Ways To Protect Your Network

Here are three free tricks to increase your network's security:-

1. Use OpenDNS

Use OpenDNS Internet traffic gets routed through IP addresses; the text you type as a URL only sits on top of those numbers. Normally, when you type pcworld.com, it gets referenced in a domain name server directory, which then routes you to the actual IP address. But what happens if that structure is compromised and an attacker can send your request to a different IP address?

Domain name servers and operating systems were eventually patched to protect against this attack. But the OpenDNS server already anticipated the problem and is quick to react to threats. Use it instead of relying on your ISP's DNS servers.

On the client side, you can open the Network Connections Control Panel. Right-click the active connection, and pick Properties. Select Internet Protocol (TCP/IP), and click Properties. Click the radio button to Use the following DNS server addresses and enter 208.67.222.222 and 208.67.220.220.

Or you can enable it on your router, sending DHCP clients these details without additional intervention. The specific process varies, but you'll essentially log in and enter those IP addresses in the NAT area.

2. Update Your Router Firmware

Psyb0t is a worm that was written to attack router hardware directly, embedding itself inside. It simply guesses the login and password for a range of routers, starting with the defaults. At the very least, you should be using a strong password, especially since many low-end routers don't let you change the login ID.

Just like your operating system, hardware companies typically patch routers over time, especially when security flaws are discovered. Look up your specific model and see if there's a firmware update. If so, download, and apply the revision; it'll likely protect you from many attacks.

3. Disable Remote Administration

In addition to updating your router firmware and giving it a strong password, you can close another door by disabling remote administration. This option is often off by default, but check your router's settings to tell for sure.

With remote administration on, someone can log in from offsite. They'll typically need a valid password, although this access presents another weak point in your defenses.

If you need to administrate the network remotely, set up a secure connection to a VPN gateway at your network, instead of connecting in that open method.

Source: .pcworld.com

Procedure to Start/Stop An Iterative DNS Server

The following procedure explains how to Start/Stop An Iterative DNS Server. Procedure - Start/Stop An Iterative DNS Server

1. Click on the System Services menu if it is not already expanded.
2. Click on the DNS Server submenu if it is not already expanded.
3. Click on the Overview item.
4. You should now be looking at the DNS Management controls in the main content area.
5. Locate the Active DNS Services (Iterative) section.
6. Click the checkbox next to the IP you want to update.
7. Select Start or Stop from the dropdown menu below the IP list depending on what you want to do.
8. The page will reload and You will see the following message at the top of the screen: » Settings updated successfully.

Procedure - Flush An Iterative DNS Server

1. Click on the System Services menu if it is not already expanded.
2. Click on the DNS Server submenu if it is not already expanded.
3. Click on the Overview item.
4. You should now be looking at the DNS Management controls in the main content area.
5. Locate the Active DNS Services (Iterative) section.
6. Click the checkbox next to the IP you want to update.
7. Select Flush from the dropdown menu below the IP list.
8. The page will reload and You will see the following message at the top of the screen: » Settings updated successfully.

Procedure - Remove An Iterative DNS Server From an IP Address

1. Click on the System Services menu if it is not already expanded.
2. Click on the DNS Server submenu if it is not already expanded.
3. Click on the Overview item.
4. You should now be looking at the DNS Management controls in the main content area.
5. Locate the Active DNS Services (Iterative) section.
6. Click the checkbox next to the IP you want to update.
7. Select Remove from the dropdown menu below the IP list.
8. The page will reload and You will see the following message at the top of the screen: » Settings updated successfully.

Procedure - Restart An Iterative DNS Server From an IP Address

1. Click on the System Services menu if it is not already expanded.
2. Click on the DNS Server submenu if it is not already expanded.
3. Click on the Overview item.
4. You should now be looking at the DNS Management controls in the main content area.
5. Locate the Active DNS Services (Iterative) section.
6. Click the checkbox next to the IP you want to update.
7. Select Restart from the dropdown menu below the IP list.
8. The page will reload and You will see the following message at the top of the screen: » Settings updated successfully.

Procedure - Install An Iterative DNS Server on an IP Address

1. Click on the System Services menu if it is not already expanded.
2. Click on the DNS Server submenu if it is not already expanded.
3. Click on the Overview item.
4. You should now be looking at the DNS Management controls in the main content area.
5. Locate the IP Addresses Without DNS Services section.
6. Click the checkbox next to the IP you want to update.
7. Select restart from the dropdown menu below the IP list.
8. The page will reload and You will see the following message at the top of the screen: » Settings updated successfully.

Source: http://www.interworx.com/support/docs/iworx-cp/sysadmin/system-services/dns/howto-iterative-server

Infoblox Loads DNS Services onto Cisco Routers

Enterprise IT executives looking to cut costs and consolidate infrastructure might be interested in news jointly announced Monday by Infoblox and Cisco, as the vendors team to offer Infoblox DNS, DHCP and other core network services via blades designed to slide into Cisco's integrated services routers.

The technology partnership will enable network managers to put DNS, DHCP, IP address management and other core network services on blades in Cisco routers deployed at branch office locations, eliminating the need for a separate server to maintain those services. The product, developed under Cisco's Application eXtension Platform (AXP), enables customers to push network services closer to the edge and consolidate infrastructure in remote offices. Industry watchers say the partnership reflects a trend among enterprise companies to reduce infrastructure while maintaining services.

"Remember the 'Trapper Keeper?' That's what Cisco's routers are becoming for enterprise branch office: a single place to keep all critical network applications and services," says Phil Hochmuth, senior analyst at Yankee Group. "This is being enabled largely by the AXP, which allows organizations to cram as many services -- even ones beyond Cisco's own scope, such as Infoblox IP address management - onto a single platform."

According to Infoblox, enterprise companies can spend between $600 and $1,500 managing a server per branch office per month. Removing the need for a server at the branch to support core network services not only reduces that cost, but also ensures the branch will continue to have DNS, DHCP, NTP, FTTP, HTTP, TFTP and syslog proxy capabilities at the remote location - even if a connection to the data center is lost. Infoblox vNIOS Virtual Appliance software installs on a blade in Cisco's widely deployed ISR router line -- reportedly 4 million are installed today -- which Infoblox Vice President of Marketing Rick Kagan says will reinforce the vendor's message that DNS services can't be ignored even in a difficult economy.

Cisco and Infoblox also plan to showcase the joint solution at several upcoming industry events, including at a live virtual meeting this week and at Cisco Networkers later this month in Barcelona, Spain.

Source:http://www.networkworld.com/news/2009/011209-infoblox-dns.html

DNS Client Behavior in Windows Vista and Server 2008

Microsoft developers have changed the functionality of many of Windows' components. DNS is one of them. A DNS client component running on a Vista computer behaves differently than it did in previous versions of Windows.

This tip explains the behavior of the DNS client component in Windows Vista for DNS queries and registrations.

Windows Vista will need to perform two types of DNS queries: A and AAAA. The A is for IPV4 and AAAA is for IPV6. It could be that one of the endpoints or IP Addresses the DNS Server supplied is not reachable and the client retries at DNS server. This will put the load on the DNS server when multiple clients send DNS queries.

The following changes have been made to the DNS client component to minimize the impact on the DNS server:

• If the client computer has only link-local or Teredo IPV6 addresses assigned, then the DNS Client will send only a single query for its A records.
• If the client computer has at least one IPV6 address, and this is not the Teredo address, the DNS client service sends DNS query for A records and a separate query for AAAA records. If the A record query times out or returns with a negative response, the corresponding AAAA query is not re-sent.
• Windows Vista Client computers will always use IPV6 over IPV4 (e.g., AAAA Over A queries).

DNS Registration Behavior in Windows Vista and Windows Server 2008:-

The DNS Client Service in both operating systems uses DNS Dynamic update and registers the following records:

1. A records for all IPV4 addresses assigned to the interfaces configured with a DNS Server address.
2. PTR records for IPV4 addresses assigned to the interfaces.
3. AAAA records for all IPV6 addresses assigned to the interfaces configured with the DNS Server address.

Source: http://www.serverwatch.com/tutorials/article.php/3781556

CloudShield Announced deployment of CS-2000 network services platform by DNS

CloudShield today announced deployment of its CS-2000 network services platform by Dynamic Network Services, a global provider of Internet-based domain, zone and email services.

Dynamic Network Services also can use the programmability of the CS-2000 to update, on its own or using software upgrades from CloudShield, to be prepared to handle new threats as they develop.

Dynamic Network Services began as a free DNS service provider for the Perl and open-source communities but has grown to provide both its signature free service as well as commercial DNS services and Dynect, an enterprise-class dynamic DNS offering.

“They’ve got to run cost-effectively, since they have free as well as paid-for services, and they want to make sure that service is up and performing as expected,” said Bill Scull, vice president of marketing at CloudShield. “They are using our product to protect their infrastructure to make sure their online presence is maintained despite botnet attacks or D-DOS attacks.”

Such attacks can generate from 10 times to 500 times or more the average traffic on a site and service providers such as Dynamic Network Services cannot afford to over-provision bandwidth to be able to handle such an attack. The CloudShield CS-2000 uses deep packet inspection to detect malicious traffic and prevent it from overwhelming the Web sites, authentication servers, DNS server farms and other service provider infrastructure.

“If they have a CS-2000 in front of their infrastructure, they have the ability to, at line rates, sort the good packets from the bad packets,” Scull said. “Dynamic Network Services had a number of different centers around the globe and they will be deploying our boxes in each of those.”

Source: http://telephonyonline.com/software/news/cloudshield-dns-deployment-1216/

Beware of Scoundrel DHCP servers, warns Symantec

DHCP is a mechanism commonly used to automatically assign IP addresses to computers and other devices on a local network. It also provides the client systems with the address of the DNS server they should use.

Using a malicious DNS server to divert traffic to malicious sites is known as pharming. A pharmed user may type a bank URL directly into the browser (as recommended by most financial institutions), but may end up on a fake site designed to capture login details to aid in making fraudulent transactions.

According to Symantec, a Trojan it has dubbed Flush.M sets up a rogue DHCP server on the victim's PC.

When other systems on the LAN make a DHCP request to receive or renew an IP address, Flush.M responds.

If the requesting system receives Flush.M's response before that of the real DHCP server, it will start using the malicious DNS server(s) rather than those specified by the real network administrator.

This can be done by infecting just one PC on the LAN, and it can potentially divert the traffic from any other device, regardless of its operating system.

Furthermore, security software running on those other devices is unlikely to find anything wrong.

Symantec suggests network administrators should watch for DHCP offers originating from addresses other than their DHCP servers, and that they monitor or block traffic to the IP address range 85.255.112.0 to 85.255.127.255, which includes known malicious DNS servers.

If you are suffering from these type of rogue DNS then no need to worry just give us a call at 1-866-914-9838 and talk to a Microsoft certified professionals within a minute & get DNS server support.

Source:itwire.com