http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/229400940/dnssec-finally-comes-to-i-com-i-but-secure-dns-still-has-a-long-way-to-go.html By Kelly Jackson Higgins Darkreading Apr 05, 2011 The DNSSEC protocol for securing the Internet Domain Services Name (DNS) is now fully deployed at the root servers and top-level domains, with the last of the domains and the biggest -- .com -- signed with DNSSEC late last week. But the milestone is still lost on many organizations that remain unaware or unsure about the DNS security technology. Like any newly available technology, DNSSEC is more of interest to large organizations that have the highest stakes in securing their domains -- as well as the most resources and know-how to deploy and manage it. A new survey released on March 30 -- the day of the .com-signing led by VeriSign, which operates the .com domain -- found that half of corporate IT security experts had either not heard of DNSSEC at all or didn't really understand it well. About 5 percent of the respondents in the study -- conducted by Internet Identity (IID) and the Online Trust Alliance -- say they have already rolled out DNSSEC for their domains, and another 16 percent say they plan to do so. This lack of awareness and knowledge of DNSSEC doesn't worry Dan Kaminsky, the security researcher who discovered the deadly DNS cache-poisoning attack that ultimately gave DNSSEC a much needed kick-start after more than 15 years in the making and limited adoption. "Most organizations deploy their networks under the .com TLD, which just got signed. It's going to take time for administrators to even become aware of this new security capability, let alone determine what it would take to integrate it into their networks. It will also take time for products to be developed that depend on DNSSEC being deployed," Kaminsky says. Kaminsky, who wasn't initially a fan of DNSSEC and changed his mind upon further inspection, says DNSSEC adoption in the Internet is inevitable. "But it will happen because, for a long time, the Internet has been suffering severe problems with authentication -- problems X.509-based PKI just cannot fix, but DNSSEC can," he says. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Tue Apr 05 2011 - 22:51:51 PDT
This archive was generated by hypermail 2.2.0 : Tue Apr 05 2011 - 22:59:04 PDT