>> We're all used to using various Internet services or network services such as DHCP and

DNS. Those of us who know more about security and networking, of course, are familiar
with those acronyms. But what most people aren't familiar with is how people can mess
around with those protocols.

This is why various governments over the last couple of years keep issuing various notes
and various executive orders of whatever about securing fundamental network services
such as DHCP and DNS. For example, it is relatively easy, and I'm gonna show you here on
my Cali Linux system, to set up a particular system called DNS chef.

This makes it possible for me to cook up my own DNS server. This is where I've set up a fake
IP address. I've created my own fake government site here on an interface. And I can even
forward to a legitimate name server 8.8.8.8. Look up and see what that name server is.

Just giving you an example of how it is possible using pre-baked tools, now, I didn't have to
build this, I didn't have to create it, to start your own fake DNS service very quickly. That's
just one example. Another example of a service is using Metasploit, it is possible to setup my
own DHCP server.

So there's my rogue DHCP server. We've heard of that term before, the idea of the rogue
DHCP server. Well, here it is. And so, I can set my own IP address range, or what have you.
Even more so, what I can do is I can do some DHCP starvation using various tools such as
there's a script out there on the Internet, called pig dot PY.

It basically hogs up, as it were, all of the DHCP addresses on a particular subnet. The idea
being that you can do effectively a denial of service attack on those particular systems. And
so, as a result, legitimate users can't have access to the DHCP server. And you could even put
your own DHCP server in there that might help you to do various types of attacks and cause
confusion on the network.

So to secure these types of systems there are various things that we can do. First of all, we
can enable some form of authentication and encryption. With IPv6, you have authentication
headers and ESP and things like these that allow you to go about authenticating your
packets, authenticating your servers.
So that's much more difficult for spoofing to occur. Other things besides enhanced
authentication and enhanced encryption also includes the ability to monitor these servers
more carefully. And monitoring takes two forms, automatic monitoring, which you can do
via intrusion detection. But also actual auditing of these services to make sure that your
DNS servers don't have caching problems, that the DNS caching has not been poisoned, that
somebody hasn't gone in and created fake DNS entries on your DNS server.

I don't care if that's in the Cloud, that server, or if it's on an old installed server somewhere.
These things are happening more and more. And that's the nature behind a lot of the alerts
that you see issued, both in the public and the private sector, concerning fundamental
network services that need to be secured.