Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

The majority of U.S. government websites miss DNS security deadline

Add to del.icio.us     Digg this story Digg this

January 23, 2010

According to various reports, about 81 percent of large U.S. federal agencies have failed to meet a Dec. 31, 2009 deadline to fully deploy new technology that would make it a lot more difficult for potential hackers to spoof their Web sites.

Only 19.3 percent of U.S. government agencies were found to have fully secured their DNS servers with the new measures, which is known as DNS-SEC, or DNS Security Extensions. A study by Domain Name System vendor Secure 64, which researched no less than 362 government agencies to see how many had digitally signed their .gov domains has confirmed the report.

DNS-SEC uses 128-bit public security key encryption technology and digital authentication to prevent the kinds of DNS cache poisoning attacks researcher Dan Kaminsky warned of in the summer of 2008.

The way the new technology works is that it digitally signs each step in the hierarchical DNS structure, making it significantly harder for miscreants to spoof the servers that translate domain names into numerical IP addresses.

The overall threat of DNS cache poisoning was lessened by some minor changes implemented in the spring of 2009 that added more randomness to DNS queries.

However that measure didn't eliminate all of the vulnerability and there's still a lot at risk that can 'poison' a DNS server.

Ironically, the Obama Administration's failure to meet this critical cybersecurity deadline comes at a time when dozens of U.S. companies including Google, Yahoo and Adobe have all reported cyberattacks by Chinese hackers.

Click here to order the best dedicated server and at a great price.

"The 19.3 percent number is believable," says Paul Hoffman, Director of the VPN Consortium and an active participant in DNS-SEC standardization efforts at the Internet Engineering Task Force. "NIST has been working on DNSSEC, but the individual agency IT departments aren't doing anything about it. DNS-SEC is simply not a priority for now."

Government officials declined to say why the agency hasn't enforced the DNS-SEC deadline for executive branch departments.

"The Dec. 31st deadline was a little aggressive," says Steve Crocker, an Internet pioneer who is CEO of Shinkuro, an Internet security company engaged in DNSSEC-related work. "I would take it as a very positive sign that there was any movement at all. What I'm hearing is that of the many, many things that all the federal CIOs are forced to pay attention to, DNSSEC is one that is likely to get attention in 2010."

With specific regard to the encryption of DNS databases, the government is committed to data protection and integrity. The steps taken to date by departments and agencies are being evaluated for their effectiveness.

Crocker says it's realistic for the majority of federal agencies to support DNSSC in their .gov subdomains by the end of this year, however.

He added "missing the mark by one year is pretty good news in this business. There is a gradual tightening of Internet security going on up and down the protocol stack. DNS-SEC isn't the be-all-and-end-all, but it's an important part. The technical community has been working on DNSSEC for about twenty years now. The top part of .gov is signed, and now we're seeing the other pieces coming along."

Add to del.icio.us     Digg this story Digg this

Source: ISR&N.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer



Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.


Get your Linux or Windows dedicated server today.


The industry's best and most accurate tool to find out EXACTLY what your CORRECT keywords are. Click here to learn more.