SECURITY

Tool Improves Security and Understanding of DNS Configurations

Rebecca Kutzer-Rice | Date: 01-23-12 | Comments

• 00
• PrintPDF
• Filed Under: Security




• Researchers have created a tool to improve the effectiveness of a federally mandated DNS security mechanism. Called DNSViz, the tool could increase IT workers’ understandings of how complex DNS configurations work and lessen vulnerabilities from malicious third-party attackers.

• Researchers at Sandia National Laboratories have created a tool to aid government IT workers fix problems with Domain Name System Security Extension (DNSSEC), a government-mandated security feature required for all .gov sites.

  The Domain Name System (DNS) translates the hostname of a URL into an IP address, and therefore it is necessary for everything from Web browsing to checking email. DNS can be insecure because third-party attackers can go unnoticed.

  

  Casey Deccio designed the new visualization tool to help IT workers better understand DNS configurations.

  DNSSEC improves the security of DNS because it enables applications like Web browsers and email software to verify that their IP addresses have not been tampered with for malicious reasons. Since 2008, White House's Office of Management and Budget (OMB) has required DNSSEC for all federal information systems. Unfortunately, DNSSEC is difficult for government systems to use.

  "DNSSEC is hard to configure correctly and has to undergo regular maintenance," explained Casey Deccio, a computer scientist at Sandia, in a statement. "It adds a great deal of complexity to IT systems, and if configured improperly or deployed onto servers that aren't fully compatible, it keeps users from accessing .gov sites. They just get error responses."

  Deccio’s new tool, DNSViz, is "tool for visualizing the status of a DNS zone." It depicts the DNSSEC authentication chain, while highlighting and describing errors that it detects. This simplifies DNSSEC configuration and administration.

  The current version of the tool works as a Web interface. Deccio hopes to expand it with alert mechanisms and application programming interfaces (API). Eventually, it could continuously monitor DNS health and security.

  Deccio is testing DNSViz on the Sandia servers in California, where the tool monitors 100,000 DNS names. Several times each day, it successfully analyzes the organization’s DNS configurations.

IBM Resources

• Protecting against cyberthreats in the modernbusiness infrastructure
• Managing Threats in the Digital Age Whitepaper
• IBM solutions for cybersecurity: Solutions for mitigating threats in the government sector
• 2011 IBM X-Force Mid-Year Trend and Risk Report

Most Read

• Tablets, Smartphones Obsolete PowerPoint
• Top 10 Innovations of 2012
• Cloud Desktop Boosts Small Business
• Quantum Computing Almost Here
• Recent Reports Examine Smartphone Shopping Behaviors
• SMB BI Adoption Grows, Shifts to Cloud
• Tool Educates SMBs on the Cloud
• Facebook Gaming in Decline
• Meeting the Increasing Demand for Remote Internships

Trending

• Cloud Desktop Boosts Small Business
• Robots Construct Reconfigurable Buildings
• Nintendo Wii Diagnoses Eye Malady
• Smart Cities Win Awards
• Shipboard Humanoid Robot to Aid Navy
• Facebook Gaming in Decline
• Motion Control Vaults Augmented Reality
• Success Depends on Phrasing
• Online Video Spells Death for DVD

RELATED CONTENT

• Privacy and Trust On Trial in 2012
• IPv6: Five Things IT Managers Need to Know Before Migrating
• 'Facebook' of Devices Will Secure the Mobile Enterprise
• Hybrid Clouds Roll into the Picture, Part 3: Meeting the IT Challenge
• Cloud Adoption Puts Focus on the WAN
• Secret Service to Adopt 3D Virtual Training Program
• More Than 760 Companies Impacted by International Cyber-Attack

View the IBM Smarter Analytics Leadership Summit

Videos

TWITTER FEED

• 22 minutes agoIBM #SmartCloudEnterprise webcast on June 14 at 11AM (CEST), offering in 5 languages >> Register here http://t.co/IQMx8VJ1 [link in German]
  
• about 1 hour agoRT @CloudSlam IBM #Cloud VP Michael McCarthy to Keynote #CloudSlam 2012 - May 31 at 13.00pm http://t.co/rj1IOZSQ #CloudComputing
  
• about 2 hours agoBaran ErdoÄŸan of @IBMTurk will address @IDC's #Cloud Computing and Datacenter Roadshow 2012 on May 24 Istanbul, Turkey http://t.co/JeiJvhyL
  
• about 3 hours agoTry out the IBM #PureSystems Cloud trial - 90 days no charge >> http://t.co/OhMc5qKv #ibmcloud
  
• about 4 hours ago#CloudForum 2012: “Spring Editionâ€� on May 24 @ Utrecht, Netherlands. Don’t miss keynote of #IBM's Fiona Cullen http://t.co/yKHRMhTw [Dutch]
  
• about 5 hours agoBlog Post: #Cloud industrializes #ERP with IBM Lifecycle as a Service (LCaaS) for SAP Solution http://t.co/w0GoaY6z #thoughtsoncloud
  
• about 5 hours agoGood Morning Europe!
  
• about 5 hours agoThat is it from Asia-Pacific! Over to #Europe!
  
• about 5 hours agoIBM Impact 2012 in June at multiple cities in #India >> Mumbai, Bangalore & Delhi. Details: http://t.co/rjnqO137 #IBMImpact
  
• about 7 hours agoCustomWare & Australia-based GLiNTECH collaborates to deliver IBM Cast Iron #cloud integration services http://t.co/Q2tEhdQN #ibmcloud
  
< PrevNext >

JOIN US

Like us on Facebook Follow us on Twitter Get the Smarter Tech Newsletter Register to view the archived "Data Center Optimization Techniques: Stop Wasting Time & Money" eSeminar Register Now >

Connect with the The Future of IT Architecture blog