Eight months after a faulty router configuration led to a day-long blackout of many Microsoft Web sites, 25 per cent of Fortune 1000 company Web sites still have the same vulnerable DNS (Domain Name System) network setup that led to the Microsoft outage, according to a survey conducted by Icelandic DNS software maker Men & Mice.
DNS servers translate domain names into numeric IP (Internet protocol) addresses. When those servers go down, users who type Web addresses -- such as Microsoft.com and Hotmail.com -- can't connect to the intended servers. Redundancy is key to protecting against outages: if a company spreads its DNS servers out across several network segments, it is better protected against failures like the one that struck Microsoft in January.
That much-publicised attack helped increase network administrators' awareness of DNS vulnerabilities, but too many large enterprises are still susceptible, said Men & Mice chairman Jon Adalsteinsson.
Shortly after the Microsoft breakdown, Men & Mice surveyed the Web site networks of Fortune 1000 companies and found that 38 per cent of the companies had all their DNS servers on the same network. That number fell to 25 per cent when the company conducted another survey in May, Adalsteinsson said.
Last month's terrorist attacks prompted Men & Mice to conduct another examination. "We knew that there was a heavy dependence on the IT infrastructure in the aftermath of the terrorist attacks. We thought it would be good to check and see how this situation had improved," Adalsteinsson said.
He was alarmed to find that it hadn't improved at all: 250 multinational companies' Web sites are still at risk of virtually shutting down if the single network segment housing their DNS servers fails. Adalsteinsson declined to name which companies have vulnerable configurations, but said the group includes "some household names".
"I guess the message is that the IT world has not learned from the Microsoft disaster," Adalsteinsson said. "We have corporations spending lots of money on putting redundancy and disaster-recovery tools in place for their Web severs, but they don't seem to realise that without a properly redundant DNS setup, all that doesn't come into play."
Fixing the problem isn't expensive, according to Adalsteinsson. "It has nothing to do with cost. The problem is simply lack of awareness," he said. "The second problem is lack of know-how. Employees are not trained well enough on DNS issues. It's not a sexy technology."
Men & Mice, located in Reykjavik, Iceland, can be reached at http://www.menandmice.com/.