The Domain Name System is needed so that networked machines can communicate with each other.  Machines use a unique IP address to identify one another much the same way a street address is used to locate a business or home.  However, people like words such Google, Yahoo, or YouTube instead of a difficult to remember IP address, like 67.13.142.130, which is easier for a machine to understand.   Domain name servers are used to convert names to their corresponding IP address and vice versa.

The DNS system is a massive database with billions of domain names and IP addresses.  The system handles billions of requests everyday as people surf the internet, send email, a create new websites.  Even though the DNS system is distributed around the world, it acts like a single system.

An attack can happen by modifying the host tables that are stored on local computers.  The host table is list of domains and IP addresses that are used to find the correct IP address when a user enters a domain site name.  If the so-called host table name system does not have the correct IP address stored locally then it contacts an external DNS for the correct IP address. If an attacker is able to compromise the entries within the host table then they can direct websites names to any IP address they wish.

Another method of performing a DNS Poisoning Attack is to target the external DNS servers themselves.  External DNS servers exchange information, including name and IP mapping, with each other using zone transfers.  Attackers can set up a DNS server with fake IP address entries so that if the targeted DNS server accepts the zone transfer as authentic, it will then use and distribute the fake IP address assignments to other DNS servers.  One way to prevent a DNS poisoning attack is to ensure that the latest version of the DNS software, called Berkley Internet Name Domain (BIND), is installed.

Email spam that is targeted at individual users can be more than just an annoyance.  Spammers can distribute viruses through email messages sent to your inbox.

There are several ways to stop spam. We have outlined four methods here.

The first method for an organization is to install a corporate spam filter.

A corporate spam filter is installed on the receiving email server.  There are two options for installing a corporate spam filter:

• Install a spam filter with the SMTP server

The SMTP protocol is for sending email SMTP.  This is the most direct and easiest method for installing a spam filter.  The filter is installed on Port 25 where it inspects incoming email messages and then passes them on to the  SMTP server that is listening on another port.  The SMTP server then sends the message to the POP3 server, which forwards it to the email recipient.

• Install a spam filter with the POP3 server

The POP3 protocol is for retrieving email.  When a spam filter is installed on the POP3 server, email messages must still pass through the SMTP server.  This may cause increased costs for data storage and handling.

The second method to stop spam is to contract with a third party organization. Using this method all email is directed to the third party’s spam filter.  Unsolicited bulk mail (spam) is deleted and the clean mail is redirected to the organization’s recipient.  In order for the organization’s mail to go to the third party their MX (mail exchange) record must be changed at the Domain Name System (DNS).

The third method is to install a spam filter on your local computer. The majority of email clients can be configured to filter spam.  Some of the configurations typically include:

• Blacklist Senders

This configuration blocks a list of senders.  Databases of blacklists are available on the Internet.

• Whitelist Senders

This configuration allows the recipient to enter a list of email addresses that are allowed to pass thru.  All others are sent to the junk email folder.

• Block Top Level Domain

Some spam filters can be configured to block email from regions and even entire continents known for distributing spam such as Eastern Europe.

The final method is to install a separate spam filtering software. The software works with your email client to eliminate junk mail.  This software may need to be “trained” meaning that the user must identify the unsolicited messages they receive as spam.  The filtering software then uses the characteristics of the spam messages to identify and block unwanted email.

A comparison and list of spam filters is available HERE.

Lesson One: InfoSec Fundamentals
What information security is, the current attack trends and basic vocabulary of security professionals.

Lesson Two: Attack and Defense
The basic attacks and basic defenses, cybercrime, security management, and corporate information systems defense.

Lesson Three: TCP/IP
The secrets of TCP/IP, structure of protocols, networks and the Internet.

In addition if you sign up for our full 25 lesson course you will be able to download audio, video, transcripts, definitions, and quizzes to test your understanding.