News and Events

Major DNS Security upgrade delayed

Posted in: ,

By Brian Cowan

Major security enhancements to the way that the Domain Name System (DNS) is protected have been delayed because many ISPs and large internet users are not ready for them. A new method of securing DNS records, that was due to roll out on October 11th, has been delayed.

Background

For the non-IT readers, the DNS system provides the link between the website name that you type (www.keytech.co.uk), and the actual internet record for that address that is stored as a number. It makes internet access the simple and convenient service that we all enjoy.

The changes involve the issuing of new cryptographic signatures known as the Root Zone Key Signing Key (KSK). This is distributed to Internet Service Providers (ISPs) and major users (classed as Resolvers). These keys once applied will enable greater security of the DNS address information at the Resolvers, reducing the risk of address spoofing and address redirection from hackers. This will change the access from the traditional DNS model to the DNSSEC (DNS Security Extensions) level that is more secure.

This “Master Key” is in effect a password, and is used by Resolvers to sign secure DNS records. It has has not been changed since 2010 (not sure I would get away with keeping the same password for 7 years with our Admins). It is created and issued by the Internet Corporation for Assigned Names and Numbers (ICANN).

DNS Security changes for Internet Users

The current DNS system has become vulnerable to cyber attackers over the years. Criminals have gained access to local DNS servers, inserting false records. A User then searches for a website, for example, their bank by typing www.thebankname.com, but is directed to a site set up by the criminals to mimic the bank. Once there, the User is prompted to provide security information for their account.

The new DNSSEC system will apply digital signatures to the DNS records, ensuring that when Users request access, they are directed to the correct site. This should eliminate a major threat to Users and organisations.

ICANN – doing things properly

Normally, when you read about delivery delays it is in a negative context. On this occasion I believe that it demonstrates a great amount of planning and due diligence. Research by ICANN revealed that many Resolvers were running versions of DNSSEC that were not correctly updated or did not have the new key installed. Had the roll out gone ahead on 11th October, an estimated one-in-four Internet Users would have been affected. ICANN estimate this to equate to approximately 750 million people that use DNSSEC.

Subsequently, the decision was correctly taken to delay the roll out of this enhanced DNS Security.

The following ICANN video provides more information on planning and preparing for DNSSEC (click on image).

DNS Security

For further information on DNS Security, or to discuss your Network Security please contact us at info@keytech.co.uk, or call 01942-311150.

 

02 Oct 2017

Contact Us

Keytech, 3 Smithy Court, Wigan WN3 6PS

Head Office: 01942 311 150

Service Desk: 01942 311 151

Email: info@keytech.co.uk

Newsletter

Submit

Book Your FREE Demo Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Book Your FREE Trial Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Request a CALLBACK

Simply fill out the form below we will be back in touch as soon as we can!

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Download a FREE Best Practice Guide Document

Simply fill out the form below and you’ll receive our B&BC Best Practice Guide straight to your inbox!

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Product Demo

Product includes:

  • Overview of the technology used
  • Live backup demonstration
  • Live recovery demonstration
  • Q & A session

Request a Demo

Simply fill out the form below and we’ll be in touch to arrange your free demo.

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Book Your FREE Trial Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Backup Assessment

Assessment includes:

  • Summary of all the servers within the network
  • Summary of all the workstations within the network
  • Assessment of critical data and applications
  • Bandwidth speed test & offsite backup assessment
  • Recommended BDR solution

Backup Assessment

View sample report

Request a Callback

Simply fill out the form below and we’ll give you a call to
discuss your requirements further

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Book Your FREE Trial Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Book Your FREE Trial Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Download a FREE Best Practice Guide Document

Simply fill out the form below and you’ll receive our Infrastructure Optimisation Best Practice Guide straight to your inbox!

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Infrastructure Assessment

Assessment includes:

  • Non-intrusive
  • Runs for as little as 1 day or for up to 7 days
  • Identify and remediate issues
  • Generates performance and capacity reports
  • Maximise utilisation with capacity monitoring analytics
  • Assessment Playback by Keytech Consultant

View sample report

Request a Callback

Simply fill out the form below and we’ll give you a call to
discuss your requirements further

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields
We will send you an email with a confirmation link which you must follow to recieve these updates.
We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.


*Mandatory Fields