SlideShare una empresa de Scribd logo

The History and Benefits of Deploying DNSSEC

Descargar como PPTX, PDF
H
hread

Afilias Dr. James Galvin gives an overview and history of DNSSEC at the .ASIA DNSSEC signing press announcement at the IETF meeting in Beijing on Nov 11, 2010

Tecnología
1 de 11
© Afilias Limited www.afilias.info The History and Value of Deploying DNSSEC Dr. Jim Galvin Director Afilias
© Afilias Limited www.afilias.info • 10 years of experience in critical Internet infrastructure • Best known for domain name registry services in support of 17 million domains across 15 TLDs • Diverse DNS Network handling billions of queries daily • Largest DNSSEC deployment – more TLDs than any other provider Who is Afilias?
© Afilias Limited www.afilias.info What problem does DNSSEC solve? When you visit a website, or send an e- mail, can you be sure you are communicating with the server that you think you are? (At least not with certainty) ON
© Afilias Limited www.afilias.info ITERATIVE RESOLVER AUTHORITATIVE NAME SERVER The risks without DNSSEC…. 4 DOMAIN NAME SYSTEM Cache Poisoning UNAUTHORIZED SERVER Authoritative Name Server Hijacking WEB BROWSER
© Afilias Limited www.afilias.info When does site identity matter? 5 DNSSEC is designed to protect users from the consequences of forged DNS data inserted by malicious actors The DNS was originally build on a model of trust As the Web has expanded, and new criminal exploits have grown more sophisticated, this is no longer an acceptable model for the future of applications and services that rely on the DNS
© Afilias Limited www.afilias.info CACHE trustus.asia = 192.172.3.4 Cache poisoning risks 1. A DNS resolver sends a DNS query and accepts the first response it receives. 2. If a malicious actor were to send back an incorrect response, the resolver would use this address until its cache expired. trustus.asia = DOMAIN NAME SYSTEM 192.168.16.2 trustus.asia SERVER get trustus.asia trustus.asia = 192.172.3.4 192.172.3.4
© Afilias Limited www.afilias.info How can DNSSEC help? • Domain Name System Security Extensions adds security to the Domain Name System • With DNSSEC, users and servers can verify DNS responses for: • Data integrity • Origin authentication • The data is protected. It does not matter what server or resolver provides the data. trustus.asia ? trustus.asia 192.168.16.2 DOMAIN NAME SYSTEM DNSSEC ZONE SERVER
© Afilias Limited www.afilias.info DNSSEC Benefits by User 8 End –User Registrant Registrar Registry Gain confidence of reaching the intended website Fraud mitigation Comply with new industry standards Meet new industry standards Greater brand protection Meet Registrant demands for increased domain security Meet Registrar demands for increased security of their domains
© Afilias Limited www.afilias.info Afilias DNSSEC timeline 2008 June 2009: .ORG zone signed 2009 2010 PIR submitted a .ORG DNSSEC proposal The proposal was approved by ICANN 1st Half 2010: .ORG signed delegations July 2010: Root signing 2011 Project Safeguard: Afilias deploys DNSSEC across 13 more TLDs including .Asia
© Afilias Limited www.afilias.info Adoption timing is a challenge R&D Pioneers Early Adopters Mass Adoption Mainstream Noman’sland • Now requires ISPs and application providers to get on board to envision new services that can bring this security to the mainstream DNSSEC adoption
© Afilias Limited www.afilias.info Thank you!

Recomendados

ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?Deploy360 Programme (Internet Society)
 
Craig Spiezle - How Does Your Site Rank? Audit of the Top 500 Ecommerce Sites
Craig Spiezle - How Does Your Site Rank? Audit of the Top 500 Ecommerce SitesCraig Spiezle - How Does Your Site Rank? Audit of the Top 500 Ecommerce Sites
Craig Spiezle - How Does Your Site Rank? Audit of the Top 500 Ecommerce SitesDigiCert, Inc.
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsAFRINIC
 
150415 - Verisign Recursive DNS
150415 - Verisign Recursive DNS150415 - Verisign Recursive DNS
150415 - Verisign Recursive DNSMichael Kaczmarek
 
ION Belfast - Why Implement DNSSEC? - Jim Galvin
ION Belfast - Why Implement DNSSEC? - Jim GalvinION Belfast - Why Implement DNSSEC? - Jim Galvin
ION Belfast - Why Implement DNSSEC? - Jim GalvinDeploy360 Programme (Internet Society)
 
ION Toronto - Why Implement DNSSEC?
ION Toronto - Why Implement DNSSEC? ION Toronto - Why Implement DNSSEC?
ION Toronto - Why Implement DNSSEC? Deploy360 Programme (Internet Society)
 
Intelligent DNS Scale
Intelligent DNS ScaleIntelligent DNS Scale
Intelligent DNS ScalePeter Silva
 
Best DNS Servers To Use Buy Server Memory Clearance.pptx
Best DNS Servers To Use Buy Server Memory Clearance.pptxBest DNS Servers To Use Buy Server Memory Clearance.pptx
Best DNS Servers To Use Buy Server Memory Clearance.pptxMemory Clearance
 

Recomendados

ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?Deploy360 Programme (Internet Society)
 
Craig Spiezle - How Does Your Site Rank? Audit of the Top 500 Ecommerce Sites
Craig Spiezle - How Does Your Site Rank? Audit of the Top 500 Ecommerce SitesCraig Spiezle - How Does Your Site Rank? Audit of the Top 500 Ecommerce Sites
Craig Spiezle - How Does Your Site Rank? Audit of the Top 500 Ecommerce SitesDigiCert, Inc.
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsAFRINIC
 
150415 - Verisign Recursive DNS
150415 - Verisign Recursive DNS150415 - Verisign Recursive DNS
150415 - Verisign Recursive DNSMichael Kaczmarek
 
ION Belfast - Why Implement DNSSEC? - Jim Galvin
ION Belfast - Why Implement DNSSEC? - Jim GalvinION Belfast - Why Implement DNSSEC? - Jim Galvin
ION Belfast - Why Implement DNSSEC? - Jim GalvinDeploy360 Programme (Internet Society)
 
ION Toronto - Why Implement DNSSEC?
ION Toronto - Why Implement DNSSEC? ION Toronto - Why Implement DNSSEC?
ION Toronto - Why Implement DNSSEC? Deploy360 Programme (Internet Society)
 
Intelligent DNS Scale
Intelligent DNS ScaleIntelligent DNS Scale
Intelligent DNS ScalePeter Silva
 
Best DNS Servers To Use Buy Server Memory Clearance.pptx
Best DNS Servers To Use Buy Server Memory Clearance.pptxBest DNS Servers To Use Buy Server Memory Clearance.pptx
Best DNS Servers To Use Buy Server Memory Clearance.pptxMemory Clearance
 
DNS Security
DNS SecurityDNS Security
DNS Securityjohnmcclure00
 
DNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy
 
DNSSEC for Registrars by .ORG & Afilias
DNSSEC for Registrars by .ORG & AfiliasDNSSEC for Registrars by .ORG & Afilias
DNSSEC for Registrars by .ORG & AfiliasORG, The Public Interest Registry
 
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECDeploy360 Programme (Internet Society)
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of ThingsF5 Networks
 
.Info Gets signed with DNSSEC
.Info Gets signed with DNSSEC.Info Gets signed with DNSSEC
.Info Gets signed with DNSSEChread
 
KTC Profile-august
KTC Profile-augustKTC Profile-august
KTC Profile-augustKTC Host
 
150928 - Verisign Public DNS
150928 - Verisign Public DNS150928 - Verisign Public DNS
150928 - Verisign Public DNSMichael Kaczmarek
 
DNSSEC and VoIP: Who are you really calling?
DNSSEC and VoIP: Who are you really calling?DNSSEC and VoIP: Who are you really calling?
DNSSEC and VoIP: Who are you really calling?Deploy360 Programme (Internet Society)
 
Onlive Server Provides Rock-Solid USA Dedicated Server
Onlive Server Provides Rock-Solid USA Dedicated ServerOnlive Server Provides Rock-Solid USA Dedicated Server
Onlive Server Provides Rock-Solid USA Dedicated ServerShivamKumar994766
 
Monitoring for DNS Security
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS SecurityThousandEyes
 
FOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons LearnedFOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons LearnedNeustar, Inc.
 
Building Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSBuilding Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSDevOps.com
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of ThingsPeter Silva
 
Ultra Dns Overview Presentation
Ultra Dns Overview PresentationUltra Dns Overview Presentation
Ultra Dns Overview Presentationgueste95639
 
DNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to KnowDNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to Knowlaurenrprice
 
ION Mumbai - Jitender Kumar: DNSSEC
ION Mumbai - Jitender Kumar: DNSSECION Mumbai - Jitender Kumar: DNSSEC
ION Mumbai - Jitender Kumar: DNSSECDeploy360 Programme (Internet Society)
 
Fast DNS DNS Product Brief - resolution that is fast, reliable and secure
Fast DNS DNS Product Brief - resolution that is fast, reliable and secureFast DNS DNS Product Brief - resolution that is fast, reliable and secure
Fast DNS DNS Product Brief - resolution that is fast, reliable and secureAkamai Technologies
 
Web hosting.pptx
Web hosting.pptxWeb hosting.pptx
Web hosting.pptxWegdanSobhy1
 
10 Most Successful Linux Hosting Companies You Can Trust
10 Most Successful Linux Hosting Companies You Can Trust10 Most Successful Linux Hosting Companies You Can Trust
10 Most Successful Linux Hosting Companies You Can TrustReal Estate
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Más contenido relacionado

Similar a The History and Benefits of Deploying DNSSEC

DNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of ThingsF5 Networks
 
.Info Gets signed with DNSSEC
.Info Gets signed with DNSSEC.Info Gets signed with DNSSEC
.Info Gets signed with DNSSEChread
 
KTC Profile-august
KTC Profile-augustKTC Profile-august
KTC Profile-augustKTC Host
 
150928 - Verisign Public DNS
150928 - Verisign Public DNS150928 - Verisign Public DNS
150928 - Verisign Public DNSMichael Kaczmarek
 
Onlive Server Provides Rock-Solid USA Dedicated Server
Onlive Server Provides Rock-Solid USA Dedicated ServerOnlive Server Provides Rock-Solid USA Dedicated Server
Onlive Server Provides Rock-Solid USA Dedicated ServerShivamKumar994766
 
Monitoring for DNS Security
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS SecurityThousandEyes
 
FOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons LearnedFOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons LearnedNeustar, Inc.
 
Building Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSBuilding Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSDevOps.com
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of ThingsPeter Silva
 
Ultra Dns Overview Presentation
Ultra Dns Overview PresentationUltra Dns Overview Presentation
Ultra Dns Overview Presentationgueste95639
 
DNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to KnowDNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to Knowlaurenrprice
 
Fast DNS DNS Product Brief - resolution that is fast, reliable and secure
Fast DNS DNS Product Brief - resolution that is fast, reliable and secureFast DNS DNS Product Brief - resolution that is fast, reliable and secure
Fast DNS DNS Product Brief - resolution that is fast, reliable and secureAkamai Technologies
 
10 Most Successful Linux Hosting Companies You Can Trust
10 Most Successful Linux Hosting Companies You Can Trust10 Most Successful Linux Hosting Companies You Can Trust
10 Most Successful Linux Hosting Companies You Can TrustReal Estate
 

Similar a The History and Benefits of Deploying DNSSEC (20)

DNS Security
DNS SecurityDNS Security
DNS Security
 
DNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy Sales Brochure
DNS Made Easy Sales Brochure
 
DNSSEC for Registrars by .ORG & Afilias
DNSSEC for Registrars by .ORG & AfiliasDNSSEC for Registrars by .ORG & Afilias
DNSSEC for Registrars by .ORG & Afilias
 
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSEC
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of Things
 
.Info Gets signed with DNSSEC
.Info Gets signed with DNSSEC.Info Gets signed with DNSSEC
.Info Gets signed with DNSSEC
 
KTC Profile-august
KTC Profile-augustKTC Profile-august
KTC Profile-august
 
150928 - Verisign Public DNS
150928 - Verisign Public DNS150928 - Verisign Public DNS
150928 - Verisign Public DNS
 
DNSSEC and VoIP: Who are you really calling?
DNSSEC and VoIP: Who are you really calling?DNSSEC and VoIP: Who are you really calling?
DNSSEC and VoIP: Who are you really calling?
 
Onlive Server Provides Rock-Solid USA Dedicated Server
Onlive Server Provides Rock-Solid USA Dedicated ServerOnlive Server Provides Rock-Solid USA Dedicated Server
Onlive Server Provides Rock-Solid USA Dedicated Server
 
Monitoring for DNS Security
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS Security
 
FOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons LearnedFOSE 2011: DNSSEC and the Government, Lessons Learned
FOSE 2011: DNSSEC and the Government, Lessons Learned
 
Building Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSBuilding Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNS
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of Things
 
Ultra Dns Overview Presentation
Ultra Dns Overview PresentationUltra Dns Overview Presentation
Ultra Dns Overview Presentation
 
DNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to KnowDNSSEC: What a Registrar Needs to Know
DNSSEC: What a Registrar Needs to Know
 
ION Mumbai - Jitender Kumar: DNSSEC
ION Mumbai - Jitender Kumar: DNSSECION Mumbai - Jitender Kumar: DNSSEC
ION Mumbai - Jitender Kumar: DNSSEC
 
Fast DNS DNS Product Brief - resolution that is fast, reliable and secure
Fast DNS DNS Product Brief - resolution that is fast, reliable and secureFast DNS DNS Product Brief - resolution that is fast, reliable and secure
Fast DNS DNS Product Brief - resolution that is fast, reliable and secure
 
Web hosting.pptx
Web hosting.pptxWeb hosting.pptx
Web hosting.pptx
 
10 Most Successful Linux Hosting Companies You Can Trust
10 Most Successful Linux Hosting Companies You Can Trust10 Most Successful Linux Hosting Companies You Can Trust
10 Most Successful Linux Hosting Companies You Can Trust
 

Último

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Último (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

The History and Benefits of Deploying DNSSEC

  • 1. © Afilias Limited www.afilias.info The History and Value of Deploying DNSSEC Dr. Jim Galvin Director Afilias
  • 2. © Afilias Limited www.afilias.info • 10 years of experience in critical Internet infrastructure • Best known for domain name registry services in support of 17 million domains across 15 TLDs • Diverse DNS Network handling billions of queries daily • Largest DNSSEC deployment – more TLDs than any other provider Who is Afilias?
  • 3. © Afilias Limited www.afilias.info What problem does DNSSEC solve? When you visit a website, or send an e- mail, can you be sure you are communicating with the server that you think you are? (At least not with certainty) ON
  • 4. © Afilias Limited www.afilias.info ITERATIVE RESOLVER AUTHORITATIVE NAME SERVER The risks without DNSSEC…. 4 DOMAIN NAME SYSTEM Cache Poisoning UNAUTHORIZED SERVER Authoritative Name Server Hijacking WEB BROWSER
  • 5. © Afilias Limited www.afilias.info When does site identity matter? 5 DNSSEC is designed to protect users from the consequences of forged DNS data inserted by malicious actors The DNS was originally build on a model of trust As the Web has expanded, and new criminal exploits have grown more sophisticated, this is no longer an acceptable model for the future of applications and services that rely on the DNS
  • 6. © Afilias Limited www.afilias.info CACHE trustus.asia = 192.172.3.4 Cache poisoning risks 1. A DNS resolver sends a DNS query and accepts the first response it receives. 2. If a malicious actor were to send back an incorrect response, the resolver would use this address until its cache expired. trustus.asia = DOMAIN NAME SYSTEM 192.168.16.2 trustus.asia SERVER get trustus.asia trustus.asia = 192.172.3.4 192.172.3.4
  • 7. © Afilias Limited www.afilias.info How can DNSSEC help? • Domain Name System Security Extensions adds security to the Domain Name System • With DNSSEC, users and servers can verify DNS responses for: • Data integrity • Origin authentication • The data is protected. It does not matter what server or resolver provides the data. trustus.asia ? trustus.asia 192.168.16.2 DOMAIN NAME SYSTEM DNSSEC ZONE SERVER
  • 8. © Afilias Limited www.afilias.info DNSSEC Benefits by User 8 End –User Registrant Registrar Registry Gain confidence of reaching the intended website Fraud mitigation Comply with new industry standards Meet new industry standards Greater brand protection Meet Registrant demands for increased domain security Meet Registrar demands for increased security of their domains
  • 9. © Afilias Limited www.afilias.info Afilias DNSSEC timeline 2008 June 2009: .ORG zone signed 2009 2010 PIR submitted a .ORG DNSSEC proposal The proposal was approved by ICANN 1st Half 2010: .ORG signed delegations July 2010: Root signing 2011 Project Safeguard: Afilias deploys DNSSEC across 13 more TLDs including .Asia
  • 10. © Afilias Limited www.afilias.info Adoption timing is a challenge R&D Pioneers Early Adopters Mass Adoption Mainstream Noman’sland • Now requires ISPs and application providers to get on board to envision new services that can bring this security to the mainstream DNSSEC adoption
  • 11. © Afilias Limited www.afilias.info Thank you!

Notas del editor

  1. DNSSEC is not new, having been in develop since 1992.