Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Nominum aims to make DNSSEC simpler

No need for cryptography experts in-house

By Maxwell Cooter | Techworld | Published: 14:40, 24 November 2009

DNS security should be made easier if it is to be implemented more comprehensively said DNS specialists Nominum.

While a security standard, DNSSEC, has been ratified, there have been very organisations that have actually implemented the technology, while observers have claimed that the difficulty of implementing DNSSEC has meant that its appeal has been limited, even though last year, security researcher Dan Kaminsky revealed the existence of a serious flaw in the technology.

The company has responded to concerns about the difficulty of setting up DNSSEC by making it easier for organisations to implement the technology. The company has automated the process of installing DNSSEC so that errors in implementation can be avoided.

Related Articles on Techworld

Cloud DNS and hardware company teaming up

"There's little doubt that DNSSEC is the domain of the experts," said Bruce van Nice, Nominum's director of product marketing. "Look at the people who have already implemented it - the likes of the Verisign - these are network facilities run by absolute experts."

Van Nice said that Nomimum had facilitated the process by integrating cryptography with its DNS software meaning that users now no longer to follow complex cryptographic processes but can rely on the software to do the cryptography for them. "There's no longer any need to have cryptography experts on hand, the entire process has been automated. The more manual commands that you have to make, the more likely it is that you'll make a mistake -and if you mistake, your domain could just disappear along the way," said van Nice. "For example, just recently the domain .se went off for a couple of hours after a mistake in coding."

The move has the the thumbs-up from Dan Kaminsky himself. "DNSSEC is the big solution that we need to fix authentication. But large organisations need it to be easier and less disruptive to deploy DNSSEC, before they can reasonably be expected to secure their own domain names. That is why I am happy to see Nominum adding comprehensive DNSSEC support to their DNS server platforms - and even happier to see DNSSEC almost entirely automated within it.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.