Scientists from the National Institute of Standards and Technology (NIST) are developing standards, guidance, and testing procedures designed to improve the security of the Domain Name System (DNS). Currently, the DNS system lacks the ability to authenticate the integrity of the source or response to the system, making it easier to redirect users away from legitimate addresses to Web sites that participate in phishing or other illegal Internet-based activity.
NIST computer scientists led the development of new Internet Engineering Task Force standards to add digital signatures and associated key management procedures to DNS protocols. These additions, known as DNSSEC, let users validate the authenticity and integrity of the data and will supply the foundation for a new trust infrastructure for the DNS and protocols and systems that depend on it. NIST has posted a draft update of guidelines for DNS security, which is now available for public comment.
Additionally, NIST recently provided technical assistance to ensure the security of the .gov top level domain. "We hope that the .gov deployment of DNSSEC will encourage rapid deployment in other sectors, including government contractors, trading partners, and general e-commerce sites," says NIST researcher Scott Rose.
From NIST Tech Beat
View Full Article
No entries found