[ISN] Energy gets jump on implementing DNS security on ESnet research network

From: InfoSec News <alerts_at_private>
Date: Fri, 24 Jul 2009 02:19:10 -0500 (CDT)

By William Jackson
July 23, 2009

The Energy Department has started implementing Domain Name System 
Security Extensions on its high-performance Energy Sciences Network 
(ESnet), using a commercial appliance to digitally sign DNS records and 
manage cryptographic keys.

The first zones on the network were signed July 8 and it will be at 
least another month before necessary software updates and testing are 
completed, and signed records can be published, said R. Kevin Oberman, a 
network engineer at DOE.s Lawrence Berkeley National Laboratory.

"We're just getting it cranked up now," Oberman said. "Thus far, 
everything is working perfectly."

DNSSEC is a set of protocols for digitally signing records used by the 
DNS to translate numerical IP addresses into commonly used domain names. 
Because DNS transactions underlie most activity on the Internet, 
assuring the authenticity of this information is crucial to security. 
The .gov top-level domain was digitally signed in February, and the 
Office of Management and Budget is requiring agencies to sign 
second-tier domains within .gov by the end of the year.

ESnet is a network with a 100 gigbits/sec backbone that is used 
primarily for scientific research. Although the DOE runs the network, 
its domains are in the .net and .org top-level domains rather than .gov, 
so the department was not required to sign its records by the OMB 
mandate. Oberman said the decision to implement DNSSEC was to gain 
practical experience. OMB also is expected to expand its mandate to 
include government networks that are outside of .gov.


Attend Black Hat USA, July 25-30 in Las Vegas, 
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Fri Jul 24 2009 - 00:19:10 PDT

This archive was generated by hypermail 2.2.0 : Fri Jul 24 2009 - 00:29:04 PDT