Posts Tagged EDUCAUSE

DNSSEC in Higher Education — 1% isn’t enough

Institutions of higher education throughout the world have been key advocates of Internet technologies.  The .EDU gTLD is signed, however, a recent survey of .EDU  names shows that only about one percent are signed.  While this is a greater than the Internet as a whole, it is far less than TLDs that are requiring or otherwise strongly advocating DNSSEC.

On the pedestrian side, colleges and universities present a microcosm of the Internet as a whole, replete with cyber attacks, some of which could prevented by a combination of DNSSEC signing and validation.  On the academic side, DNSSEC adds to the authenticity of the academic work product.

If you teach at, work at, attend, or attended any of the following, congratulations — your school is signed:

acadiana.edu baker.edu berkeley.edu
bucknell.edu carnegiemellon.edu cltc.edu
cmu.edu coloradomesa.edu csupomona.edu
cuhk.edu desales.edu fhsu.edu
fhtc.edu gtc.edu hfg.edu
highlands.edu indiana.edu indianatech.edu
internet2.edu iu.edu iub.edu
iupui.edu jhuapl.edu kestrel.edu
lctcs.edu lsu.edu ltc.edu
ma.edu mesa.edu mesastate.edu
millikin.edu minnesota.edu monmouth.edu
mst.edu myneltc.edu nau.edu
northcentral.edu northshorecollege.edu nwltc.edu
oxford-university.edu pacificu.edu penn.edu
psc.edu richland.edu rockefeller.edu
scl.edu sdsmt.edu southern.edu
suu.edu tilburguniversity.edu tiss.edu
truman.edu ualr.edu ucaid.edu
ucb.edu ucberkeley.edu uccv.edu
ucr.edu uiowa.edu umbc.edu
uni-stuttgart.edu upenn.edu upf.edu
valencia.edu washjeff.edu weber.edu

We’re sorry if your school is signed and we missed it.  Our survey was limited to the .EDU gTLD.  We know that many schools outside of the US are under their countries’ academic second-level domains or directly under their countries’ ccTLDs.  If your school isn’t signed,  DNSSEC resources tailored to Higher Education are published by:

  • EDUCAUSE, the nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology, manages the .EDU TLD and worked to get it signed.   They have a collection of resources for their members and others throughout the Internet.
  • Internet2, the advanced networking consortium led by the U.S. research and education community, is also supporting DNSSEC within its membership.  They have a DNS SIG.

The DNSSEC Deployment Initiative is ready to help.  Contact us at info @ dnssec-deployment.org to discuss DNSSEC presentations for conferences and meetings.

 

 

, , ,

1 Comment

Educause factsheet highlights DNSSEC

educauseEducause has just published a two-page factsheet on 7 things you should know about DNSSEC, aimed at college and university information technology officials. Noting that “DNSSEC can be an important part of a broad-based cybersecurity strategy,” the fact sheet explains that security has special implications for institutions of higher education:

Colleges and universities are expected to be “good Internet citizens” and to lead by example in efforts to improve the public good. Because users tend to trust certain domains, including the .edu domain, more than others, expectations for the reliability of college and university websites are high. To the extent that institutions of higher education depend on their reputations, DNSSEC is an avenue to avoid some of the kinds of incidents that can damage a university’s stature.

No Comments

Deployment watch: Penn, dot-TM, VeriSign, Dyn and NamesBeyond

Help this newsletter stay up-to-date on your organization’s deployment news by submitting information about your DNSSEC deployment deadlines, test beds or other progress to <[email protected]>. This month’s updates include:

* University of Pennsylvania first U.S. university to deploy:  The University of Pennsylvania announced it is the first U.S. university to implement DNSSEC across the entire institution. Shumon Huque, a Penn IT technical director, also is working with EDUCAUSE to secure the dot-EDU top-level domain “Higher education can take a leadership role in securing the DNS,” Huque said.  “If a few universities in advanced networking adopt DNSSEC and share experiences, we can make broad deployment more straightforward for the larger community.”

* Turkmenistan announces DNSSEC deployment:  Turkmenistan’s dot-TM domain registry has launched DNSSEC. While not a trademark registry, it encourages trademark owners to register dot-TM names.

* VeriSign launches boot camp, tools and training to aid DNSSEC deployment:  VeriSign has created a technical “boot camp” program to train registrars, ISPs and larger registrants in DNSSEC assessment and implementation.  The effort also includes an interoperability lab that will allow vendors to evaluate how their equipment works with DNSSEC.  Network and computing equipment manufacturers also are being invited to VeriSign to review how DNSSEC will work with their equipment when DNSSEC is implemented in the .com and .net TLDs. VeriSign has announced it will deploy DNSSEC in the dot-COM and dot-NET domains by early 2011 and is working with EDUCAUSE on DNSSEC deployment in the dot-EDU domain.

* Dyn, Inc. reports on testing with dot-ORG:  Dyn, Inc. published resources and updates about its testbed and other preparations for deploying DNSSEC for  dot-ORG zones registered with the company.

* NamesBeyond has embedded support for DNSSEC. They offer DNSSEC management and configuration, allowing customers to configure DNSSEC parameters such as key type, size, validity period, supporting both NSEC and NSEC3 parameters.

, , , , , , ,

No Comments