Make Sure You Lock The Door

DNS upgrade is one key to Net security.

Flaws found in software used to identify servers on the Internet can leave an enterprises domain servers open to a range of hacker attacks, security experts say.

If unchecked, the problem could raise serious vulnerability issues, thus leaving an enterprises domain name system (DNS) servers open to outages, denial-of-service (DOS) attacks, and other hacker mischief, experts say.

The problems were found recently in DNS software known as the Berkley Internet Name Domain (BIND) service, used by companies to identify the domain belonging to their Internet servers.

The flaws were found in versions 4 and 8 of BIND, which are used by many companies, says Jim Magdych, security research manager at PGP Security, a unit of Network Associates International.

To get the word out, PGP teamed with CERT, the Computer Emergency Response Team coordination center at Carnegie Mellon University.

Magdych advises an upgrade to BIND version 9. Patches for versions 4 and 8 also are available.

The flawed software can make the DNS server crash or allow a hacker to redirect e-mail or traffic to the affected Web site, says Magdych.

Ironically, Network Associates was hit by a DOS attack last Wednesday that stopped traffic to its Web site for more than an hour. Looks like even the watchdogs need better security.