EU agency takes on DNS flaw

The European Network and Information Security Agency (ENISA) has said it is looking at three different measures to bolster the security of the net’s addressing system.

The agency, whose job it is to advise the European Union (EU) on public IT and communication security issues, said it was investigating new security measures in response to recently uncovered flaws in the internet’s Domain Name Systems (DNS).

The flaws, first identified by security researcher Dan Kaminsky, were proven to be able to poison the servers that translate domain names into internet protocol (IP) addresses, with the potential to infect user PCs with malicious code or intercept and edit email.

ENISA said it is looking into three standard technologies to combat the flaws. They include Multiprotocol Label Switching (MPLS ), IPv6 and Domain Name System Security Extensions (DNSSEC).

DNSSEC, for example, is a set of DNS extensions that provide origin authentication of DNS data, data integrity and authenticated denial of existence. DNSSEC protects internet servers from domain name system attacks, e.g. DNS cache poisoning by malicious users. ENISA said several European Country Code Top Level Domain Registries have already adopted the use of DNSSEC and are actively participating in the agency’s activities.

The agency added that it was looking at the potential of all three technologies to help improve the resilience, availability and integrity of the internet. It is also working with regulators, policy makers, network operators, network equipment vendors and academia to establish best practice approaches to tackling the flaws.

The agency is taking stock of existing policies and regulations used locally, across EU Member States, by operators through a series of interviews.

And, to assess the effectiveness of any potential fix and identify potential problems or gaps that arise with those fixes that could compromise the availability of networks and services, the agency will analyse the operator input, in direct consultation with all leading stakeholders, in order to develop EU guidelines.

"The recent spotlight in the news on DNS vulnerabilities and attacks highlights the importance and relevance of ENISA's work on improving the resilience of public communications, vital for European e-government and ultimately, e-business,” said Andrea Pirotti, ENISA’s executive director.

The final results of the agency’s research will be presented at a "Resilience of Public e-Communication Networks" workshop that will take place in Brussels in November.

Email to a friend

Print this page