[iwar] [fc:Many.companies.still.vulnerable.to.DNS.outage]

• Next message: Fred Cohen: "[iwar] [fc:Nuke.'Em.From.On.High]"
• Previous message: Fred Cohen: "[iwar] [fc:NIPC.ADVISORY.01-023:.Update.to.NIPC.Advisory.01-003."E-Commerce.Vulnerabilities"]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Return-Path: <sentto-279987-2774-1002550425-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 08 Oct 2001 07:18:08 -0700 (PDT)
Received: (qmail 12989 invoked by uid 510); 8 Oct 2001 14:16:18 -0000
Received: from n32.groups.yahoo.com (216.115.96.82) by 204.181.12.215 with SMTP; 8 Oct 2001 14:16:18 -0000
X-eGroups-Return: sentto-279987-2774-1002550425-fc=all.net@returns.onelist.com
Received: from [10.1.1.224] by n32.groups.yahoo.com with NNFMP; 08 Oct 2001 14:16:22 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_4_1); 8 Oct 2001 14:13:45 -0000
Received: (qmail 51048 invoked from network); 8 Oct 2001 14:13:45 -0000
Received: from unknown (10.1.10.27) by 10.1.1.224 with QMQP; 8 Oct 2001 14:13:45 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 8 Oct 2001 14:16:21 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id HAA10770 for iwar@onelist.com; Mon, 8 Oct 2001 07:16:21 -0700
Message-Id: <200110081416.HAA10770@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Mon, 8 Oct 2001 07:16:21 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Many.companies.still.vulnerable.to.DNS.outage]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Many companies still vulnerable to DNS outage 
By Stacy Cowley, InfoWorld, 10/8/2001
<a href="http://www.infoworld.com/articles/hn/xml/01/10/04/011004hnmice.xml">http://www.infoworld.com/articles/hn/xml/01/10/04/011004hnmice.xml>

EIGHT MONTHS AFTER a faulty router configuration led to a daylong
blackout of many Microsoft Web sites, 25 percent of Fortune 1000 company
Web sites still have the same vulnerable DNS (Domain Name System)
network setup that led to the Microsoft outage, according to a survey
conducted by Icelandic DNS software maker Men &amp; Mice. 

DNS servers translate domain names into numeric IP addresses.  When
those servers go down, users who type Web addresses -- such as
Microsoft.com and Hotmail.com -- can't connect to the intended servers. 
Redundancy is key to protecting against outages; if a company spreads
its DNS servers out across several network segments, it is better
protected against failures such as the one that struck Microsoft in
January. 

That much-publicized attack helped increase network administrators'
awareness of DNS vulnerabilities, but too many large enterprises are
still susceptible, said Men &amp; Mice Chairman Jon Adalsteinsson. 

Shortly after the Microsoft breakdown, Men &amp; Mice surveyed the Web
site networks of Fortune 1000 companies and found that 38 percent of the
companies had all their DNS servers on the same network.  That number
fell to 25 percent when the company conducted another survey in May,
Adalsteinsson said. 

Last month's terrorist attacks prompted Men &amp; Mice to conduct
another examination. 

"We knew that there was a heavy dependence on the IT infrastructure in
the aftermath of the terrorist attacks.  We thought it would be good to
check and see how this situation had improved," Adalsteinsson said. 

He was alarmed to find that it hadn't improved at all: 250 multinational
companies' Web sites are still at risk of virtually shutting down if the
single network segment housing their DNS servers fails.  Adalsteinsson
declined to name which companies have vulnerable configurations, but
said the group includes "some household names."

"I guess the message is that the IT world has not learned from the
Microsoft disaster," Adalsteinsson said.  "We have corporations spending
lots of money on putting redundancy and disaster recovery [tools] in
place for their Web severs, but they don't seem to realize that without
a properly redundant DNS setup, all that doesn't come into play."

Fixing the problem isn't expensive, according to Adalsteinsson.  "It has
nothing to do with cost.  The problem is simply lack of awareness," he
said.  "The second problem is lack of know-how.  Employees are not
trained well enough on DNS [issues].  It's not a sexy technology."

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

• Next message: Fred Cohen: "[iwar] [fc:Nuke.'Em.From.On.High]"
• Previous message: Fred Cohen: "[iwar] [fc:NIPC.ADVISORY.01-023:.Update.to.NIPC.Advisory.01-003."E-Commerce.Vulnerabilities"]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST