New antispam process to make DNS address system more secure
Moves to make the web’s address system more secure will take a major step forward in July.
In the planning for a decade, the Domain Name System Security Extentions, DNSSEC, will help protect users from cyber attacks such as phishing and spam.
The security layer will be added to the web’s address system next month. It should close the loophole that allows hackers to intercept DNS data and redirect users to fake websites.
The Domain Name System (DNS) was created in 1984 to allow computers to ‘read’ net domain names but it had no security features, offering rich possibilities for criminals.
“DNSSEC will improve the security of the web so we can have more confidence in the activities on the network as it increasingly becomes part of our working lives and home lives,” said Leslie Daigle the chief internet technology officer at the Internet Society, which is the home of the standards body that developed DNSSEC.
The new security extension, DNSSEC, basically works by using cryptography and digital signatures to verify each query and ensure that each response that is made has not been compromised or intercepted.
Cyber-criminals are increasingly using false DNS servers to intercept legitimate web addresses and redirect users to fake sites, which steal personal information.
“It acts like tamper-proof packaging to make sure if you type in the website name of your bank that you actually get to the machine that your bank wants you to use and not to a machine that looks like that of your bank but is operated by those who want to take you to a different website to steal your log-in details,” said Ms Daigle.
The reason this move is being seen as a “technological milestone” in shoring up the web is because, although not visible to most users, DNS is an essential part of the way the internet works.
It acts as the net’s address system or phone book by translating website addresses like www.searchclinic.org into the numerical equivalents preferred by machines.
The DNSSEC protocol is being overseen by the Internet Corporation for Assigned Names and Numbers (Icann), which is the administrative body behind net addresses.
It is working with domain-name registrars and root nameservers – which are at the heart of translating web addresses into IP addresses – to make sure the process runs smoothly.
However Ms Daigle told the BBC, DNSSEC cannot solve all the evils perpetrated by cyber-criminals and best practices that people have been using should not be abandoned.
“It is a piece of the security puzzle and while it does build better security around everything people are doing on the internet, users should not become lax in how they protect themselves online,” she said.
