DNS security takes centre stage in Cyber Defence strategies

DNS security is emerging as a frontline control in modern cybersecurity strategy as global cyber attacks increasingly target internet infrastructure. The Domain Name System (DNS), translating names of websites into numerical internet addresses, is becoming a revived focus in terms of cybersecurity as a frontline control. On January 20, the Center of Cybersecurity Policy and Law organised an event between industry and government leaders to discuss the increasing role of securing DNS against global cyber attacks. This discussion was in advance of the release of Special Publication 800-81, Revision 3, of the Secure DNS Deployment Guide, by the US National Institute of Standards and Technology (NIST). The updated Secure DNS guidance is part of NIST SP 800-81 Revision 3, which sets best practices for strengthening enterprise network security.

DNS is almost used in all the digital interactions in both the internal and external networks. The impact of this central position is that an effective attack on DNS infrastructure has the potential to cripple the entire activities of an organisation, and considerably affect recovery operations. Professionals in the event observed that DNS is ubiquitous, which also makes it a prime target by attackers intending to have massive effects.

DNS Security as an early warning system

Most of the tools used in conventional security are found lower in the network stacks, but DNS is found at the beginning of most online activities. This renders it a potential attack point and an effective early detection point. Monitoring of DNS queries can allow organisations to detect suspicious behaviour like being connected to a recognised malicious domain, before malware or an unauthenticated access attack advances into the system.

This is early visibility in favour of a wider change in cybersecurity to pre-emptive defensive models. Rather than responding to the event of a breach, defenders can block attacks when they request a domain-lookup, causing no harm to endpoints, servers and data.

Zero trust security and the role of DNS

In zero trust security models, DNS now plays a direct role in policy enforcement and access decisions. A key change in NIST SP 800-81 Version 3.0 (Initial Public Draft) is that it formally addresses DNS as an ingredient in zero trust security models. Zero trust models involve constant verification of connections and devices before access is given. The draft guide provides that DNS will now be used in policy enforcement as well as information collection when making access decisions rather than being a background IT service.

In the draft, DNS is to be regarded as a defence-in-depth security strategy foundational layer. It suggests securing DNS integrity, providing technologies like DNS Security Extensions (DNSSEC), securing the confidentiality of client queries, and high availability by dedicated infrastructure.

New guidance by NIST continues

This new DNS security guide strengthens cyber defence strategies by placing secure DNS alongside zero trust and defence-in-depth frameworks. Collectively, the recent resurgence of attention to DNS can be seen as an overall change in the organisational perspective on core internet services in cybersecurity architecture. No longer a passive utility, DNS is now being recognised as a strategic control point to apply access policy, threat detection at early stages, and resiliency in operations. With attackers increasingly becoming more automated and infrastructure-oriented, DNS security has become a crucial part of ensuring that people have confidence in digital systems. This new guidance by NIST continues to cement this trend where DNS protection is being placed alongside zero trust and defence-in-depth strategies as an indicator that the future of cyber defence will not just rely on endpoint and network protection, but also on the protection of the underpinning services upon which the modern connectivity is based.