RSS Alerts

Share

More services

Related Links

  • Computer Weekly
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Root zone switches to DNSSEC
    The last of the internet's 13 root servers has been switched to a secure version off the Domain Name System (DNS). This means that the entire root zone for the internet is now operating using DNSSEC.
  • Comcast will transition to DNSSEC
    Following an 18-month testing period, giant US ISP Comcast has announced plans to transition to the DNSSEC secure DNS standard by the end of next year.
  • Secure DNS server launched
    Secure64 Software has released a DNS cache server that is designed to protect against cache poisoning attacks.
  • DNSSEC encrypted domain technology gets welcome boost
    Things appear to be moving ahead for DNSSEC, the encrypted domain technology designed to protect the domain name system from spoofing and other hacks. Nominum, which supplies DNS systems, announced new capabilities in its products designed to eliminate barriers to DNSSEC deployment.
  • Business sees demand for confidentiality with DNSSEC, study finds
    Small and medium-sized businesses in the US, UK, Germany, Brazil, India and Japan saw substantial customer demand for Domain Name System security (DNSSEC) in the past 12 months, a study has revealed.

Top 5 Stories

News

Internet security takes a leap forward

15 July 2010

Internet security took a giant leap forward on Wednesday with the global roll-out of technology aimed at making the public network safer for all users without affecting performance.

The Domain Name System (DNS), which translates website names into IP addresses, does not have any inherent security features and is undergoing a security overhaul.

The world's 13 root-name servers have completed preparations for the introduction of the DNS security extensions (DNSSEC) designed to overcome the security weaknesses of DNS.

DNSSEC works by authenticating the origin of DNS data and verifying its integrity while moving across the internet.

The main benefit of DNSSEC is that it will prevent cybercriminals from redirecting users to the fake websites that are typically used to spread malware and carry out phishing attacks.

The DNSSEC public key can now be added to all root name servers, which is an important milestone, according to not-for-profit internet support organisation RIPE NCC.

RIPE NCC, the Regional Internet Registry (RIR) for Europe, the Middle East and parts of Central Asia, has promoted the development and deployment of DNSSEC.

The signing of the root zone marks the culmination of almost two decades of work by the global internet community and the RIPE NCC.

"Now both ISPs and the domain name industry can move on to full deployment of DNSSEC, taking another stop in our effort to make the internet a safer place for all," said Rob Blokzijl, chair of RIPE.

DNSSEC does not ensure confidentiality of data or protect against denial of service attacks, but has been widely seen as a potentially massive blow to cybercriminals.

However, some security experts have warned against exaggerating the effects of DNSSEC, saying that while the signing of responses from the 13 root zone server clusters is an important step forward, there is more work to be done.

"To be effective, DNSSEC needs to be implemented down the whole DNS chain, from the root down to your ISP or company," said Kevin Hogan, senior director at Symantec Security Response.

Many more milestones have still to be achieved before DNSSEC can fulfil its promise, he said.

Hogan said it also remained to be seen whether or not cyber criminals will find ways around the signed response safeguard introduced by DNSSEC.

Daniel Karrenberg, chief scientist of the RIPE NCC said it is crucial that internet community collaborate globally to protect the sustainable growth of the internet.

Some top level domains (TLDs) such as .org already use DNSSEC, while many more TLDs like .us and .biz are working on signing their zones.

"As more domains are secured the internet becomes more reliable and stable, benefitting end-users," said Karrenberg.

This article was first published by Computer Weekly

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012