The Domain Name System is vulnerable to multiple cyberattacks, so the organization has requested to implement better security measures
According to network
security and ethical hacking experts from the International Institute
of Cyber Security, the Internet Corporation for Assigned Names and Numbers
(ICANN) has called for a collective effort to develop a security technology to reinforce
reliability of Domain
Name System (DNS) that can protect website operators from attacks by
the most dangerous hacker groups.
To be specific, what ICANN
proposes is to perform a complete implementation of the DNS Security Extensions
(DNSSEC) on all unsecured domain names. The DNS system is the part of the
Internet infrastructure worldwide that is responsible for moving the names of
sites in common language to IP addresses needed to access websites, use email
platforms, etc. DNSSEC would try to implement a new security layer for DNS.
DNSSEC technologies have existed for almost 10
years, although they are not yet widely used. According to network security
specialists, less than 20% of DNS registrars worldwide have implemented this
technology. It is believed that the adoption of DNSSEC has been delayed because
it could reduce functionality in favor of improving security measures, and that
DNSSEC was always considered an option, not as a security requirement.
This technology could prevent attacks that take
advantage of replies to DNS queries by cryptographically signing DNS records to
verify their authenticity.
The problem is that most DNSSEC implementations
are incompatible with current DNS requirements. “Inherited implementations of
DNSSEC break basic DNS functions, such as geo routing, it is also difficult to
implement this technology in multiple vendors, so performance would be
affected, as well as its availability for final users would be reduced,” said
network security specialists.
According to ICANN, the total implementation of
DNSSEC technology ensures that end users access legitimate online websites and
services. “While this is not a solution to all Internet security issues, DNSSEC
would provide additional protection to a critical sector,” adds ICANN.
In a statement, ICANN claims that its
application is backed by multiple reports that mention groups of malicious
hackers exploiting a wide variety of resources and methodologies to carry out their
plans.
“Some recent cyberattacks have focused on DNS;
hackers make some changes to the domain name structure without authorization,
so you can perform various malicious activities. DNSSEC technology is fully
functional against this type of attack,” says ICANN.
ICANN also published a list of DNS security
measures so that industry members can protect their customers, their
information systems, and their entire infrastructure.
ICANN’s call comes shortly after the U.S.
Department of Homeland Security decreed that all agencies at the federal level
had to reinforce their computer security systems to the growing tide of global
cyberattacks.
