Malicious attacks on computing systems is becoming an ever-increasing security concern to companies and individuals. The most common pathway for malicious attacks is through the Internet, vis-a-vis the World Wide Web. Malicious attacks come in many different forms designed to infiltrate a computer system without the owner's informed consent. For example, malicious attacks can include computer viruses, worms, and trojan horses, as well as other malicious and unwanted software. In addition, malicious parties use rogue Domain Name Service (DNS) servers to steal sensitive information, commit identity theft and destroy data. These latter types of attacks continue because there are no standards for how users should access DNS services nor any security inherent in the service.
There are several classes of DNS attacks. One example of a DNS attack is a man in the middle (MitM) class attack. In the case of MitM attacks, a malicious party will have access to the communication between the user and the DNS server. Because DNS requests are not usually encrypted/signed/etc, the attacker is able to intercept the data surreptitiously and then block communication to the legitimate DNS server. The illegitimate DNS server responds to the user as if it was the legitimate DNS server. In this case, the user cannot tell the difference, and is sent to a rogue website disguising itself as the requested site. The rogue website collects the user's login information and other data and sends it to an identity thief.
In another class of attacks, an attacker tricks the user into reconfiguring their system to use some other DNS through social engineering or a trojan horse. The new DNS is controlled by the attacker and can reroute the user to any site the attacker chooses. Most users never look at their settings close enough to know what DNS server they should be utilizing, hence, if it is changed to a malicious DNS server, the user will probably never know. Once again when the user tries to request the IP address of a certain website, they will instead be directed to whatever site the owner of the rogue DNS desires.
One existing solution to these problems is the use of a database of known “rogue” sites. This allows a user's browser to identify such rogue sites when they are directed to a false website. Once identified, the user can be alerted that the site is not what it appears and that there may be some security concerns. This solution is clearly limited due to its reliance on a database which will be perpetually incomplete and out of date. Also, it is a reactive rather than proactive solution.
Another approach is for users to enter IP addresses directly rather than relying on blackbox DNS lookups in order to ensure the values are valid. This solution has obvious drawbacks in terms of data entry errors, time required, and complexity of managing and memorizing IP addresses.
Accordingly, there exists a need in the art to overcome the deficiencies and limitations described hereinabove.