Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » U.S. to deploy DNS Security in two years
Search Topic:
Uniqs:
243		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Researchers offer new way to avoid bogus Web sites »
« IE 7 and Google Search  
AuthorAll Replies

SUMware
Premium
join:2002-05-21

U.S. to deploy DNS Security in two years

From SecurityFocus
2008-08-28 -
quote:
The U.S. government issued a memo last week mandating that all major agencies adopt a proposed technology to enable trusted lookups of domain information by December 2009.

The technology, known as DNSSEC, promises to secure the domain name system (DNS) against attempts to subvert the infrastructure, such as the cache poisoning attack found by researcher Dan Kaminsky earlier this year. However, the system requires public-key cryptography to secure communications with names servers as well as validate the identity of authoritative servers. Because of the technical hurdles -- and the political problems in designating companies or governments to hold the keys to the domain-name system -- both governments and private sector companies have held off deploying DNSSEC for more than a decade.

In a memo (pdf) to agency chief information officers, Karen Evans, Adminstrator for the Office of E-Government and Information Technology at the White House's Office of Management and Budget, said its time to lock down the infrastructure.

"The Government's reliance on the Internet to disseminate and provide access to information has increased significantly over the years, as have the risks associated with potential unauthorized use, compromise, and loss of the .gov domain space," Evans wrote.

While many security professionals see DNSSEC as a possible solution to the problems posed by the trust issues inherent in the domain name system, it is a controversial one. Rather than attempt to adopt the technology as a solution to the attack described by Kaminsky, DNS infrastructure experts recommended implementing source-port randomization as a workaround and as a solution far more likely to be deployed quickly. Because so much of the Internet relies on the domain-name system, co-opting the infrastructure can allow attackers significant control over a victim's networks, including intercepting e-mail messages and providing malicious update services.

The OMB has set a deadline for initial implementation plans of September 5, with mutually agreed on final plans completed by October 24, 2008.
to forum · permalink · · 2008-08-28 10:56:18 · Reply to this
-
Forums » Up and Running » Security » Security Researchers offer new way to avoid bogus Web sites »
« IE 7 and Google Search  

Monday, 09-Nov 03:42:22 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [156] Cable Uncapper Faces Criminal Charges
· [140] AT&T Sues Verizon Over 3G Ads
· [112] Why Run Fiber When You Can Run Ads That Pretend You Do?
· [109] Comcast Is Simply Getting Huge
· [93] Apple Cooking Up New $30 A Month TV Service?
· [83] Bits Of ACTA Agreement Leaking Out
· [80] Will 'Three Strikes' Come To The United States?
· [78] Verizon To Double Smartphone ETFs?
· [77] Verizon: Droid Tethering Will Cost $30 Extra
· [73] Comcast, NBC Deal Almost Complete
Most people now reading
· Lots of problems lately? [Rogers]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· [Rant] Brand New 'Jasper' Xbox360 - RRoD Hardware Failure [Rants, Raves, and Praise]
· [WIN7] Which Services in Win 7 Have You Turned Off? [Microsoft Help]
· Divorce advice... [General Questions]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· Is Gear Score now the new requirement to get pug invite? [World of Warcraft]
· Security Software Updates - 09 Nov 2009 [Security]
· Windows 7 boot manager editing questions [Microsoft Help]
· [ Classes] ATTN Death Knights - Post your spec for critique! [World of Warcraft]