Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Slides:



Advertisements
Similar presentations
Review iClickers. Ch 1: The Importance of DNS Security.
Advertisements

State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.
What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.
Lecture 18 Page 1 CS 236 Online DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Security and Information Assurance for the DNS Dan Massey USC/ISI.
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
PKI To The Masses IPCCC 2004 Dan Massey USC/ISI. 1 March PKI Is Necessary l My PKI related actions since arriving at IPCCC n Used an.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Domain Name System Security Extensions (DNSSEC) Hackers 2.
DNS Security Brad Pokorny The University of Minnesota Informal Security Seminar 4/18/03.
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Information-Centric Networks03a-1 Week 3 / Paper 1 What DNS is not –Paul Vixie –CACM, December 2009, vol. 52, no. 12 Main point –“DNS is many things to.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
CSUF Chapter 6 1. Computer Networks: Domain Name System 2.
Distributed Systems. Outline  Services: DNSSEC  Architecture Models: Grid  Network Protocols: IPv6  Design Issues: Security  The Future: World Community.
Issues in Internet Security. Securing the Internet How does the internet hold up security-wise? How does the internet hold up security-wise? Not well:
IIT Indore © Neminath Hubballi
Wireless and Security CSCI 5857: Encoding and Encryption.
Written By: David Dagon Manos Antonakakis Paul Vixie Georgia Institute of Georgia Institute ofInternet Systems. Technology Technology Consortium Wenke.
1 DNSSEC for the.edu Domain Becky Granger Director, Information Technology and Member Services EDUCAUSE April 29, 2010.
What DNS is Not 0 Kylie Brown, Jordan Eberst, Danielle Franz Drew Hanson, Dennis Kilgore, Charles Newton, Lindsay Romano, Lisa Soros 0 Paul Vixie
Chapter 29 Domain Name System (DNS) Allows users to reference computer names via symbolic names translates symbolic host names into associated IP addresses.
© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested
Domain Name System. CONTENTS Definitions. DNS Naming Structure. DNS Components. How DNS Servers work. DNS Organizations. Summary.
Packet Filtering & Firewalls. Stateless Packet Filtering Assume We can classify a “good” packet and/or a “bad packet” Each rule can examine that single.
1 Madison, Wisconsin 9 September14. 2 Security Overlays on Core Internet Protocols – DNSSEC and RPKI Mark Kosters ARIN Engineering.
© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.
Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.
DNS Security Extension 1. Implication of Kaminsky Attack Dramatically reduces the complexity and increases the effectiveness of DNS cache poisoning –No.
Information-Centric Networks Section # 3.1: DNS Issues Instructor: George Xylomenos Department: Informatics.
BZUPAGES.COM. Presented to: Sir. Muizuddin sb Presented by: M.Sheraz Anjum Roll NO Atif Aneaq Roll NO Khurram Shehzad Roll NO Wasif.
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Presented by Mark Minasi 1 SESSION CODE: WSV333.
Lecture 18 Page 1 CS 236, Spring 2008 DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.
Ch 6: DNSSEC and Beyond Updated DNSSEC Objectives of DNSSEC Data origin authentication – Assurance that the requested data came from the genuine.
DNS Cache Poisoning (pretending to be the authoritative zone) ns.example.co m Webserver ( ) DNS Caching Server Client I want to access
Domain Name System INTRODUCTION to Eng. Yasser Al-eimad
DNS Domain Name System By Alexandros Zampas B101 Coursework The Technology Context.
Internet infrastructure 1. Infrastructure Security r User expectations  Reliable service  Reliable endpoints – although we know of spoofing and phishing.
{ Domain Name System DNS & IP Address Protocols within the Internet Ecosystem. - Amanda Sparling, EMAC 6300.
Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.
DNS Security Risks Section 0x02. Joke/Cool thing traceroute traceroute c
Understand Names Resolution
DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.
Security Issues with Domain Name Systems
DNS Security Advanced Network Security Peter Reiher August, 2014
Principles of Computer Security
DNS Cache Poisoning Attack
DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.
DNSSEC Iván González Montemayor A
Chapter 19 Domain Name System (DNS)
NET 536 Network Security Lecture 8: DNS Security
NET 536 Network Security Lecture 6: DNS Security
COMPUTER NETWORKS PRESENTATION
Computer Networks Presentation
DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.
DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.
Presentation transcript:

Domain Name System | DNSSEC

2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP addresses with a name  IP routing and DNS are the underpinning of unified Internet The World’s Network – the Domain Name System

3 A sample DNS query Where is

4  A computer sends a question to a DNS server, like “where is IANA.org?”  It receives an answer and assumes that it is correct.  There are multiple ways that traffic on the Internet can be intercepted and modified, so that the answer given is false. Making the DNS Secure

5 Receiving the Wrong Answer Where is

Poisoning a Cache  Attacker knows iterative resolvers may cache  Attacker  Composes a DNS response with malicious data about a targeted domain  Tricks a resolver into adding this malicious data to its local cache  Later queries processed by server will return malicious data for the life of the cached entry  Example: user at My Mac clicks on a URL in an message from What is the IPv4 address for loseweightfastnow.com? My Mac My local resolver ecrime name server loseweightfastnow.com IPv4 address is ALSO is at I’ll cache this response… and update 6

7  Protects DNS data against forgery  Uses public key cryptography to sign authoritative zone data  Assures that the data origin is authentic  Assures that the data are what the authenticated data originator published  Trust model also uses public key cryptography  Parent zones sign public keys of child zone (root signs TLDs, TLDs sign registered domains… DNS Security (DNSSEC) 7

8 Authority signs zone data with private key Authorities must keep private keys secret! Public Key Cryptography in DNSSEC 8 DNS Data Signed DNS Data + Digital signatures Signed DNS Data + Digital signatures Publish Sign with Private key Authoritative server

9 Authority publishes public key so that any recipient can decrypt to verify that “the data are correct and came from the right place” Public Key Cryptography in DNSSEC 9 Authoritative server Signed Zone Data Validating recursive server Validate with Public key

10  Manages root key with VeriSign and trusted international representatives of Internet community  Processes requests for changes of public key and other records from registries at top of DNS  Educates and assists Internet community with DNSSEC  Implements DNSSEC on its own domains ICANN’s Role in DNSSEC Deployment

11  Browser and/or Operating System support  DNSSEC support from domain name registration service providers (registrars, resellers)  Misconceptions regarding key management, performance, software/hardware availability and reliability Obstacles to Broader DNSSEC Adoption

12 Fast pace of deployment at the TLD level Deployed at root Supported by software Growing support by ISPs Required by new gTLDs  Inevitable widespread deployment across core Internet infrastructure DNSSEC Deployment

Thank You & Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.