Archive for category DNSSEC

GCN: DNSSEC among top 10 technologies for 2010

Adding to our compilation of observers who’ve put DNSSEC on their lists of 2010 trends to watch, Government Computer News has put DNSSEC on its list of 10 Technologies to Watch in 2010. Noting that the DNS security extensions “add an important level of assurance,” the article noted:

Leading by example, the U.S. government has helped to spur adoption. Following disclosure last year of a serious vulnerability in the DNS protocols, the Office of Management and Budget mandated that the dot-gov top-level domain be signed in 2009 and that agencies sign their secondary domains by the end of that year.

No Comments

Schmidt: DNSSEC among “important steps forward”

Computer Weekly asked some cybersecurity leaders to comment on whether a single organization was needed to assure the security of the Internet.  Howard Schmidt, the  former president and CEO of the Information Security Forum who has been named cybersecurity coordinator by U.S. President Barack Obama, noted:

“…we are seeing some important steps forward. Technologies such as the DNS Security Extensions DNSSEC, SSL and PGP encryption along with standards such as PCI DSS are making it safer for us all to use the Internet.”

No Comments

Twitter attack prompts a DNSSEC reminder

eWeek Europe’s look at the December attack that took down Twitter suggests that businesses need a stronger focus on DNS security, and includes this reminder about DNSSEC from Rick Howard, director of security intelligence at VeriSign iDefense:

“Basic DNS monitoring is sorely lacking,” he continued. “While enterprises may monitor DNS availability, and are increasingly aware of DDoS [distributed denial of service] attacks targeting domain name servers, simple monitoring for DNS integrity is often overlooked. Enterprises should also pay attention to the rollout of DNSSEC, which mitigates some attacks, but is not yet widely available.”

The attack  used “legitimate credentials to log in and redirect Twitter.com to a site purporting to be under the control of the Iranian Cyber Army,” the article notes.

No Comments

New Year puts DNSSEC on resolution lists

Whether practical or predictive, several articles summing up 2009–or looking ahead to the new decade–put DNSSEC high on the list of cybersecurity solutions on their radar, including these articles:

  • PC World put DNS security among its “top 10 security nightmares of the decade,”   noting that DNS flaws uncovered in the past year “have hastened the move to newer standards, such as DNSSEC, which authenticates data in the DNS system, and a newer version of SSL/TLS. Look for the replacement of existing protocols to continue in the coming years.”
  • SearchSecurity.com focused on five security industry themes for 2010, with the stepped-up pace of DNSSEC deployment among the themes to watch. From the article: “Fortunately there has been a lot of work behind the scenes as top-level domains are deploying DNSSEC, the next generation of DNS that supports encryption. Implementation until now has been slow. Digital signing of DNS requests and responses is already being supported by .gov and .org and universities are also deploying support. The .us zone was signed in December. The largest zone, .com, is not expected to sign on until 2011, but one expert said the domain could move faster, giving even more clout to DNSSEC this year.”
  • V3.co.uk made 2010 predictions in security, calling 2010 “The Year of DNSSEC,” and quoting  Rodney Joffe, senior technologist at NeuStar and director of the Conficker Working Group that DNSSEC, “together with IPv6…will catapult the DNS to the front of everyone’s thoughts.” 

No Comments

Deployment watch: .pt, .es.net, berkeley.edu,.de

DNSSEC deployment got a running start in the new year, producing these updates on deployment progress around the world:

  • Portugal’s .pt has been signed and in production beginning January 4.
  • December saw deployment of DNSSEC in es.net, the Energy Sciences Network at the Lawrence Berkeley National Laboratory, which is a high-speed network serving thousands of U.S. Department of Energy scientists and collaborators worldwide.
  • January 1 brought DNSSEC deployment in the University of California Berkeley’s berkeley.edu.
  • DENIC has announced that Germany’s .de DNSSEC testbed is now running an NSEC3-enabled zone.

Help us stay up-to-date on your organization’s deployment news by submitting information about your DNSSEC deployment deadlines, test beds or other progress to info @ dnssec-deployment.org.

No Comments