EU agency takes on DNS flaw

News
By Miya Knights
published

ENISA is looking at system security extensions as one way of strengthening the security of servers handling IP addresses.

The European Network and Information Security Agency (ENISA) has said it is looking at three different measures to bolster the security of the net's addressing system.

The agency, whose job it is to advise the European Union (EU) on public IT and communication security issues, said it was investigating new security measures in response to recently uncovered flaws in the internet's Domain Name Systems (DNS).

The flaws, first identified by security researcher Dan Kaminsky, were proven to be able to poison the servers that translate domain names into internet protocol (IP) addresses, with the potential to infect user PCs with malicious code or intercept and edit email.

ENISA said it is looking into three standard technologies to combat the flaws. They include Multiprotocol Label Switching (MPLS ), IPv6 and Domain Name System Security Extensions (DNSSEC).

DNSSEC, for example, is a set of DNS extensions that provide origin authentication of DNS data, data integrity and authenticated denial of existence. DNSSEC protects internet servers from domain name system attacks, e.g. DNS cache poisoning by malicious users. ENISA said several European Country Code Top Level Domain Registries have already adopted the use of DNSSEC and are actively participating in the agency's activities.

The agency added that it was looking at the potential of all three technologies to help improve the resilience, availability and integrity of the internet. It is also working with regulators, policy makers, network operators, network equipment vendors and academia to establish best practice approaches to tackling the flaws.

The agency is taking stock of existing policies and regulations used locally, across EU Member States, by operators through a series of interviews.

And, to assess the effectiveness of any potential fix and identify potential problems or gaps that arise with those fixes that could compromise the availability of networks and services, the agency will analyse the operator input, in direct consultation with all leading stakeholders, in order to develop EU guidelines.

"The recent spotlight in the news on DNS vulnerabilities and attacks highlights the importance and relevance of ENISA's work on improving the resilience of public communications, vital for European e-government and ultimately, e-business," said Andrea Pirotti, ENISA's executive director.

The final results of the agency's research will be presented at a "Resilience of Public e-Communication Networks" workshop that will take place in Brussels in November.

Miya Knights
Miya Knights

A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.

Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.