EU agency takes on DNS flaw
ENISA is looking at system security extensions as one way of strengthening the security of servers handling IP addresses.
The European Network and Information Security Agency (ENISA) has said it is looking at three different measures to bolster the security of the net's addressing system.
The agency, whose job it is to advise the European Union (EU) on public IT and communication security issues, said it was investigating new security measures in response to recently uncovered flaws in the internet's Domain Name Systems (DNS).
The flaws, first identified by security researcher Dan Kaminsky, were proven to be able to poison the servers that translate domain names into internet protocol (IP) addresses, with the potential to infect user PCs with malicious code or intercept and edit email.
ENISA said it is looking into three standard technologies to combat the flaws. They include Multiprotocol Label Switching (MPLS ), IPv6 and Domain Name System Security Extensions (DNSSEC).
DNSSEC, for example, is a set of DNS extensions that provide origin authentication of DNS data, data integrity and authenticated denial of existence. DNSSEC protects internet servers from domain name system attacks, e.g. DNS cache poisoning by malicious users. ENISA said several European Country Code Top Level Domain Registries have already adopted the use of DNSSEC and are actively participating in the agency's activities.
The agency added that it was looking at the potential of all three technologies to help improve the resilience, availability and integrity of the internet. It is also working with regulators, policy makers, network operators, network equipment vendors and academia to establish best practice approaches to tackling the flaws.
The agency is taking stock of existing policies and regulations used locally, across EU Member States, by operators through a series of interviews.
And, to assess the effectiveness of any potential fix and identify potential problems or gaps that arise with those fixes that could compromise the availability of networks and services, the agency will analyse the operator input, in direct consultation with all leading stakeholders, in order to develop EU guidelines.
"The recent spotlight in the news on DNS vulnerabilities and attacks highlights the importance and relevance of ENISA's work on improving the resilience of public communications, vital for European e-government and ultimately, e-business," said Andrea Pirotti, ENISA's executive director.
The final results of the agency's research will be presented at a "Resilience of Public e-Communication Networks" workshop that will take place in Brussels in November.
The state of Salesforce: Future of business
Three articles that look forward into the changing state of Salesforce and the future of businessFree Download
The mighty struggle to migrate SAP to the cloud may be over
A simplified and unified approach to delivering Enterprise Transformation in the cloudFree Download
The business value of the transformative mainframe
Modernising on the mainframeFree Download
The Total Economic Impact™ Of IBM FlashSystem
Cost savings and business benefits enabled by FlashSystemFree Download