BuyLow.com Computers And Internet - Internet Security, Computers, Mobile Devices, Networks

BuyLow.com | Resources | Contact Us


 

Safer Net Surfing

by NIST

When you type www.irs.gov—or the Web address of your bank or an e-commerce site—into your web browser, you want to be sure that no one is hijacking your request and sending you to a bogus look-alike page. You’re relying on the integrity of the Internet’s “phone book,” the Domain Name System (DNS). Computer scientists at the National Institute of Standards and Technology (NIST) are playing a major role in making sure that what you type is what you get by providing standards, guidance and testing necessary to bolster the trustworthiness of the global DNS. A draft update of NIST’s guidelines for DNS security is now available for public comment.

Most recently, NIST computer scientists provided technical assistance to the General Services Administration to meet the end-of-February deadline to secure the top-level .gov (“dot-gov”) domain, the first major step of a new government-wide DNS security upgrade. NIST researchers develop the standards, specifications and operational procedures used by federal civilian agencies to safeguard their information systems. The Internet relies on the DNS system that converts the user-friendly names (www.nist.gov) into a unique Internet Protocol address (129.6.13.45) necessary to route data to its destination.

The DNS as currently deployed lacks the ability to authenticate the source or integrity of responses returned from the system, and as a result it is easy to spoof responses and redirect users to fake or look-alike destinations. NIST and others are working to add “steel doors and locks” to enhance DNS security. NIST computer scientists led the development of new Internet Engineering Task Force (IETF) standards to add digital signatures and associated key management procedures to DNS protocols. These additions, called DNSSEC, allow users to validate the authenticity and integrity of the data and will provide the basis for a new trust infrastructure for the DNS and protocols and systems that rely on it.

“We hope that the dot-gov deployment of DNSSEC will encourage rapid deployment in other sectors, including government contractors, trading partners and general e-commerce sites,” said Scott Rose, one of the NIST computer researchers.

In addition to developing the standards and deployment protocol guidance for DNSSEC, NIST researchers have developed the Secure Naming Infrastructure Pilot (SNIP) distributed testbed (www.dnsops.gov) to assist agencies and vendors in experimenting with and evaluating specific DNSSEC solutions. NIST is a member of an industry-government DNSSEC-Deployment Initiative, coordinated by the Department of Homeland Security, to foster adoption and implementation of DNSSEC specifications across Internet domains.

The NIST team also has drafted updated recommendations for the “Secure Domain Name System (DNS) Deployment Guide” (NIST Special Publication 800-81 Rev 1), the key DNS security guidance document for civilian agencies, (Available on the Web at http://csrc.nist.gov/publications/drafts/800-81-rev1/NIST_SP-800-81-Rev1_draft.pdf.)

This first revision of the guidance proposes stronger cryptographic algorithms and keys to provide more resilience against attack. The revised publication incorporates comments from the Internet Engineering Task Force that are to update best practices and checklists in the document. The latest version of the deployment guide includes cookbook configuration instructions for two commonly deployed DNS server implementations.

The public is invited to review the draft NIST SP-800-81 revision 1 guidelines and submit comments to SecureDNS@nist.gov before March 31, 2009.

Comments are closed.

RSS BugTraq

  • [SECURITY] [DSA 2100-1] New openssl packages fix double free
    Posted by Moritz Muehlenhoff on Aug 30------------------------------------------------------------------------ Debian Security Advisory DSA-2100-1 security () debian org http://www.debian.org/security/ Moritz Muehlenhoff August 30, 2010 http://www.debian.org/security/faq ------------------------------------------------------------------------ Package : opens […]
  • Re: [Full-disclosure] QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll)
    Posted by security curmudgeon on Aug 30: 1. OVERVIEW : : The QtWeb Browser application is vulnerable to Insecure DLL Hijacking : Vulnerability. Similar terms that describe this vulnerability have been : come up with Remote Binary Planting, and Insecure DLL : Loading/Injection/Hijacking/Preloading. : 3. VULNERABILITY DESCRIPTION : : The QtWeb Browser applicat […]
  • [ MDVSA-2010:165 ] libHX
    Posted by security on Aug 30 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:165 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libHX Date : August 30, 2010 Affected: 2009.0, 2009.1, 2010.0, 2010.1 _________________________ […]
  • {Lostmon - Groups} Safari for windows Invalid SGV text style Webkit.dll DoS
    Posted by Lostmon lords on Aug 30################################################### Safari for windows Invalid SGV text style Webkit.dll DoS Vendor URL:www.apple.com Advisore:http://lostmon.blogspot.com/2010/08/safari-for-windows-invalid-sgv-text.html Vendor notify :Yes exploit available :YES ################################################### Safari browse […]
  • R7-0036: FCKEditor.NET File Upload Code Execution
    Posted by HD Moore on Aug 30R7-0036: FCKEditor.NET File Upload Code Execution August 30, 2010 -- Vulnerability Details: FCKEditor contains a file renaming bug that allows remote code execution. Specifically, it is possible to upload ASP code via the ASP.NET connector  in FCKEditor. The vulnerability requires that the remote server be running IIS. This vulne […]