Plans to replace the Domain Name System (DNS) with a more secure one is well on course. The DNS was developed in 1984 to make it possible for computers to recognise and utilise domain names in a network. However, the current system is seriously lacking in security features, thus creating a major loophole for cyber-criminals to exploit, as demonstrated by the 2008 Kaminsky attack.
In the new Internet address system called the Domain Name System Security Systems (DNSSEC), security features such as cryptography and digital signatures will be implemented to verify queries and make sure that responses will not be intercepted or compromised before getting to its destination. The DNSSEC is expected to significantly improve security and help protect Web users from attacks such as spamming, phishing and hacking. Furthermore, it will make it more difficult for cyber-criminals to intercept legitimate Web addresses through false DNS servers.
Leslie Daigle, the chief Internet technology officer at the Internet Society describes the DNSSEC “like tamper-proof packaging to make sure if you type in the Website name of your bank that you actually get to the machine that your bank wants you to use and not to a machine that looks like that of your bank but is operated by those who want to take you to a different Website to steal your log-in details”. While the DNSSEC has been in development for over a decade, its impact will not be felt overnight. According to the Internet Society, “DNSSEC does not provide a total answer to DNS security – operationally sound services are still required. However, as technologies increasingly rely on accurate and authentic results from DNS, the status quo of security is not sufficient”. Consequently, Web users will still need to be security conscious and observe the usual precautions to guard against becoming victims of security attacks.
The DNSSEC protocol is being overseen by the Internet Corporation for Assigned Names and Numbers (ICANN) and is expected to become operational in July.
How effective do you expect the DNSSEC will be in tackling security attacks such as phishing?