Pei Ling Hoo - Fotolia
There has been some controversy around the DNSSEC protocol's ability to protect against online threats. What are...
the pros and cons of DNSSEC implementations? Are there any other protocols or DNS security options that should be used instead?
With all the recent high-profile security vulnerabilities and related breaches, vendors, researchers and government agencies are quick to rush forward with solutions.
Domain Name System Security Extensions (DNSSEC), which was first proposed in 1997, didn't become popular until the DNS cache poisoning bug was uncovered by security researcher Dan Kaminsky nearly a decade ago. Like PKI, single sign-on and many other broad-reaching security controls, DNSSEC has struggled to get off the ground.
It's easy to understand the value of DNSSEC implementation: It helps ensure you're communicating with the network hosts you assume you're communicating with. However, its downsides have been made clear as well: complexities and costs. In fact, many people in IT are not even familiar with it -- nor do they know whether or not they need it.
As more time passes, I believe we will certainly see and hear more about DNSSEC implementations -- at least at the highest levels of the domain name system. As for it being a must-have enterprise security control today? I'm not convinced, but everyone has their own unique environment and assessment/tolerance of security risks.
The way I see it, the real security problems in most organizations don't even require going down the path of implementing technologies and controls such as DNSSEC. Instead, the solutions to most security problems are right before your eyes. It's the low-hanging fruit -- such as weak passwords, unpatched systems and human gullibility -- that are continually ignored by the smallest of startups to the largest of enterprises and their business associates.
Ask the Expert:
Have a question about network security? Send it via email today. (All questions are anonymous.)
Learn how to get started with a DNSSEC implementation
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Kevin Beaver
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading