LATEST NEWS

What is DNS and Records?

Posted on by Mark Pace

Found some really good information on DNS and rather than reinvent the wheel, I thought I would share this with you.
Credits at the bottom of the article.

DNS (Domain Name System) is a simple service many in IT don’t understand. It’s essentially the phone book for any network — especially the Internet. When you surf the web you use DNS. If not, you would have to remember every system’s IP address you wanted to visit. Instead of Google.com or Amazon.com, you would have to remember 74.125.239.82 and 205.251.242.54 and every backup IP address they use for load balancing the traffic.

There are many different providers of DNS. They’re your ISP (home or business), Google, Level 3, OpenDNS, DynDNS, etc. Your home ISP will often provide features like search assist or phishing block to help protect you while you’re searching the web. Google (8.8.8.8 and 8.8.4.4) and Level 3 (4.2.2.1 and 4.2.2.2) provide DNS servers that don’t block any requests (unfiltered) so you don’t have to use your ISP’s DNS services if you don’t want to.

OpenDNS and DynDNS offer services — for pay and for free — that allow you to control what kind of sites you wish to block and what sites you wish to allow. Pay accounts often give you more control down to individual sites rather than categories of sites. This is a popular method for securing home Internet service to protect kids from looking at content you don’t want them to look at — without having to hover over them as they browse the Internet. It’s also good for protecting you from phishing scams.

A records
Basic DNS records are called A records. These are Address Records for a hostname. For example, if you look at the A records for www.google.com you will find several entries that include 74.125.227.209, 74.125.227.210, 74.125.227.211, 74.125.227.212, and 74.125.227.208 as well as one that looks different than the others: 2607:f8b0:4000:803::1013. This one is IPv6 where the others are IPv4. Having multiple records like this doesn’t give true load balancing. If you surf to www.google.com and DNS tells your system that it needs to contact 74.125.227.209 and it doesn’t respond, your system doesn’t ask again — it gets 74.125.227.210 and continues. It will ask the question once and if it gets an answer (even one that states the address can’t be resolved) your browser will attempt to connect to it and return the web page or a “page doesn’t exist” error page.

MX records
DNS records are also used to route email around the Internet. These are called MX records. They usually point to a group of computers that are responsible for receiving mail for the organization. Each entry will have a priority associated with it — this provides a failover so if one mail server isn’t responding, the sending mail server can try the next one in the list.

NS records
So what are DNS servers called in DNS records? NS, or Name Servers, are the servers that are responsible or have authority for the domain zones they host. This also helps with replicating the changes in the DNS zone between servers that are responsible for each DNS zone.

PTR records and rDNS
There are also reverse records called pointer (PTR) records. These help with security. If a system receives email, it knows what IP address it came from. It will do a reverse DNS (rDNS) lookup to see what domain name it came from. Then it compares this with the MX records to see if this server is registered as an email server. If not, it can reject the email as spam.

Another use is in network troubleshooting when you know the IP address but don’t know the system name. PING and TRACERT (trace route) commands will show you the IP address and the DNS name.

CNAME records
Another popular record type is a CNAME. This is a Canonical NAME record — think of it as an alias record. It is used when one IP address is used for multiple services. For example, let’s say you have a website named www.yourwebsite.com and it has an IP address of 10.1.2.3, but you also have other services you wish to publish, like FTP.

Rather than making another A Record for ftp.yourwebsite.com, you can make a CNAME for ftp.yourwebsite.com and point it (alias) to www.yourwebsite.com. When/if you change the IP address for your website (change of providers), then you only have to update one record (the A Record) for www.yourwebsite.com and all of your CNAME records will automatically be redirected to the proper IP address.

However, there are some rules that should be followed with CNAME records.

  1. You should never point a MX record to a CNAME.
  2. You should never point a NS record to a CNAME.
  3. You shouldn’t point a CNAME to a CNAME as it could create a never-ending loop.

SRV records
Corporate DNS used for Active Directory Domains takes this further and includes records that help computer systems authenticate on the network and determine what domain controller is closer, what file server is closer, what the email server auto-setup should be, etc. These records include SRV records that are used for Kerberos, LDAP, and other services as the domain needs to function.

So what system holds the DNS for corporate servers (Active Directory)? Active Directory servers run DNS service that clients — other computers on the internal network — will point to them for all DNS needs. It’s up to the internal DNS servers to decide if the request is for an internal (private) record or for a public record.

If it needs a public record, there are several ways a DNS server can find the information. It can point to a set of servers either for all domains or for just a specific domain. It can use root hints to direct traffic to the proper public DNS servers. Or, it can also use a combination of the two — depending on the needs of the organization.

If you have an Active Directory environment and you point your client (or the DNS client on a domain controller/DNS server) to a public DNS server, your domain won’t function properly. The public DNS servers won’t have the records for your private DNS zone and won’t have any way to get them if your client requests it. This will prevent your computer from authenticating on the domain, joining the domain, connecting to your email server, surfing your corporate intranet, etc.

Split DNS
Let’s say you’re in a corporate environment. You have a web server that you list as www.yourwebsite.com with a public DNS record of 74.125.227.210 (this is Google’s IP address — I’m only using this as an example). But, you’re inside your network and your firewall won’t allow traffic to go out, make a u-turn and come back in so you can’t get to the website. How do you resolve this for your internal clients? You make a split DNS.

This means there is a public DNS zone for yourwebsite.com that contains an A Record for www. that resolves to 74.125.227.210 and you have an internal DNS zone (on your domain controller or domain DNS server) that also has a zone for yourwebsite.com but has an A Record for www. that resolves to 10.1.2.3 (the internal IP address for the same web server).

Now your client on the inside of your corporate network can communicate with your web server at www.yourwebsite.com. If this is a mobile device, you could move between networks (corporate, public Wi-Fi, home) and still have access to the website. Of course, with this split DNS zone, you’ll have to enter every record that’s in the public DNS zone or you will break the other records while on the internal network.

Another split DNS zone implementation is to do it just for the record you wish to redirect. You would create a DNS zone for www.yourwebsite.com and have the default record resolve to 10.1.2.3 — this way you only have to maintain one record internally instead of every record that is in the public DNS zone.

 

da Beast Aug 6, 2013 at 4:42 AM | DNS
This is the 223rd article in the Spotlight on IT series.
Source: https://community.spiceworks.com/topic/366432-the-name-game-from-dns-ignorance-to-enlightenment?utm_campaign=0805&utm_medium=+spotlight&utm_source=+swemail

WEP wireless security

Posted on by Mark Pace

View Online

Alert Services (Advisory)
7 June 2013

Australians continue to use out dated encryption

Businesses and home users are advised to avoid using the Wired Equivalent Privacy (WEP) security protocol for wireless connections.

Once commonly used, the WEP security protocol is today considered broken and should not be used.

Although most router/modem manufacturers and Internet Service Providers currently supply and support devices with higher levels of encryption, many computers and networks continue to maintain wireless connections via WEP.

If you still currently use WEP, your wireless connection is vulnerable, information you send via this method is easily accessible via sniffer tools downloaded from the Internet.

You should check your current settings and if you currently use WEP, choose an alternative security protocol for your wireless connections.

How to find your wireless security settings:

Windows
For Windows based computers, you can check the level of security being used on a wireless network by viewing Network Options in the Control Panel. From here, select your wireless network and open the Properties for that connection. The exact name and location of these options will vary between versions of Windows. A security tab or menu should offer a choice of security protocols for your device.

Apple
For Apple based computers, you can check the level of security being used on a wireless network by clicking the Network icon in the System Preferences. Select your connection on the left hand side and the security level will be listed next to the network name.

How to update your wireless security:

Updating wireless security varies depending on the make and model of your wireless device. Refer to your manual for individual product details.

Modern modems, routers and wireless devices typically offer a range of encryption protocols. Wireless encryption should be set to WPA2 if available (or WPA if not).

There can be various types of WPA2 encryption, with the simplest version being WPA2-PSK. This uses a network name and requires a password. Most computers and smartphones can connect to WPA2 networks with minimal reconfiguration.

If your wireless device does not support any encryption other than WEP, it is strongly advised to update your equipment.

More information

The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.

Information provided by the Internet Commerce Security Laboratory, www.icsl.com.au

Disclaimer
This information has been prepared by Enex TestLab for the Department of Broadband, Communications and the Digital Economy (‘the Department’). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.
Host of subscription service
The Commonwealth has engaged Ladoo Pty Ltd to host the Stay Smart Online Alert Service. All URL links should show the domain send.ladoo.com.au at hover over. URL links related to the administration of the service (‘View online’, ‘Update your profile preferences’ and ‘unsubscribe’) should direct you to web pages hosted by Ladoo Pty Ltd.

CONTACT US
Facebook: www.facebook.com/staysmartonline
Email: staysmartonline@dbcde.gov.au
Web: www.staysmartonline.gov.au

2012 Australian Government. All rights reserved

SITBACK… and relax. Offsite online backup data solutions

Posted on by Mark Pace

SITBACK FINALSITBACK (“Sterling IT Backup”) provides our customers with a seamless, robust online data backup solution to an offsite location.
Also known as Cloud Backup.

Data loss or the exposure of sensitive data can result in huge financial losses, legal penalties, loss of reputation, brand damage, loss of intellectual property, loss of customer trust… and all this can easily lead into bankruptcy.

 

Sterling IT specialises in secure online backup and recovery. Whether you are looking for online backup of servers, distributed networks, workstations or notebooks, Sterling IT has a suitable solution and reliable technology that will scale with your business.

Sterling IT provides real-time, hassle-free, local and offsite backup protection. It offers a reliable, centrally managed backup solution that unravels complexities and makes it easier for IT managers and business owners to protect their organization’s most important asset – their data.

Both small business and enterprise solutions Sterling IT offer both allow unlimited clients. That is you can run the backup client on 1 computer/server or 100’s of computers/servers (including laptops that are in the field all the time). That’s right, NO CLIENT FEE. You can start with 1 or 2 systems and just keep installing onto more computers or servers as required. All that is required is an internet connection.

In today’s information-driven organisations, the cost of managing, keeping available and recovering data can be overwhelming.

The ever-increasing role digital information plays in our lives has increased scrutiny over how it is stored and protected.

In order to ensure company’s good name, integrity and longevity, data must be stored securely and in multiple locations; this is no more just “nice to have”, it is a necessity.

Enterprises are seeking new ways to tackle their data protection challenges. While data growth is not new, the pace of growth has become more rapid, the location of data more dispersed and the value much higher.

Sterling IT offer plans starting from $9 per month based on storage requirements. Unlimited computers! All backed up to AUSTRALIAN DATA CENTRES.

SITBACK is the easy to use, automated and affordable way to backup your irreplaceable data. At your predetermined time, your data is encrypted, compressed and sent to our secure, offsite servers.

For a limited time, Sterling IT is offering our clients a free trial and installation.
Contact us now to organise protecting your data.

sitback

Further information and terminology can be found at https://en.wikipedia.org/wiki/Remote_backup_service

Is your website infected with Malware or on a blacklist?

Posted on by Mark Pace

People trust many websites today including ticketing sites, real estate sites etc. The issue is most malware and trojans are being injected into sites we actually trust. This can include YOUR website.
If you want to be as sure as you can if your website is clean, go to Securi Sitecheck, type your URL and check for any malicious code or blacklists you may be on.

You will see results like below (Sterling IT is safe!). if you find your domain has any issues or is on a blacklist, contact Sterling IT as soon as possible. The longer you leave it, the longer it will take to reverse.

Comparitech have published a list of the best web application firewalls (WAFs) that can help protect a website from hacks and external attacks. Here’s the link – https://comparite.ch/best-waf

Sterling IT Offering Free Technology Training for you and your company.

Posted on by Mark Pace

It is important to ensure that you, your staff and company, are aware of increasing technology threats, best practice and usage of systems. This also includes working closely with Sterling IT and understanding new and upcoming technologies. Some items we can include are new and ongoing threats, especially in Australia.

Please see this link from the Aust Govt (Aust Institute of Criminology) which outlines a lot of definition on just some threats in Australia and around the world.

If you and your staff are aware of the threats to your business, hopefully the damage will be little or none.

How can Sterling IT Help YOU ?
We are offering FREE training to all our Managed Service Clients (SITMS). All you need to do is click here and provide a couple of dates and times, and we will do our best to accommodate these.

Not a Managed Customer, no worries. Contact our office, ask for Mark and we will be happy to arrange a quotation for you.