Twitter attack prompts a DNSSEC reminder


eWeek Europe’s look at the December attack that took down Twitter suggests that businesses need a stronger focus on DNS security, and includes this reminder about DNSSEC from Rick Howard, director of security intelligence at VeriSign iDefense:

“Basic DNS monitoring is sorely lacking,” he continued. “While enterprises may monitor DNS availability, and are increasingly aware of DDoS [distributed denial of service] attacks targeting domain name servers, simple monitoring for DNS integrity is often overlooked. Enterprises should also pay attention to the rollout of DNSSEC, which mitigates some attacks, but is not yet widely available.”

The attack  used “legitimate credentials to log in and redirect Twitter.com to a site purporting to be under the control of the Iranian Cyber Army,” the article notes.

Comments are closed.