- Image via Wikipedia
Plans to replace the Domain Name System (DNS) with a more secure one is well on course. The DNS was developed in 1984 to make it possible for computers to recognise and utilise domain names in a network. However, the current system is seriously lacking in security features, thus creating a major loophole for cyber-criminals to exploit, as demonstrated by the 2008 Kaminsky attack.
In the new Internet address system called the Domain Name System Security Systems (DNSSEC), security features such as cryptography and digital signatures will be implemented to verify queries and make sure that responses will not be intercepted or compromised before getting to its destination. The DNSSEC is expected to significantly improve security and help protect Web users from attacks such as spamming, phishing and hacking. Furthermore, it will make it more difficult for cyber-criminals to intercept legitimate Web addresses through false DNS servers.
Leslie Daigle, the chief Internet technology officer at the Internet Society describes the DNSSEC “like tamper-proof packaging to make sure if you type in the Website name of your bank that you actually get to the machine that your bank wants you to use and not to a machine that looks like that of your bank but is operated by those who want to take you to a different Website to steal your log-in details”. While the DNSSEC has been in development for over a decade, its impact will not be felt overnight. According to the Internet Society, “DNSSEC does not provide a total answer to DNS security – operationally sound services are still required. However, as technologies increasingly rely on accurate and authentic results from DNS, the status quo of security is not sufficient”. Consequently, Web users will still need to be security conscious and observe the usual precautions to guard against becoming victims of security attacks.
The DNSSEC protocol is being overseen by the Internet Corporation for Assigned Names and Numbers (ICANN) and is expected to become operational in July.
Talking Point
How effective do you expect the DNSSEC will be in tackling security attacks such as phishing?
there is a vulnerability in the current DNS system, so definitely it should be improved.
Scan your networks now, make sure your DNS servers are responding well,
and make sure they do NOT answer to anyone at the world.
Thank you for sharing. I have no idea that there’s a new address system to replace DNS. Like you said the changes will not be felt overnight but it’s nice to know that institutions are improving our networks to protect users from hackers. Cheers
This has been coming for a long time, thanks for the info, the kaminsky attack effected one of my sites so i’m happy to read this.
Won’t they just find another hole in this security?
When they first came out with DNS they thought it was secure as well, didn’t they?
It is more difficult now, but if they really want hackers can still get through.
Look at hackers hacking into websites of companies that provide internet security, and government sites.
They can go anywhere they want, it just became more difficult and the not so tallented can’t get through.
I know we all want to feel safe offline and online, but seriously, no matter what we do there will always be someone with the knowledge and ability to get to us. That said, security can be a good thing, and this will make it more difficult for amateurs. The problem is that the amateurs are not the ones robbing us blind.
Hackers today are very abundant. They are using sophisticated way to hack one site. But its nice to know that there is a new address system to replace DNS for security reason.
I think there will be more coming system to replace or help DNS. Day by day, more and more websites has been build and more IP Address are needed. So the need for more ip address and more dns services are overwhelming.