Though the global reliance on the Internet might lead one to believe
otherwise, the worldwide Internet infrastructure is based on some
fragile foundations.
When users type in the URL of their favourite website, they expect the address to take them straight to the correct server, wherever it happens to be. That process of translating the URL into a specific IP address is carried out by a small collection of Domain Name System (DNS) servers. The problem is that, if anyone managed to tamper with the DNS server -- or 'poison' it -- then users could not be sure they were being directed to the right website.
In August 2008, researcher Dan Kaminsky demonstrated that the DNS server protocols were vulnerable to DNS poisoning attacks, sparking debate over how the situation could be rectified. So what is to be done?
The problem -- and some potential solutions -- are explored in a new article by Richard Agar and Kenneth Paterson as part of the 2010 Royal Holloway University of London (RHUL) series. The article summarises Agar's MSc thesis (see below for .pdf).
It explains how the DNS system works, as well as the details of the Kaminsky discovery. It then goes on to look at various ways in which the DNS infrastructure could be better protected, and offers some suggestions for DNS security best practices.
When users type in the URL of their favourite website, they expect the address to take them straight to the correct server, wherever it happens to be. That process of translating the URL into a specific IP address is carried out by a small collection of Domain Name System (DNS) servers. The problem is that, if anyone managed to tamper with the DNS server -- or 'poison' it -- then users could not be sure they were being directed to the right website.
In August 2008, researcher Dan Kaminsky demonstrated that the DNS server protocols were vulnerable to DNS poisoning attacks, sparking debate over how the situation could be rectified. So what is to be done?
The problem -- and some potential solutions -- are explored in a new article by Richard Agar and Kenneth Paterson as part of the 2010 Royal Holloway University of London (RHUL) series. The article summarises Agar's MSc thesis (see below for .pdf).
It explains how the DNS system works, as well as the details of the Kaminsky discovery. It then goes on to look at various ways in which the DNS infrastructure could be better protected, and offers some suggestions for DNS security best practices.
No comments:
Post a Comment