CyberSecurity: Security Importance of etc host file

You might be surprised to know how critical etc host file could be. I learned the importance of it and thought about sharing some of the details. 

Use of etc Host File

We all are familiar with host file & information in it. Most basic use of the etc host is to map to a hostname to IP (i.e 127.0.0.1 ) like localhost. There are other uses as well, let’s understand by an example.

Let’s see how things work when you type google.com in any web browser. 

Browser as a client would make a DNS request that is what we know. But, In reality, Operating System (OS) checks host file entry first before making a DNS request to resolve IP of the domain. If local DNS found in the local host file then OS picks the local DNS. Then OS uses ARP (Address Resolution Protocol ) to find out destination MAC (media access control) or Physical address.

Then OS handshake begins with destination host through TCP/IP Protocol & start sending the data. Will explain working knowledge of data packets & OSI model in some other posts. For now, just for host file.

Security Aspect of etc Host File

Used by Hackers: Hackers use this file when they wish to redirect traffic of the application to the proxy server. Hackers set up the proxy server before they modify host file. This technique called active network traffic capturing. Basically, Hackers get all the network traffic from your server or machine. It helps hackers to run an analysis & understand insights of application. Even they can decode the actual application logs. And, server network traffic helps hackers a lot in breaking the application further.

Used by Anti-virus & Security Products: Some antivirus & security products track changes to the system’s hosts because changes are a sign of malware. You might need to disable the product’s protection if you want to change the host file.

Note: A suggestion would be have proper privilege on host file.



Categories: cyber attack, Cyber Security, Cyber security posts, domain privacy, hacking, hacking etc host file, security policy

Tags: , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.