republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » U.S. to deploy DNS Security in two years
Search Topic:
Uniqs:
246		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Researchers offer new way to avoid bogus Web sites »
« IE 7 and Google Search  
AuthorAll Replies
-

SUMware
Premium
join:2002-05-21

U.S. to deploy DNS Security in two years

From SecurityFocus
2008-08-28 -
quote:
The U.S. government issued a memo last week mandating that all major agencies adopt a proposed technology to enable trusted lookups of domain information by December 2009.

The technology, known as DNSSEC, promises to secure the domain name system (DNS) against attempts to subvert the infrastructure, such as the cache poisoning attack found by researcher Dan Kaminsky earlier this year. However, the system requires public-key cryptography to secure communications with names servers as well as validate the identity of authoritative servers. Because of the technical hurdles -- and the political problems in designating companies or governments to hold the keys to the domain-name system -- both governments and private sector companies have held off deploying DNSSEC for more than a decade.

In a memo (pdf) to agency chief information officers, Karen Evans, Adminstrator for the Office of E-Government and Information Technology at the White House's Office of Management and Budget, said its time to lock down the infrastructure.

"The Government's reliance on the Internet to disseminate and provide access to information has increased significantly over the years, as have the risks associated with potential unauthorized use, compromise, and loss of the .gov domain space," Evans wrote.

While many security professionals see DNSSEC as a possible solution to the problems posed by the trust issues inherent in the domain name system, it is a controversial one. Rather than attempt to adopt the technology as a solution to the attack described by Kaminsky, DNS infrastructure experts recommended implementing source-port randomization as a workaround and as a solution far more likely to be deployed quickly. Because so much of the Internet relies on the domain-name system, co-opting the infrastructure can allow attackers significant control over a victim's networks, including intercepting e-mail messages and providing malicious update services.

The OMB has set a deadline for initial implementation plans of September 5, with mutually agreed on final plans completed by October 24, 2008.
to forum · permalink · · 2008-08-28 10:56:18 · Reply to this
Forums » Up and Running » Security » Security Researchers offer new way to avoid bogus Web sites »
« IE 7 and Google Search  

Sunday, 06-Dec 06:23:59 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [163] Comcast Releasing Promised Usage Meter
· [147] Avast Antivirus Has Gone Mad
· [128] Comcast Makes NBC Universal Acquisition Official
· [124] The Bandwidth Hog Does Not Exist
· [105] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [101] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [85] FCC Ponders Moving From PSTN To IP Voice
· [82] Latest Consumer Reports Survey Not Kind To AT&T
· [80] New Bill Aims To Limit ETFs
· [75] Sprint Defuses GPS Privacy Media Bomb
Most people now reading
· Wife might have to work in.... Iowa for a few months!!! [General Questions]
· [Newsgroups] Newzleech down? [Filesharing Software]
· False positive in Avast! or is it real? [Security]
· UPS - What do you people think happened? [General Questions]
· [ Classes] 3.2.2 Rogue [World of Warcraft]
· [ PVP] 3.2 DK PvP D/W Spec... [World of Warcraft]
· [WIN7] How to obtain a windows 7 CD (OEM) and re-use the CD key. [Microsoft Help]
· He freakin' went there. [World of Warcraft]
· [DNS] Google's public DNS... performance increases? [Comcast HSI]
· [ Classes] Druid tanking: rotation and glyphs [World of Warcraft]