/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE,INDIA:VeriSign, Inc., the trusted provider of Internet infrastructure for the networked world, announced its strategic approach for working with the Internet community to deploy DNS Security Extensions (DNSSEC) in the .com and .net Top Level Domain Names (TLDs). Through a collaborative industry-wide effort, VeriSign, and the ICANN and business communities can play a part in helping to protect the Internet’s Domain Name System (DNS) from “man in the middle” and cache poisoning attacks.
DNSSEC offers the potential to strengthen the infrastructure of the Internet by authenticating the origin of DNS data and verifying its integrity while moving across the Internet. DNSSEC protects the Internet community from forged DNS data by using public key cryptography to digitally sign DNS data. Digital signing can assure that the data originated from the stated source and that it was not modified in transit. DNSSEC can also prove that a domain name does not exist. As a result, DNS queries and responses are protected from the kind of forgeries that could possibly redirect Internet users to phishing and pharming sites, or “man in the middle” attacks that intercept communications between two systems.
VeriSign has made a careful and methodical roll-out of DNSSEC a strategic priority and is currently working with EDUCAUSE and the Department of Commerce (DoC) to deploy DNSSEC within the .edu TLD. VeriSign is applying lessons learned from its partnership with EDUCAUSE as well as industry-wide best practices from early DNSSEC implementations. Starting with smaller scale implementation and progressively increasing in size and learning from deployment experience, VeriSign anticipates completing DNSSEC implementation on .net and .com by the first quarter of 2011.
“VeriSign has been at the forefront of the DNSSEC effort since its beginnings in the early 1990s, and now the time is right for .com and .net,” said Ken Silva, CTO of VeriSign. “Successfully implementing DNSSEC will involve the entire Internet ecosystem, from registrars and ISPs to browser vendors. Because the reliable operation of .com and .net is crucial around the world, we must take a cautious and orderly approach to this roll-out. VeriSign is committed to helping registrars and ISPs make the implementation decisions that are right for them.”
“We are very pleased to be working with VeriSign and the U.S. Department of Commerce to add this important element of security to the Internet,” said Greg Jackson, vice president for policy and analysis for EDUCAUSE, the association for information technology in higher education. “Higher education is increasingly dependent on trustworthy and reliable digital communication for learning, research, and outreach. Adding DNSSEC to the .edu TLD is a major step forward for our community and for the Internet.”
VeriSign is working closely with domain name registrars and ISPs to assist them with their DNSSEC deployment strategies. This month, VeriSign launched a technical “boot camp” program to provide registrars, ISPs and larger registrants with the tools and training they need to assess and implement DNSSEC protections. VeriSign has also established an Interoperability Lab within its research infrastructure for vendors to evaluate the interoperability of their equipment with DNSSEC. VeriSign is inviting manufacturers of computing and network equipment to its facilities for the purposes of reviewing the functionality and operations of their equipment when DNSSEC is implemented in the .com and .net TLDs.
“DNSSEC is an important component of cyber security, but not a silver bullet,” added Silva. “DNSSEC does not solve many of the most common threats to Internet security. This is why other layers of protection, such as Extended Validation SSL certificates and two-factor authentication, are so critical to making the Internet secure for everyone.”