Process of securing Domain Name System builds on effort to protect DNS data from cache poisoning and man-in-the-middle attacks.
VeriSign, Inc., a provider of internet infrastructure services, today announced that it has deployed DNS Security Extensions (DNSSEC) in the .NET zone. The company mentions that the .NET zone is the largest yet to be DNSSEC enabled, with more than 13 million domain name registrations worldwide. The .NET signing also represents one of the most critical implementations of DNSSEC technology, since .NET serves as the underpinning for many critical internet functions.
It explains that DNSSEC applies digital signatures to DNS data to authenticate the data's origin and verify its integrity as it moves throughout the Internet. The security extensions are designed to protect the DNS from attacks intended to redirect queries to malicious sites by corrupting DNS data stored on recursive servers. The successful implementation of DNSSEC will greatly reduce a hacker's ability to manipulate DNS data. The resulting digital signatures on that DNS data are validated through a 'chain of trust'.
The company states that the .NET milestone is the latest achievement in its efforts to improve the integrity of internet communications and transactions by implementing DNSSEC throughout the DNS. By protecting the .NET zone with DNSSEC, it can now include DNSSEC-enabled records from domain name Registrars in its authoritative .NET Registry. Today's milestone follows months of deliberate and rigorous testing of DNSSEC, and builds on the company's collaboration with EDUCAUSE and the U.S. Department of Commerce to deploy DNSSEC in the .EDU zone earlier this year. It adds that the company expects to sign .COM by first quarter 2011.
The company further explains that a key part of its DNSSEC collaboration with the Internet community is its operation of the DNSSEC Interoperability Lab. Staffed by the company personnel, the lab helps solution and service providers determine if DNS packets containing DNSSEC information, which are typically larger than standard DNS packets, will cause problems for their internet and enterprise infrastructure components. The lab is helping to ensure that the entire internet communications ecosystem is ready for DNSSEC.
It further states that its DNSSEC initiatives also dovetail with Project Apollo, the company's effort to dramatically scale up the Internet infrastructure that delivers DNS from its current levels by a factor of a thousand. Doing so will help to manage an estimated 4 quadrillion queries per day in 2020. The Apollo effort follows on the heels of the successful completion of the company' Project Titan that aimed to improve DNS infrastructure tenfold over 2007 levels. Project Apollo is designed to move beyond Titan, to help the company meet the Internet infrastructure challenges of the next decade.
"VeriSign's roll-out of DNSSEC is on schedule with the signing of .NET in 2010. The DNS data associated with .NET registrations will be protected from many hackers and identity thieves trying to redirect users' queries to malicious sites through cache poisoning," said Raynor Dahlquist, Senior Vice President and General Manager of Naming Services at VeriSign. "There is, however, more work to be done, as ISPs, browser vendors, Registrars and other members of the DNS ecosystem confirm that their solutions and services are ready for DNSSEC enablement. We'll continue to work with all of those parties to shepherd a stable deployment of DNSSEC, particularly as we prepare to sign the .COM zone in Q1 2011."
"Go Daddy works to keep the Internet safe for all users, and DNSSEC is an important additional step toward keeping the infrastructure more secure," said Warren Adelman, President and Chief Operating Officer of GoDaddy.com, a domain name Registrar. "That's why Go Daddy supports DNSSEC for .NET. We believe DNSSEC helps us continue providing our customers with what they want and need - security and reliability."
No comments:
Post a Comment