhode Island. We felt that it was our duty to heighten awareness and educate as many people as possible, to minimize the risk of this threat and safeguard our information.
PBN: In your professional opinion, why does this problem carry so much risk?
CONWAY: Microsoft, Cisco and other vendors, have been working on patches to protect your systems. The information regarding the vulnerability was posted on the Internet prematurely before all of the patches were developed giving little to no time for businesses to patch their systems. One weak link can lead to the poisoning of information being provided to millions of computers. With almost every Internet transaction relying on DNS servers and being that little can be done to detect a breach, the exposure is high and the impact could be catastrophic, depending on the information obtained by an attack.
PBN: As the country’s reliance on computer networks grows, do you think our IT security is generally improving or getting worse?
CONWAY: Security is definitely improving. However, the risk and the exposure continue to grow exponentially as that reliance increases.
PBN: Ananke has worked with some major companies over the years, including General Motors, Harvard University and Citizens Bank. What types of project have been particularly interesting?
CONWAY: I have thoroughly enjoyed every project that we have had the opportunity to work on. I originally got into this industry for love of the technology. Although I still maintain that passion, I have also found that I equally enjoy learning about organizations and what makes them what they are. My forte, regardless of size or industry, is understanding the organization in order to provide a technology solution that meets their needs, timelines, and budgets. That makes every project interesting to me.
PBN: Ananke has its corporate headquarters in Providence, but also has an office in New York. Do you expect to remain based in Rhode Island?
CONWAY: Yes. I strategically chose to move Ananke to Rhode Island in 2003. Plus, as an added incentive, my wife, Jayne, is from Bristol. Providence offers close proximity to Boston, New York and international airports, which support our professional and staffing services nicely. Our managed services, which also provide help-desk support and data-center co-location, are regionally based and tailored specifically for small to mid-sized organizations. Also, there is a large concentration of universities in Rhode Island which support our internships, certifications and educational efforts. Our community efforts are geared towards increasing the marketability of our Rhode Island technical talent pool, supporting our local businesses and increasing the number of technical jobs in our state.
Ananke IT Solutions – founded in 1994 – is a provider of IT management, consulting and staffing services to companies of all sizes. Based in Providence, it has a second office in Lake Success, N.Y. Additional information is available at www.ananke.com.
The U.S. Computer Emergency Readiness Team (U.S.-CERT) is a partnership between the U.S. Department of Homeland Security and other public- and private-sector organizations. U.S.-CERT studies Internet security vulnerabilities, provides-incident response services to sites that have been attacked and publishes a variety of security alerts. Additional information is available at www.us-cert.gov.
