Protect your network, your data, and your business.
Cyber criminals target software vulnerabilities. Many of these vulnerabilities are well-known, with published announcements and patches. System administrators who do not promptly patch leave their systems wide open to abuse, DDoS, data loss, and other compromises.
Patching your system and application software is one of the easiest things you can do to protect your network, your data, and your business.
TIMELY patching is essential for security. Time is so essential that the US Department of Homeland Security issued a directive in April 2019 requiring mandatory patching within 15 days for critical vulnerabilities. Often, hackers need much less time than that.
Keeping your DNS up-to-date is critical.
According to Amin Vahdat, Engineering Fellow and Vice President, Systems Infrastructure at Google, in a keynote presentation at NANOG 78:
Network failures are most likely to cascade, to spread, and to have widespread impact. … Internet increasingly hosts services critical to our day to day lives.
Although power or compute failures can be bad, it’s unlikely that one of those will take out your entire company. The same can’t be said of your network infrastructure.
Your core network assets are the foundation on which everything else rests.
So why are so many organizations running unpatched DNS software in their critical infrastructure?
It is tedious and repetitive work to constantly update systems. There are over 6,000 vulnerabilities announced every year. Patching everything is a constant, unending task.
Updating from ISC’s restricted-access repository takes less than a minute, after a one-time set-up process that takes less than 3 minutes. (See a video of the process)
Problem easily solved.
Patching your BIND DNS systems promptly when there is a vulnerability is actually not hard - and ISC can help.
- Subscribe to ISC’s reasonably-priced Advance Security Notification service.
- You will receive a notification from ISC anytime there is a reported vulnerability that is about to be announced.
- You will have 3-5 business days of advance notice in which to update your systems, before the vulnerability is revealed to the public.
- You can configure your RHEL or CentOS systems to update from ISC’s private package repository of BIND 9 packages, which is always up-to-date, so updating is simply a one-line command.
You can’t do everything at once, so how should a system administrator prioritize?
How do you know which of your systems are really CRITICAL?
When your DNS is compromised or unavailable, many other essential systems break. It can become impossible to find your organization’s website on the Internet, costing you customers and money. You can lose email and phone service, crippling your organization. Your employees can’t find or connect with sites or applications outside your network, and you may even lose access to your internal user authentication systems.
You MUST make it a priority to keep your DNS available and secure.