Domain Name System Security Extensions (DNSSEC)

DNSSEC what it really means and how is it related to us......


DNSSEC (short for DNS Security Extensions) adds security to the Domain Name System 

DNSSEC

Domain Name System Security Extension (DNSSEC) will help strengthen trust in the Internet by helping to protect users from redirection to fraudulent web sites and unintended addresses. 


DNSSEC was designed to protect the Internet from certain attacks, such as DNS cache poisoning [0]. It is a set of extensions to DNS, which provide: a) origin authentication of DNS data, b) data integrity, and c) authenticated denial of existence.

These mechanisms require changes to the DNS protocol. DNSSEC adds four new resource record types: Resource Record Signature (RRSIG), DNS Public Key (DNSKEY), Delegation Signer (DS), and Next Secure (NSEC). These new RRs are described in detail in RFC 4034. 



DNSSEC is the only solution that solves the DNS cache poisoning security hole, conclusively. Many top-level zones, including .ARPA, .GOV and .ORG, as well as the root zone, have already been signed using DNSSEC. This new technological strategy allows appropriately configured name servers to validate answers cryptographically from these zones—effectively eliminating the possibility of cache poisoning. In the coming months, many additional zones will be signed, including .NET and .COM. Now, every organization needs to assess its DNSSEC implementation drivers and readiness, and develop a DNSSEC policy and implementation plan. Infoblox can help your organization develop its DNSSEC policy and implementation plan today. However DNSSEC does not provide confidentiality of data at any time and does not protect against DDoS Attacks.There are a  lot of tools available in the market that support DNSSEC you can just try goggling it out.



To make deployment of DNSSEC easier, one can also buy a dedicated "DNSSEC Appliance", which acts as an automated DNS signer for DNS zones. Several vendors are already offering commercial and non-commercial solutions for signing DNS in real time, some of them using external cryptographic hardware such as HSM (Hardware Security Modules), including USB tokens and smart cards. 



Several ISPs have started to deploy DNSSEC-validating DNS recursive resolvers. Comcast became the first major ISP to do so in the United States, announcing their intentions on October 18, 2010 and completing deployment on January 11, 2012.

Key Benefits after implementing DNSSEC:-

• Accelerated path to security and compliance
• Lower operational costs and expertise risks
• Reduced configuration errors to ensure service availability

There's a mobile app for the DNSSEC Analyzer:-

• Android
• Apple IOS

There a lot that I can talk on DNSSEC, more information can be found here 

More information about DNS Weaknesses can be found in the DNS Threats section.

March 8 DNSChanger

The Internet could go dark for millions of users as early as March 8 because of a virus that has corrupted computers in more than 100 countries.



According to 'RT,' innumerable people globally may get impacted starting March 8, 2012, incase the U.S. FBI proceeds to execute its plans towards taking PC-servers offline which were deployed for countering malware. Deccan Chronicle published this on February 15, 2012. It's asserted that the FBI substituted PC-servers, which had been infected with DNSChanger a malicious Trojan virus, with fresh ones of its own, as also is presently considering taking those substituted servers, offline.


The computer script, called DNSChanger Trojan, taps into fraudulent servers, sending users of the Web to unintended - and sometimes illegal - sites.



Last year, authorities in Estonia apprehended six men believed responsible for creating a malicious computer script called the DNSChanger Trojan. Once set loose on the Web, the worm corrupted computers in upwards of 100 countries, including an estimated 500,000 in America alone. The US Federal Bureau of Investigation later stepped up by replacing the rogue Trojan with servers of their own in an attempt to remediate the damage, but the fix was only temporary. Now the FBI is expected to end use of those replacement servers as early as next month and, at that point, the Internet for millions could essentially be over.

About 450,000 computers are still infected with the Trojan, the DNS Changer Working Group recently reported. (The DCWG has a tool on its website to determine if your computer is harboring the malware.)

Following the November bust, the FBI set up temporary Domain Name System "surrogate" servers to enable Web access for those PCs infected by the DNSChanger Trojan, researcher Brian Krebs explained. However, the court order permitting the surrogate servers gave the FBI only until March 8 to operate them.

In three weeks, any computer still infected with DNSChanger will have difficulty getting online. DNS servers translate text-based Web addresses such as "www.securitynewsdaily.com" to Internet Protocol address numbers such as "166.70.35.157." A malfunctioning or missing DNS server will prevent the former from working, though savvy Web users can simply replace it with the latter.

About the infected DNS servers, Wisniewski added: "I say turn them off. It will be a rude wake-up call but an unfortunately necessary one. We all have responsibility for our own security and safety, and it isn't the job of the FBI or anyone else to coddle those who haven't taken the steps to ensure their own safety."

The malware is especially malicious, Gizmodo reports, because it blocks infected users from visiting secure sites that could help them rid of the worm.

March 8

To verify whether you are infected by DNS Changer Trojan, do check your DNS Server ip [ Run-> Cmd-> Ipconfig /all ]
and if the DNS server's ip falls in between these range, then it is possible that your system is infected with the DNS Changer Trojan.

Law enforcement officials and the computer industry have been working together in a coalition to fight the malware. 

The group, called the DNSChanger Working Group, will examine possibilities to fixing the problem.

If no solution is provided, millions of people would be without the Internet.......

Facebook Timeline Rolls Out Worldwide

Now Tell Your Story with Timeline


Facebook on Thursday expanded the availability of its Timeline feature worldwide.Facebook's new Timeline feature, which offers a new way to present your Facebook profile to the world, has gone live today, but you'll have to opt in to get the new features right now.A new new type of profile which allows users to tell the story of their life on a single page.


To get Timeline on your profile, you need to first head over to Facebook's official Timeline page and click the "Get It Now" button at the bottom of the page. Once you enable it on your account, you need to set everything up. You have a seven day review period to tinker with the design before anyone else can see it, or you can hit the publish button and get it going immediately.


"Timeline gives you an easy way to rediscover the things you shared, and collect your most important moments," Paul, an engineering manager on the Timeline team, said in a blog post. "It also lets you share new experiences, like the music you listen to or the miles you run." -  www.pcmag.com


Since the potential for revealing too much is high, Facebook has built in some extra controls around Timeline. The system will default to a seven day review period initially, giving users time to check everything that appears on their timeline before anyone else can see it. A “View As” button allows the layout to be checked from the perspective of different friends groups and non-friends, so you can ensure those slightly risque photos of you and the office photocopier are saved only for loved-ones.

Users will get a seven-day review period before their Timeline is posted to the Web, though it can be published earlier, too. Timeline will replace your existing profile, but stories and photos from that profile will be ported to Timeline.

View SlideshowSee all (6) slides

More

In reviewing your Timeline, you can opt to hide or feature certain stories. To feature something, mouse over the story and click the star to expand it to two columns. The pencil icon will also let you hide, delete, or edit a post.

Posts will include a privacy drop-down menu that lets you select who sees your information: public, friends, only me, or custom.

As best as we can tell, your privacy setting seem to remain intact, but as with any Facebook update, you may want to check and make sure you're not accidentally sharing information you don't want to. Timeline comes with a few new settings of its own, including rules regarding who can post on your Timeline and who can't, so it's worth reviewing your settings before hitting the publish button.


Beginning today Facebook users will receive a notification on their profile asking them if they want to download Timeline or they can click here to learn more about it.


More story from telegraph

For more on Timeline, check out 10 Things You Should Know About Facebook Timeline and the slideshow above. Also see Facebook Timeline and 5 Other Ways to Visualize Your Life Online.