Secure BIND Template

Introduction

The ubiquitous BIND (Berkeley Internet Name Domain) server is distributed with most UNIX variants and provides name services to countless networks.  However, the BIND server is not without certain vulnerabilities, and is often a choice target for Internet vandals.  These vandals utilize BIND vulnerabilities to gain root access to the host or to turn the host into a launching platform for DDOS attacks.  An improper or insufficiently robust BIND configuration can also “leak” information about the hosts and addressing within the intranet.  Miscreants can also take advantage of an insecure BIND configuration and poison the cache, thus permitting host impersonation and redirecting legitimate traffic to black holes or malicious hosts. This article presents a template for deploying a secure BIND configuration, thus mitigating some of the risk of running the BIND server.

Read more at www.cymru.com

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s