republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » U.S. to deploy DNS Security in two years
Uniqs:
245		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Researchers offer new way to avoid bogus Web sites »
« IE 7 and Google Search  
SUMware
Premium
join:2002-05-21

U.S. to deploy DNS Security in two years

From SecurityFocus
2008-08-28 -
quote:
The U.S. government issued a memo last week mandating that all major agencies adopt a proposed technology to enable trusted lookups of domain information by December 2009.

The technology, known as DNSSEC, promises to secure the domain name system (DNS) against attempts to subvert the infrastructure, such as the cache poisoning attack found by researcher Dan Kaminsky earlier this year. However, the system requires public-key cryptography to secure communications with names servers as well as validate the identity of authoritative servers. Because of the technical hurdles -- and the political problems in designating companies or governments to hold the keys to the domain-name system -- both governments and private sector companies have held off deploying DNSSEC for more than a decade.

In a memo (pdf) to agency chief information officers, Karen Evans, Adminstrator for the Office of E-Government and Information Technology at the White House's Office of Management and Budget, said its time to lock down the infrastructure.

"The Government's reliance on the Internet to disseminate and provide access to information has increased significantly over the years, as have the risks associated with potential unauthorized use, compromise, and loss of the .gov domain space," Evans wrote.

While many security professionals see DNSSEC as a possible solution to the problems posed by the trust issues inherent in the domain name system, it is a controversial one. Rather than attempt to adopt the technology as a solution to the attack described by Kaminsky, DNS infrastructure experts recommended implementing source-port randomization as a workaround and as a solution far more likely to be deployed quickly. Because so much of the Internet relies on the domain-name system, co-opting the infrastructure can allow attackers significant control over a victim's networks, including intercepting e-mail messages and providing malicious update services.

The OMB has set a deadline for initial implementation plans of September 5, with mutually agreed on final plans completed by October 24, 2008.
permalink · 2008-08-28 10:56:18 · Print · Reply to this
Forums » Up and Running » Security » Security Researchers offer new way to avoid bogus Web sites »
« IE 7 and Google Search  

Tuesday, 01-Dec 01:06:18 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [56] Baltimore To Ban Lazy Cable Installs
· [47] Broadband Killed The Game Console
· [33] Rural Carriers Quickly Embracing Fiber
· [28] AT&T Top Lobbyist Cicconi Has His Feelings Hurt
· [24] Charter Exits Chapter 11
· [21] Midcontinent Socked With Easement Lawsuit
· [3] Monday Morning Links
· [2] Monday Evening Links
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· Is Microsoft Technet ok to use for my family PC's? [Microsoft Help]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· Considering Leaving Vonage, who should I Consider? [VOIP Tech Chat]
· [Internet] Gaming problem for "Heroes of Newerth" ( New bell Upd [Bell Canada]
· Are GPS's better today? [General Questions]
· Opening a file download dialog from a JavaScript function. [Webmasters and Developers]
· [Newsgroups] Newzleech down? [Filesharing Software]
· Heating - my dad gave me this advice... [Home Repair & Improvement]
· [Rant] called out sick! [Rants, Raves, and Praise]