Most Web surfers are aware of the potential risk of becoming a victim of cyber crime. So, it will be interesting to see how effective a new Web security system called Domain Name System Security Extensions (DNSSEC) will be.
It’s taken about 12 years to get this protocol ready for introduction, and implementation should be complete within the next few months. But what is DNSSEC, and how does it work to stem the escalating threat of cyber attacks?
The system works in conjunction with an already established Web protocol called the Domain Name System (DNS), which was created in the 1980s. In effect, DNSSEC is a verification procedure for DNS data.
In simple terms, end users will know that the site they are visiting is actually operated by the person or company shown. The system incorporates a sequence of security procedures called the chain of authentication.
All this sounds pretty good, but users still need to know that DNSSEC isn’t an encryption-based system. That means hackers can still cyber-snoop into the end user’s transactions.
However, the system does enhance user security. Unless a series of security, registration codes, and customer key codes is fully synchronized, authentication will fail, and users will be unable to compete transactions.
Logically, this is a good thing, particularly when surfers are involved in personal financial transactions. Alternatively, it may cause frustration among end users when they feel no big security risk is relative to the Web activity they are trying to perform.
The Internet Corporation for Assigned Names and Numbers (ICANN), which administers Web addresses, is working with domain-name registrars to make sure the DNSSEC protocol does what it’s intended to do. The registrars are a central element in the conversion of Web addresses into Internet Protocol (IP) addresses
Much of the urgent requirement to lock down Internet security was prompted by the work of scientist Dan Kaminsky. Several years ago, he uncovered a flaw in the DNS protocol that was significantly dangerous for end users.
The flaw would allow cyber criminals to construct Web site impersonations and intercept e-mail. It also would let hackers profit from the illegal use of the “forgotten your password” facility that is a common Web site login feature.
Even though it isn’t a full encryption system, most industry experts believe that DNSSEC will prevent cache-poisoning attacks where surfers are transparently misdirected from a legal site to a site operated by criminals.
A few countries such as Sweden, Bulgaria, and Brazil have already implemented the system. Also, the American government is now working on the introduction of the system relative to its Web operations.
The industry generally believes that DNSSEC will help fight cyber crime. But surfers are still well advised to remember best practices when they’re using the Web.