Share

Related Links

  • Secure64
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • Google launches DNS service
    Google is hoping to beef up the web's security by providing its own domain name service (DNS). The search engine giant is asking companies to point their computers at its own DNS servers to get extra protection from DNS attacks, and to speed up their browsing.
  • DNSSEC encrypted domain technology gets welcome boost
    Things appear to be moving ahead for DNSSEC, the encrypted domain technology designed to protect the domain name system from spoofing and other hacks. Nominum, which supplies DNS systems, announced new capabilities in its products designed to eliminate barriers to DNSSEC deployment.
  • Infosecurity - the week in brief
    Black Hat DC This week, Black Hat DC was on in Arlington, VA. Moxie Marlinspike announced a new attack against SSL that forces HTTPS traffic into HTTP to allow a man in the middle attack. Dan Kaminsky, who discovered the infamous DNS flaw last year and criticized SSL at the the time, reacts here. He also resolved at the conference to take two months off work to promote the adoption of DNSSEC - a more secure DNS standard that has not been widely implemented.

Top 5 Stories

News

Secure DNS server launched

17 December 2009

Secure64 Software has released a DNS cache server that is designed to protect against cache poisoning attacks.

Secure64, which specializes in products designed to support the domain name system (DNS), has released the product to help prevent a condition in which the server's local list of domain name mappings is corrupted. Attackers create this condition by pretending to be another DNS server responding to a DNS query.

One of the best defenses against DNS cache poisoning is speed. The more queries that a DNS server can process, the less chance there is of an attacker swamping the system with spoofed queries and having a strained DNS server accept one of them. Secure64 DNS Cache can cope with 125 000 queries per second, the company said.

The product also sports other cache poisoning countermeasures, including an operating system called SourceT running on HP Integrity servers. The DNS server uses a completely different implementation to the standard BIND mechanism. It features SNMP traps, and logs abnormal conditions. It also includes a moving statistics feature to provide rolling updates of attack conditions.

"Under attack, the system can provide details to help administrators set upstream router filters to protect bandwidth," Secure64 said.

Other products from Secure64 include a DNS signer for DNSSEC implementation, and an authoritative server called DNS Authority. The company advised customers not to use Secure64 DNS Cache as an authoritative server. Instead, it can be set to forward queries to an RFC-compliant authoritiative server. 

The Smart64 DNS Cache product is aimed at large volume DNS service providers. However, other companies have also been working to thwart DNS cache poisoning attacks. Google recently launched its own free DNS service for online lookups designed to prevent DNS-based attacks.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×