Get Started

Don’t Mess with your DNS!

  • 3 min read

Share this post

DNS Plumbing
DNS Plumbing

“Is Kumar coming over today?” asked my 10-year-old son last Saturday morning. 

As it happens, Kumar is not a friend, relative, or neighbor — but he’s starting to feel like all three. Kumar is our plumber.

And, thanks to his recent and frequent visits to our house — we’ve had a rash of bad luck related to our dishwasher, garbage disposal, sink, and toilet (actually, two toilets, but who’s counting?) — my kids have started looking forward to Kumar’s arrival. He’s very friendly and always takes a few minutes to chat with them.

The truth is, I look forward to Kumar’s visits too, although not for the same reasons. For me, and while I would certainly prefer that our plumbing issues just magically went away, Kumar is a trusted, reliable, expert resource… one who shows up quickly whenever there is a problem.

DNS is Like Plumbing

Plumbing is great when it works happily in the background. When it doesn’t, you better have someone like Kumar on speed dial. The same can be said for DNS (Domain Name System), the directory that tells Internet infrastructure how to route traffic.

Is DNS important? Only if you want emails sent to you to show up in your inbox and those who type in your company URL to land on your home page. That’s DNS at work — like plumbing, you don’t usually notice it until it stops working properly.

Unlike plumbing, of course, DNS isn’t a physical thing — it doesn’t clog, break, or wear out. But… if somebody fools with the settings, well-intentioned or not, the mess it leaves can be much worse.

We need only look as far as the Facebook / Instagram / Whatsapp misstep from a couple of weeks ago (a six-hour shutdown of all three services, Facebook’s internal employee network, and even the security badges that allow access into buildings on the Facebook campus) to get a sense of the havoc a bad DNS configuration can wreak on an unsuspecting company.

 In other words, DNS is serious!

DNS Touches Many Aspects of Your Business

It would be an overstatement to claim that every small business owner needs to become a DNS expert. That said, I do find myself involved with it on a fairly regular basis. That’s because DNS comes into play when performing a number of common business activities, including…

… changing your web hosting provider

… setting up email marketing or automation tools

… verifying domain ownership with Google, Apple, Microsoft, and others

… tightening up email security with DMARC or SPF

The point is, there are lots of reasons to go into an organization’s DNS settings. Any reasonably-sized company could expect to make a change or two at least once a year. 

Unfortunately, and because DNS falls under the heading of “fairly mundane, blocking and tackling tech stuff,” many small companies pay little attention to who has access. For example: 

  • Does your marketing intern have access because it’s his/her job to acquire additional domain names or set up new marketing services?
  • Do former employees or contractors still have access to your DNS?
  • Do you know which (or even, how many) current employees could change your DNS?
  • Do you perform regular access controls reviews?
  • Do you know where your DNS records are housed?

I’m not saying all this to scare you (okay, maybe a little). But I do want you to take DNS management seriously. Three suggestions in that regard:

#1. Limit the number of people who have access

You don’t let anyone and everyone have access to your company bank accounts; you want the same level of vigilance with your DNS. For most medium-sized companies, that means giving access to just three people: two senior technical folks and one other trusted person. Remember that with each additional person that has access, your risk increases exponentially.

#2. Turn on Multi-Factor Authentication.

This additional layer of protection helps ensure that the bad guys, of which there are many, can’t get in and that your company stays on the Internet and your business keeps flowing.

#3. Institute a change management process

Whenever making adjustments to DNS settings, it’s critical that change control is in place (i.e., a standardized, systematic process) and that these changes are reviewed by a peer.

Conclusion

As of this writing, it is still unclear what exactly caused the Facebook meltdown, let alone how much money the company lost in those six hours of downtime. Whatever the reason(s), if it can happen to Facebook, it can happen to any of us. Take steps now to ensure that your DNS management is well thought out and properly controlled!

As for me, and based on how frequently he’s been at the house, I’m thinking I should probably invite Kumar over for Thanksgiving dinner. Let’s just hope he doesn’t send me a bill.
Want to get great cybersecurity content delivered to your inbox? Click here to sign up for our monthly newsletter, Tales from the Click.

Rob Black
Rob founded Fractional CISO in 2017 and has helped dozens of mid-size SaaS and technology companies improve their security posture as a vCISO. He consults, speaks, and writes on IoT and security. Rob has held product security and corporate security leadership positions at PTC ThingWorx, Axeda and RSA Security. He received his MBA from the Kellogg School of Management and holds two Bachelor of Science degrees from Washington University in St. Louis in Computer Science and System Science and Engineering. He is also a Certified Information Systems Security Professional (CISSP).

Tales From The Click

Sign up for our monthly newsletter for business leaders on minimizing cybersecurity risk.

Suceed at SOC 2

Free eBook:
5 Things to Know for your First SOC 2

  • How to scope your SOC 2
  • Estimate the cost and length of your SOC 2
  • Prepare for your SOC 2
  • Manage the SOC 2 audit period
  • Leverage your SOC 2 for growth

Related Posts

Just Show Up

Rob Black

A Guide to Virtual CISO Costs

Rob Black

The NIST Cybersecurity Framework is Secretly a Communication Framework!

Elazje Carillo
Is your Cyber Insurance really going to cover you?

Only 1/3 of cyber insurance policies actually pay out in incidents. Most companies have cyber insurance policies that insure too little, or too much, and have absurdly low caps and silly exclusions.

To learn more about cyber insurance and determine if you have the right coverage for you, join us for a free vCISO Office Hours session on Tuesday, April 18 at 1 p.m. eastern time. Bring your questions!

New Release: Free SOC 2 eBook!

Getting ready for your first SOC 2? This eBook is full of actionable advice to help you prepare for and succeed in your first SOC 2 audit.

Learn:

  • How to scope your SOC 2 project
  • How to estimate the cost and length of your SOC 2 project
  • How to prepare for your SOC 2
  • How to succeed in your SOC 2 audit period
  • How to leverage your SOC 2 report to enable your business and sales
Is your Cyber Insurance really going to cover you?

Only 1/3 of cyber insurance policies actually pay out in incidents. Most companies have cyber insurance policies that insure too little, or too much, and have absurdly low caps and silly exclusions.

To learn more about cyber insurance and determine if you have the right coverage for you, join us for a free vCISO Office Hours session on Tuesday, April 18 at 1 p.m. eastern time. Bring your questions!

New Release: Free SOC 2 eBook!

Getting ready for your first SOC 2? This eBook is full of actionable advice to help you prepare for and succeed in your first SOC 2 audit.

Learn:

  • How to scope your SOC 2 project
  • How to estimate the cost and length of your SOC 2 project
  • How to prepare for your SOC 2
  • How to succeed in your SOC 2 audit period
  • How to leverage your SOC 2 report to enable your business and sales