A comparison between BYOS and other solutions when faced with DNS Poisoning
Attack Description:
Corrupt DNS data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record and redirect traffic to a fraudulent site.
Expected Result:
The computer with BYOS Software cannot be scanned or discovered by an attacker on the same network, whereas the control computers can.
How will BYOS help you?
- BYOS will not be fooled by this attack, and continue to send information to the intended entity.
How will a VPN help you?
-
In some scenarios, VPNs will also route and handle DNS traffic, effectively preventing this attack. However, the endpoint and the DNS traffic will be exposed until the VPN is established. In addition, the end-user's OS will likely not route its traffic through the VPN, so its DNS traffic will be exposed. Also, an attacker controlling the network can drop the VPN traffic altogether, leaving the end-user with no protection.
How will an EDR help you?
- EDRs do not have the capability to prevent/detect/mitigate this attack.
How will SASE help you?
- In some scenarios, SASE will also route and handle DNS traffic, effectively preventing this attack, However, the end-user's OS will likely not route through the VPN, therefore the OS' DNS traffic will be exposed.