DNS Attacks

[Björn Persson]

Les Mikesell wrote:
> Yes, but controlling 'who does what' only works as long as the selected
> person does what you expect.  Are you following the case of the San
> Francisco network admin that refused to give the password to anyone
> else?  This may not even be malicious (he may just think everyone else
> would screw it up), but it isn't what anyone expected.

I think I saw something about it. Relying entirely on one administrator is 
foolish even if he's guaranteed to never do anything malicious. There should 
always be some way for someone else to access the system in case the 
administrator suddenly dies for example.

> >> Could you elaborate on how whois guards against malicious system
> >> administrators?
>
> It spreads the number of things that have to be compromised to fool you.
> The person who had access to copy the security certificate may not be
> the same one that registers the public DNS servers.

OK, a slight improvement, but it still depends on the bank's security 
routines, just like the secrecy of the secret key does.

> Maybe it's a backup 
> operator who knows how to restore a copy elsewhere

Well, a backup copy of a secret key is just as secret as the "live" copy and 
must be protected by just as rigorous routines.

>  >> Do you think security could be improved by having
> >> browsers and other programs make whois queries automatically?
>
> Slightly, but the DNS infrastructure probably would not handle having
> every query send to an authoritative source, which is why we have the
> caches that can be compromised in the first place.

So doing that manually works for you only because most people don't do it?

> > Also, if it is the a system administrator at the bank, what is to
> > prevent him from just changing the real name servers?
>
> That's visible and would leave traces in obvious places.

As I already wrote, a bank should have things set up so that copying a secret 
key would also leave traces.

Björn Persson