Search Hazen Legal: 
Articles|Members Area|Sitemap
Bullets Latest News
Major Milestone for the Internet
The Internet last month passed a major milestone. A Key-Signing-Key (KSK) ceremony was held this week at a secure datacenter in Virginia to produce the cryptographic key that will be used to secure the root zone of Internet DNS. "The key signing event was an important milestone in the root deployment of DNSSEC, because this ceremony created the keys needed to actually sign the zone on July 15th," Eland said. "On July 15th, validating resolvers will be able to use these keys to verify that response from the root came from the root servers." That flaw exposed vulnerability in the DNS system which could have destroyed the viability of the current Internet system for routing domain name information and Web traffic. The Domain Name System Security Extensions (DNSSEC) is a suite for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions o DNS which provided to DNS clients origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentially. The original design of the Doman Name System (DNS) did not include security; instead it was designed to be a scalable distributed system. The Domain Name System Security Extension (DNSSEC) attempts to add security, while maintaining backwards compatibility. RFC 3833 attempts to document some of the known threats to the DNS and how DNSSEC responds to those threats.

DNSSEC when fully implemented will mitigate the risk by providing additional security for DNS information to ensure its authenticity. While the root zone of the Internet is on the verge of being ready for DNSSEC with the KSK ceremony, there is still much work to be done. The actual domain registries still need to complete their respective DNSSEC efforts. Work on DNSSEC for .org has been going since 2008 with completion expected this year. The .com and .net Top Level Domains are set to be secured by DNSSEC in 2011. "The major work so far has been done on the infrastructure side among Root and TLD operators enabling DNSSEC," said Eland. "What really has to happen now is for ISPs, application providers and enterprises to embrace DNSSEC either to secure their own infrastructure or to look at how they can use it in new services to improve end user security."
Online Legacy Consultancy Online
Legal Consultancy
Latest News
How To Become A Cyber Forensic Examiner
Admissibility of Secondary E-evidence u
Due to the boom in the industry of e-commerce and tremensdo
Home | Our Founder | About Us | Services | Career | Member Area | Gallery | Pro Bono | Contact Us | Site Map | Disclaimer