Home / Industry

DNSSEC FUD Buster: DNSSEC is Not Necessary?

By .ORG  (Sponsored Post) The Original Purpose-Driven Generic Top-Level Domain
  • November 06, 2008
  • Views: 11,632

.ORG, The Public Interest Registry is pleased to announce the next guest blogger for our DNSSEC FUD Buster series. Ram Mohan is the Executive Vice President, & Chief Technology Officer of Afilias Limited. Ram has led the strategic growth initiatives at Afilias Limited in registry services and security as well as new product sectors such as RFID/Auto-ID, global DNS and Internationalized Domain Names (IDNs). He joined the ICANN Board of Directors in November 2008 as a non-voting liaison from the Security and Stability Advisory Committee (SSAC), a Board advisory committee comprised of Internet pioneers and technical experts including operators of Internet root servers, registrars, and Top-Level Domain (TLD) registries. Ram will provide valuable information to our readers on the importance of DNSSEC.

I hear some talk out there that DNSSEC is not necessary. This is troubling to hear for someone in my role as a CTO in a technology company working on critical infrastructure. DNSSEC is an addition to the existing Domain Name System (DNS) protocols. It is designed to add security to the DNS by protecting the Internet from specific attacks, namely data modifications (a.k.a. cache poisoning) and traffic hijacking. DNSSEC adds origin authentication of DNS data and authenticated denial of existence. If you run a large or medium sized enterprise, are using or plan to use Service Oriented Architectures (SOAs) or Cloud/Grid computing, you depend upon having servers and services accessible and available—and that the RIGHT service provider will respond to your website and email traffic.

Without DNSSEC, users accessing your critical services hosted on a cloud somewhere can be hijacked and taken elsewhere without their knowledge or control.

Imagine having services sitting on a SoA platform, with access to these services being mimicked by a hacker who redirects your users and steals critical information and causes your organization reputational (and financial) harm.

The bottom line is that without DNSSEC, no website or email is safe from a potential traffic hijacking. Internet security researcher Dan Kaminsky proved it can be done in just a few seconds.

 

By .ORG, The Original Purpose-Driven Generic Top-Level Domain

Public Interest Registry (PIR) is a nonprofit that operates the .ORG top-level domain – one of the world’s largest generic top-level domains with more than 10.6 million domain names registered worldwide. PIR has been a champion for a free and open Internet for two decades with a clear mission to be an exemplary domain name registry, provide a trusted digital identity and help educate those who dedicate themselves to improving our world.

Visit Page

Filed Under

Comments

Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

DNS

Sponsored byDNIB.com

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

View All Topics