Download the authoritative guide: Cloud Computing 2018: Using the Cloud to Transform Your Business
It will take some time, but the Domain Name Service (DNS) is on its way to be secured around the world with DNSSEC (DNS Security Extensions). A new industry consortium called the DNSSEC Industry Coalition has been formed to expedite the implementation of DNSSEC and in so doing will help to secure the Internet itself for over a billion users.
DNS (define) is critical to the functioning of the Internet, linking IP addresses with domain names. Thanks to security researcher Dan Kaminsky, awareness around the DNS and its shortcomings have been greatly elevated this year. DNSSEC is a key solution to ensuring that the DNS cache poisoning attack that Kaminksy first warned about cannot occur.
"Collaboration of this kind is how DNSSEC was developed in the first place, and it's how BIND's DNSSEC feature development was sponsored," Paul Vixie, a leading authority on DNS and the founder of Internet Systems Consortium (ISC) told InternetNews.com. "Now it's the thing I suspect a lot of IT managers are waiting for so that they can relax a little bit and see DNSSEC as non-controversial, worthy of investment."
The new coalition will aim to identify and overcome the challenges and make DNSSEC deployment a global reality. One of the key players in the new DNSSEC coalition is VeriSign, the vendor that controls the Internet's root domain servers for the .com and .net domains.
"We firmly believe that DNSSEC is a technology that requires implementation and it solves a specific problem that nothing else solves," Pat Kane, vice president of naming services at VeriSign told InternetNews.com.
The specific problem in Kane's view is man in the middle cache poisoning attacks like the one discovered by Kaminsky. The basic idea behind the attack is that DNS server responses can be tampered with to redirect end users to different sites, so a user could type in "Google.com" and be taken to a phishing (define) site instead. With encryption signed DNS information from DNSSEC, a domain name would be validated to ensure authenticity.
Though DNSSEC is something VeriSign is supportive of, Kane cautioned that it is not a solution for everything that ails the Internet.
"We also want to make sure that in people's enthusiastic rush to get DNSSEC implemented, that people understand what it is and the problems that it specifically solves," Kane said. "It's doesn't solve phishing or malware distribution."