Summary
This article focuses on security threats on the internet. It reveals how a browser is an important part of security in any computerized device. The ‘same-origin’ principle in the security of browsers is the point of focus. The authors state that it prevents malicious websites from accessing personal machines (Jackson et al., 2009, p.2). The main type of threat that is focused on in the article is the DNS rebinding attack, which is said to confuse the browser into allowing the malicious websites (Jackson et al., 2009, p. 2). An attacker is able to compromise the security system using the DNS attack. The article also states some examples of DNS attacks that have existed over the years.
Some of the defence mechanisms that are used against DNS attacks are also highlighted in the paper, with the main one being DNS Pinning (Jackson et al., 2009, p. 2). Browser plug-in has made pinning a less effective measure in controlling DNS attacks (Jackson et al., 2009, p. 2). The authors propose some defence mechanisms that may be used to prevent attacks from the DNS attacker, including modifications to some of the most widely used plug-ins in terms of their socket access policies (Jackson et al., 2009, p. 3). The DNS attacker is stated to circumvent firewalls using a DNS attack. The use of DNS resolvers is viewed as a way of preventing the attacker from resolving the IP addresses from internal to external ones (Jackson et al., 2009, p. 4). Jackson et al. (2009, p. 4) claim, “Without the ability to resolve attacker.com to an internal IP address, the attacker cannot use DNS rebinding to circumvent firewalls.” They also propose the use of DNS wall, which is an open-source method of implementing the proposed resolver.
Another method that the article focuses on the prevention of DNS attacks is the protection of individual servers. The authors state that the attack may be defended through the validation of HTTP host header (Jackson et al., 2009, p. 4). When requests are found to contain an unexpected host header, these individual servers reject them (Jackson et al., 2009, p. 4). The authors proceed to discuss some of the existing policies to provide security for network access, as well as the DNS rebinding vulnerabilities that are present for each of the security measures (Jackson et al., 2009, p. 4). Jackson et al. (2009) conducted experiments whose results are listed in the article. The defences that are potentially applicable for the various vulnerabilities are investigated, with several defences against these attacks being highlighted. The article also describes some of the works that have been done in relation to the DNS attacks together with their prevention.
Analysis
The article contributes to the subject of internet security. One of the major contributions involves highlighting the importance of internet security with the advanced use of this tool in our daily lives. The DNS rebinding attack is one of the attacks that affect many vulnerable internet users. Most of the users lose their vital information and documents because of a single attack. The authors state some of the ways that can be used in the prevention of DNS rebinding attacks together with those that have been used in the past (Jackson et al., 2009, p. 4).
The authors propose some of the simple futuristic methods of preventing the attacks and/or eliminating vulnerabilities in the networks. These contributions are important in the prevention of the attacks that pose a threat to internet users. The article has a number of strengths with reference to the way it addresses the problem of internet security. It is straightforward in terms of focusing on the main problem. The authors provide results based on the experiments done to establish the usefulness of the proposed defence mechanisms against the DNS rebuild attacks.
Just like some of the literary articles that exist in this field, several weaknesses are evident in the article. One of the major weaknesses of this article is the use of professional language that may prove complex for the average reader. Although the authors are accurate and specific, they indulge in internet security jargon without focusing on the explanation of some of the terms used in the article. However, these terms are not difficult for the individuals that have had training and skills or added knowledge in this field.
The limitation in this article and the work that Jackson et al. (2009) performed are listed at the end of the article. The authors state some of the limitations to the use of the proposed methods in the prevention of DNS rebinding attacks (Jackson et al., 2009, p. 22). For example, they state that some servers are unaware of their own hostname. This means that the use of host header checking may not be an appropriate method of preventing the attacks (Jackson et al., 2009, p. 22). The authors also state that some of the older versions of the plug-ins may have vulnerabilities that make it hard to protect the systems in place. The plug-ins can enable the bypass of firewalls that are supposed to protect against the DNS attacks (Jackson et al., 2009, p. 22). The update of the plug-ins, such as Flash Player, is said to be one way of overcoming the problems that are posed by the outdated programs (Jackson et al., 2009, p. 22).
The article is an example of an accurate piece of work. However, some improvements can be made to ensure that it makes a better contribution to the intended field. One of the necessary improvements is the simplification of the language used in the article. The authors need to ensure that the average reader can decipher the content to his or her advantage. They also need to eliminate the limitations to the study that they conducted and/or propose ways of overcoming these limitations in future studies.
Comparison with Previous Articles
The article is similar to most of the articles discussed in class. The article is generally organized, just like most of the discussed articles. It adds to the methods of preventing internet threats that have been discussed in class. However, the ideas are different from those discussed in other articles. The techniques are an improvement to previous articles. The authors provide a bibliography with a variety of articles that add to the concepts discussed in the paper. One of the papers that may be useful to classmates is Attacks against the Netscape Browser by Roskind (Jackson et al., 2009, p. 26).
Discussion and Conclusion
The internet is a vital source of information in the present information age. It has transformed every part of our lives. A major concern is the security threat posed by individuals with malicious intents on the internet. The article focuses on the DNS rebinding attack as one of the major forms of attacks against internet users. Does the DNS attack pose a problem for internet users? What are the consequences that are likely to follow any attack? Is it possible to trace the perpetrators of the attacks? These issues constitute some of the questions that should be answered by the authors. They also need to establish why the attackers are always ahead of the security developers.
Reference List
Jackson, C., Barth, A., Bortz, A., Shao, W., & Boneh, D. (2009). Protecting browsers from DNS rebinding attacks. ACM Transactions on the Web, 3(1), 1-26.