Home » Inside SafeNet » Everybody Likes a New Pair of Shoes
Everybody Likes a New Pair of Shoes
September 29, 2010, 08:00 am EDT
Despite the small panic that The Register tried to create around the activation of DNSSEC, the Internet was not killed on May 5 nor did anything happened to any Internet end-station on July 15th when the Internet Root Zone was signed. The even better news is that the Internet is not likely to be killed even as the use of DNSSEC protocol will start to widely spread. And it will… Because DNSSEC other than being a security protocol is also a fashion item or if you want to put it in the Business School jargon a competitive edge.
For those who were busy reading emails in the dozens of the Internet Engineering Task Force (IETF) meetings discussing DNSSEC (or better say for those who didn’t bother flying to these IETF meetings at all) DNSSEC is a security protocol running on top of the good old Domain Name System (DNS), the protocol that translates a human readable address (e.g: www.safenet-inc.com) to a set of 4 numbers also known as IP address, which is the one and only address that your computer can refer to. The standard DNS protocol does a fairly good job in translating these readable addresses to numbers, the only problem is (as always) with hackers that in some cases managed to hack to DNS databases and change the correlation between the human readable address to the IP addresses. When such attack happens, a user that wants to go to Twitter site and write www.twitter.com in the URL address of her browser may find herself browsing an Iranian site, as the system attackers changed the correlation so now the Twitter URL points to a different IP address. DNSSEC makes sure, by using cryptographic based digital-signature, that the database entry that correlates www.safenet-inc.com to its IP address (18.104.22.168) is authenticated and ensures the end-user that she is using the correct Web site.
No business likes to see its customers redirected away, but in some cases such redirection could be harmful both to the business and to its customers. Let’s take banks as an example. Think about Mrs. Smith, an old lady that gets to her bank’s Web site to check what her life savings are doing in the stock market, and finds herself in malicious Web site that acts like her real bank’s Web site but instead of doing the real transactions just gets her user-name and password. These personal credentials will be used by the hackers to get into the “real” bank Web site, get into the innocent victim’s bank account and get her money. DNSSEC can and will solve this problem by ensuring Mrs. Smith that indeed she is entering her bank’s Web site and no other Web site.
But enough with this talk. We’re talking about fashion and competitive edge here. DNSSEC will be adapted mainly because companies can’t tolerate that their customers are being redirected. Some of these companies, such as banks, financial institutes and even retailers, will brag about how secure accessing their site is, and use this as a competitive advantage. Having said this, bragging is bragging, so just like people like to show off their latest chic accessory, they will adopt the use of DNSSEC. It will start with few innovative ones, also known as early adaptors. SURFnet is a great example of DNSSEC early adapter using OpenDNSSEC open source solution integrated with SafeNet’s Luna HSM. Now, when other Internet Registrars see SURFnet’s newest style, sorry, new DNS security measures, some of them will likely to adopt it. As more and more registrars offer this service, more ISPs will offer a validating service and more organizations will tell their customers that they now can access their Web site securely. Everybody loves new shoes, or bragging about a good customer service.This entry was posted in Compliance, DNS SEC, Financial Services by Trisha Paine. Bookmark the permalink.
SafeNet October 6, 2011, 11:35 am UTC
SafeNet October 4, 2011, 03:03 pm UTC
SafeNet September 13, 2011, 04:40 pm UTC
SafeNet October 6, 2011, 11:35 am UTC