Plans to replace the Domain Name System (DNS) with a more secure one is well on course. The DNS was developed in 1984 to make it possible for computers to recognise and utilise domain names in a network. However, the current system is seriously lacking in security features, thus creating a major loophole for cyber-criminals to exploit, as demonstrated by the 2008 Kaminsky attack.
In the new Internet address system called the Domain Name System Security Systems (DNSSEC), security features such as cryptography and digital signatures will be implemented to verify queries and make sure that responses will not be intercepted or compromised before getting to its destination. The DNSSEC is expected to significantly improve security and help protect Web users from attacks such as spamming, phishing and hacking. Furthermore, it will make it more difficult for cyber-criminals to intercept legitimate Web addresses through false DNS servers.
Leslie Daigle, the chief Internet technology officer at the Internet Society describes the DNSSEC “like tamper-proof packaging to make sure if you type in the Website name of your bank that you actually get to the machine that your bank wants you to use and not to a machine that looks like that of your bank but is operated by those who want to take you to a different Website to steal your log-in details”. While the DNSSEC has been in development for over a decade, its impact will not be felt overnight. According to the Internet Society, “DNSSEC does not provide a total answer to DNS security – operationally sound services are still required. However, as technologies increasingly rely on accurate and authentic results from DNS, the status quo of security is not sufficient”. Consequently, Web users will still need to be security conscious and observe the usual precautions to guard against becoming victims of security attacks.
The DNSSEC protocol is being overseen by the Internet Corporation for Assigned Names and Numbers (ICANN) and is expected to become operational in July.
Talking Point
How effective do you expect the DNSSEC will be in tackling security attacks such as phishing?
Thanks for reading this article. If you're new here, why don't you subscribe for regular updates via RSS feed or via email. You can also subscribe by following @techsling on Twitter or becoming our fan on Facebook. Thanks for visiting!
11 Comments
Leave a Reply
Cancel reply
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Pingback: Tweets that mention New Address System to Replace DNS
Mobile Games
June 26, 2010 at 12:02 pm
there is a vulnerability in the current DNS system, so definitely it should be improved.
CISO
August 11, 2010 at 8:32 pm
Scan your networks now, make sure your DNS servers are responding well,
and make sure they do NOT answer to anyone at the world.
Pingback: New Address System to Replace DNS
Marc Rasmussen
August 11, 2011 at 12:03 pm
Thank you for sharing. I have no idea that there’s a new address system to replace DNS. Like you said the changes will not be felt overnight but it’s nice to know that institutions are improving our networks to protect users from hackers. Cheers
Craig Daniel
August 13, 2011 at 8:56 am
This has been coming for a long time, thanks for the info, the kaminsky attack effected one of my sites so i’m happy to read this.
Teake van der meer
September 18, 2011 at 7:41 am
Won’t they just find another hole in this security?
When they first came out with DNS they thought it was secure as well, didn’t they?
Danny
September 18, 2011 at 7:45 am
It is more difficult now, but if they really want hackers can still get through.
Look at hackers hacking into websites of companies that provide internet security, and government sites.
They can go anywhere they want, it just became more difficult and the not so tallented can’t get through.
Lyndrick
September 23, 2011 at 12:47 am
I know we all want to feel safe offline and online, but seriously, no matter what we do there will always be someone with the knowledge and ability to get to us. That said, security can be a good thing, and this will make it more difficult for amateurs. The problem is that the amateurs are not the ones robbing us blind.
Jerryl
September 30, 2011 at 9:20 am
Hackers today are very abundant. They are using sophisticated way to hack one site. But its nice to know that there is a new address system to replace DNS for security reason.
Karen
November 16, 2011 at 9:20 am
I think there will be more coming system to replace or help DNS. Day by day, more and more websites has been build and more IP Address are needed. So the need for more ip address and more dns services are overwhelming.