Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Networking

    DNSSEC Adoption Needs to Grow to Secure Core Internet, Protocols

    Written by

    Fahmida Y. Rashid
    Published January 12, 2012
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      NEW YORK – Internet stakeholders need to move forward with securing the core infrastructure by adopting DNSSEC, a security expert said at the International Conference for Cyber-Security.

      DNSSEC, or Domain Name System Security Extension, does not solve “all the ills” of the Internet, but it is a powerful tool that would improve the security of the Internet, Richard Lamb, a DNS security program manager at the Internet Corporation of Assigned Names and Numbers (ICANN), told attendees at the International Conference for Cyber-Security in New York Jan. 11. DNSSEC also adds a layer of security to the underlying infrastructure that can be extended to other applications, Lamb said.

      DNSSEC is security protocol designed to add keys to the domain name hierarchy that defines the Internet and digital signatures to secure the transmission of data between Internet service providers and Domain Name System servers. Governments, major Internet organizations such as the regional Internet registries and ICANN, along with the security community have been supportive of deploying DNSSEC, according to Lamb.

      Once it is widely deployed, DNSSEC can be “repurposed” to secure other protocols, such as voice-over IP and Secure Sockets Layer, Lamb told attendees.

      To understand DNSSEC, Lamb walked attendees through DNS, the Internet’s phonebook. A user wants to go to the majorbank.com Website, but the user’s computer doesn’t know which machine that is, because it’s not a system on the local network. The request is passed on to the ISP, which communicates with a DNS server to find the IP address of majorbank.com. The DNS server sends the IP address back to the ISP and the ISP can now direct all user requests to that server. Since the ISP caches the data, it can route all requests to the correct machine without having to talk to the DNS server again, Lamb noted.

      The “Internet did not originally have security designed into it,” Lamb said, noting there was a serious flaw in how the system worked.

      If a malicious DNS server sent the ISP a different IP address for majorbank.com before the real DNS server, the ISP cached the malicious address and directed all requests to the wrong machine. As a result, the DNS cache has been poisoned and users are vulnerable to a wide range of attacks.

      DNSSEC uses cryptographic signatures to secure communications with the DNS server. Since the address sent back from the malicious DNS server wouldn’t have the correct digital signature, the ISP would know it had been tampered with and drop the response and wait for the correct one.

      Once deployed, the globally trusted key infrastructure could be used as an authentication platform to secure other Internet protocols, such as the network, email, SSL, VOIP, WiFi, and Web content, Lamb said. Certificate Authorities can use DNSSEC to secure their certificates, Lamb suggested.

      There are “yet-to-be-discovered security innovations, enhancements and synergies,” Lamb said.

      “The technology is fine, but there have been some problems in deploying it,” Lamb said, noting that DNSSEC has been deployed on less than 1 percent of the Internet and on only 82 out of 312 top-level-domains. TLDs with DNSSEC include .com, .net, .org and .gov.

      ICANN deployed DNSSEC on the root in July 2010. It was the “biggest upgrade to the Internet’s core infrastructure in 20 years,” Lamb said. ICANN manages the root key, which is stored in secure key management facilities in Virginia and California with several layers of security, strong cryptographic protection and physical measures such as biometrics, according to Lamb.

      DNSSEC needs to be “widely deployed across domains,” and that will happen once registrars and ISPs get involved.

      There are a lot of bureaucracy, fear and trust issues about changing the guts of the Internet and many excuses not to begin, according to Lamb. It is “hard to change anything that hasn’t had to change since 1983,” Lamb said, especially when it seems like the system is working fine.

      Comcast just finished rolling out DNSSEC on its network, automatically offering DNSSEC-validating DNS servers to more than 17.8 million residential customers who use Comcast Constant Guard from Xfinity, Jason Livingood, vice president of Internet systems at Comcast, wrote on the ComcastVoices blog Jan. 10. The Internet service provider has also cryptographically signed all of the domains owned by the company, which number more than 5,000 domains, said Livingood.

      This announcement makes Comcast the first large ISP in North America to have fully implemented DNSSEC, according to Livingood.

      Lamb praised the recent Comcast news and noted that a “perfect storm” of recent events has increased interest in DNSSEC and driven adoption. Government plans, such as the National Strategy for Trusted Identities in Cyber-Space from the White House and Sweden’s e-ID program, have spotlighted the need for protecting online identities. The recent breaches with various certificate authorities highlighted the weaknesses in the Secure Sockets Layer protocol, and as networks “become smarter,” through the use of sensors for smart grids and through ready access to online data, there has been an “impetus” to improve DNS, Lamb said.

      “DNS and DNSSEC are part of all these ecosystems,” said Lamb.

      The third annual International Conference on Cyber Security: A White Hat Summit is a joint effort between the Federal Bureau of Investigation and Fordham University. Leaders from law enforcement, industry and academia discuss cyber-crime and real-life operations during the conference, which runs from Jan. 9 to Jan. 12 on the Fordham University campus in New York.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×