Sponsored White Papers, Webcasts, and Downloads
TechRepublic Resources
- DNSSEC: What's the fuss all about (and what does U.S. Homeland Security have to do with it)?
- Most people reading this will already know that the Domain Name System DNS is a mechanism used to translate alphanumeric domain and host names into numerical IP addresses -- just like a phonebook. Aside from the obvious advantage of making Internet addresses easier to remember, this allows human-readable addresses to...
- Tags: Security, Legal, Internet Openness, Infrastructure, Information Security, Government Agency, Government, General
- Blog posts 2007-04-11
- DNSSEC: What's the fuss all about (and what does U.S. Homeland Security have to do with it)?
- I'm not sure how you can conclude that"I suggested above that DNSSEC could be used as a public key infrastructure for signing of e-mail; however, the aforementioned issue means that doing so would be tantamount to publishing a list of all employees in the organisation — something most wouldn't even...
- Tags: PKI, Digital security, Authentication/Encryption, Network security, SECURITY, george_ou@..., DNSSEC
- Discussion threads 2007-04-11
- DNS resource record integrity is still a big, big problem
- The need to secure DNS has never been greater. Attacks against DNS cache integrity, including entire zone references, are an easy way for criminals to redirect your unsuspecting users to malicious sites. Current controls are still lacking. by Tom Olzak
- Tags: DNS, Current Control, Domain Names, Networking, Internet, Tom Olzak, DNS Server, IP, Server, IP Address, Entry, Domain Name, DNSSec, ID
- Blog posts 2008-11-17
- You don't have to wait to deploy DNSSEC
- A look at DNS security with a high-level examination of DNSSEC, why DNSSEC is still not globally deployed, and some things you can do to improve DNS transaction integrity until it is. by Tom Olzak
- Tags: DNS, Domain Names, Networking, Internet, Tom Olzak, DNSSEC, NSEC, RRSIG
- Blog posts 2008-11-19
- DNS: Patched but not totally fixed
- DNS isn't out of the woods yet; there's a proof-of-concept exploit that successfully poisons the cache of a fully-patched and up-to-date DNS server. In order to keep everyone up to speed, I'd like to describe the attack vector and some possible fixes that we will be hearing about. by Michael...
- Tags: Response, DNS, Server, DNSSEC, Domain Names, Networking, Internet, Michael Kassner
- Blog posts 2008-08-17
Additional Resources
- DNS: The Internet dodged a bullet, thankfully
- Check DNSHave you checked your ISP's DNS servers to see if they have patched them? If not: 1. Let them know about it.2.Switch to secure DNS servers like those at OpenDNS until the DNS servers are patched.I certainly hope soI'd like to think that the majority of ISPs, large institutions,...
- Tags: Domain names, Internet service providers (ISPs), NETWORKING, Internet, DNS, DNS server, server
- Discussion threads 2008-08-11
- DNS: Patched but not totally fixed
- I can't wait to see what happens.I wonder how long until patch. Or is this something adjustable in configuration?Socially, I'll be watching to see how this plays out in the security community, media, and various fora. How critical will this vulnerability be rated? What reactions will we get to the...
- Tags: Domain names, NETWORKING, fully qualified domain name, randomization, DNS
- Discussion threads 2008-08-18
- SSL: Broken even more
- SSL security can be sidesteppedHow many times do you look to make sure the URL has https and that the lock is visible when you are requesting a secure Web page? Would SSLstrip be able to fool you? Let me knowWhat you think. It's appears to be quite an effective...
- Tags: SSL/TLS, Authentication/Encryption, Network security, SECURITY, Michael Kassner, SSL, SSLstrip, HTTP
- Discussion threads 2009-02-24
- RSA proves security isn't usable by example
- RADIUS: Good Idea!I agree with that... publish RADIUS info in DNS. While we're at it, I still like your idea to let the DNS server dictate who is authroized to dish out secure certificates for a domain too, which minimizes the cost and maximizes the use of encryption.J.JaDNS issued certificate...
- Tags: Justin James, DNS, PKI, security, george ou, RSA Security Inc.
- Discussion threads 2007-02-06
- Lock IT Down: Secure your DNS infrastructure by replacing BIND with djbdns
- If you're running BIND on Linux/UNIX for your DNS services, you're likely familiar with the potential security implications. Although BIND is an excellent choice for many organizations, those looking for a DNS server with security included from the ground up might want to consider the djbdns package.What is djbdns?Djbdns is...
- Tags: BIND, Djbdns, DNS, DNS Service, information technology, Scott Lowe MCSE
- Technical articles 2003-02-05
- Reduce permissions to increase DNS security
- Every server process you run on your system provides another potential point of compromise. This is why it is so often recommended that you turn off unnecessary services on MS Windows machines and deactivate unneeded daemons on Unix-like operating systems. You cannot simply turn off all services and...
- Tags: Security
- Blog posts 2007-07-26
- SecureDNS 9.2.1 (Mac)
- SecureDNS is an implementation of the ISC BIND 9.2.1 software that runs in what is known as a "chroot environment". A chroot environment adds an extra layer of security by limiting a process to it's own portion of the filesystem. Should the process in question become compromised, then the attacker...
- Tags: Apple Macintosh, Environment, File System, Server, Server Logistics, SecureDNS, Security
- Software downloads 2003-02-26
- DNS resource record integrity is still a big, big problem
- Very relevantThanks, TomIt is still an issue and experts are starting to wonder if DNSSec is the answer. The performance hit and bandwidth requirements may be too much for the backbone networks.It's all about the sourceThe first instance that I know of, of cache poisoning was Kashpuref's play against the...
- Tags: Domain names, Internet service providers (ISPs), NETWORKING, port solution, DNS, server, Internet Service Provider, attack, DNS resource record integrity
- Discussion threads 2008-11-17
- You don't have to wait to deploy DNSSEC
- thanksGreat info, very informative and well written.
- Discussion threads 2008-11-25
- The cloud is getting more secure, except from the government
- They should keep their filthy hands off my desert.The government should need to follow onerous procedures whenever it wants to look at something that doesn't belong to it. Since it is already tapping the tubes, why should it have to be any easier for it to look through neatly stored...
- Tags: Vertical industries, government
- Discussion threads 2008-08-19
- << Previous
- page 1 of 1
- Next >>
Designing the next killer product
Developing new ways to collaborate
Overseeing IT operations across a global organization
The biggest security threats facing companies in 2009