With no inherent security, Domain Name System (DNS) servers at a host of organisations have been repeatedly compromised to enable a host of malicious endeavours, including cache poisoning, redirecting phone calls, man-in-the-middle attacks to steal passwords, re-routing email, denial of service attacks and more.
Domain Name Systems Security Extensions (DNSSEC) secures the DNS server hierarchy by digitally signing DNS records in order to ensure that the messages received are the same as those that were sent.
DNSSEC essentially implements public key infrastructures (PKI) to provide a method of secure communication between DNS servers. As a PKI, DNSSEC requires some new procedures such as key generation, signing and key management. But, for all the potential benefits of DNSSEC, the intended gains aren’t guaranteed because the resource records introduced by DNSSEC are kept in an unencrypted file.
It is only when the entire DNSSEC infrastructure is fully and comprehensively secured that organisations can begin to fully enjoy DNSSEC’s benefits. To do so, they need capabilities to do the following:
To ensure the validity of DNS services, DNSSEC employs public key cryptography to digitally sign DNS messages. To realise the security required, robust protection of private signing keys is vital. If the keys and their corresponding digital certificates are compromised, the chain of trust in the DNS hierarchy is broken, rendering the entire system obsolete. This is where Hardware Security Modules (HSMs) come into play.
HSMs are dedicated systems that physically and logically secure the cryptographic keys and cryptographic processing that are at the heart of digital signatures. HSMs support the following functions:
By storing cryptographic keys in a centralised, hardened device, HSMs can eliminate the risks associated with having these assets housed on disparate, poorly secured platforms. In addition, this centralisation can significantly streamline security administration.
An Anchor of Trust in a Digital WorldBusiness and governmental entities recognize their growing exposure to, and the potential ramifications of, information incidents, such as:Failed regulatory auditsFinesLitigationBreach notification costsMarket set-backsBrand injuryAnd even...