IT Security & Network Security News & Reviews - eWeek



IT Security & Network Security News

DNS Security Makes Strides, but Challenges Remain


By: Brian Prince
2009-11-16
Article Rating:starstarstarstarstar / 2


There are  user comments on this IT Security & Network Security News & Reviews story.


An annual survey from Infoblox and The Measurement Factory found that many external name servers are still open to recursion, a fact that leaves them vulnerable to being used to launch DDoS attacks. However, the survey also shows a growing interest in DNSSEC.

A new survey painted a picture of domain name server security that was both troubling and hopeful.

According to research released by Infoblox and The Measurement Factory, there has been a dramatic increase in the percentage of external name servers that are open to recursion. The study put the latest figure at 79.6 percent, a 27 percent increase from 2007.

“This year’s survey is a Pandora’s box of both frightening and hopeful results,” commented Cricket Liu, vice president of architecture at Infoblox, in a statement. “Of particular interest is the enormous growth in the number of Internet-connected name servers, largely attributable to the introduction by carriers of customer premises equipment (CPE) with embedded DNS functionality. This equipment represents a significant risk to the rest of the Internet, as without proper access controls, it facilitates enormous DDoS attacks.”

The survey was based on a sample that included 5 percent of the IPv4 address space. All totaled, Infoblox estimates there are 16.3 million name servers on the Internet—a 40 percent increase compared with 2007.

Despite the figures regarding recursion, the news from the survey was not all bad. The percentage of zones with one or more name servers open to zone transfers decreased to 16 percent from 31 percent in 2008. In an interview with eWEEK, Liu said the improvement indicated administrators are paying closer attention to security risks and the configuration of their name servers.

The number of DNSSEC signed zones increased by roughly 300 percent—indicating that DNSSEC is gaining momentum.

However, Liu told eWEEK that in raw numbers the amount of DNSSEC signed zones is miniscule next to the total number of zones out there. In 2008, researchers found that 45 subzones out of a roughly million-zone sample were signed. The recent survey put the number at 167. Still, it showed there is an interest in deploying DNSSEC, he contended.

“I am pleased to see the adoption of DNSSEC accelerating, and I hope to see this number increase substantially in the next year as more top-level zones are signed and as simplified … help automate management of signed zones,” Liu said in the statement.








 
 
>>> More IT Security & Network Security News & Reviews Articles          >>> More By Brian Prince
 


FEATURED SPONSOR VIDEOS

Benefits of Workload Optimization

What Smart Companies MUST Learn from Gaming

Advances in Authentication

Vertical Markets Benefit from Workload Optimization

View More Videos

Brought to you by
Advertisement

FEATURED SPONSOR MESSAGE

Microsoft Sponsored Resource Center

Increase Your Microsoft Office 365 Knowledge! Dig inside this suite of cloud-based collaboration tools.

Watch the video >>

Brought to you by

Suggested Related Content:

Articles Labs/How-To Multimedia


Advertisement
Contact Us | About | Advertise | Site Map
eWEEK Quick LInks

Security:
Enterprise Networking
Network Security
Infrastructure Security
How To: Data
Security Watch Blog
Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
How To: Storage
Storage Station Blog
Computing:
Apple OSX
Linux Systems
Windows 7
Managed Print Services
Computer Reviews
Microsoft Watch Blog
Google Watch Blog
Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Apps & Development:
Application Development
Enterprise Apps
Search Engines
Database Software
Web 2.0
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Videos
Magazine Subscriptions
Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Web Buyers Guide
Developer Websites:
DevSource C# and .Net
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware
Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Windows Migration
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
ZDE Cluster 5
 
Close this advertisement