EU agency investigating major DNS flaw

 

Gallery

By Miya Knights

Posted on 17 Sep 2008 at 11:55

The European Network and Information Security Agency (ENISA) is looking at three different measures to bolster the security of the net's addressing system.

The agency, which advises the European Union on public IT and communication security issues, says it is investigating new security measures in response to recently uncovered flaws in the internet's Domain Name Systems (DNS).

The flaws, first identified by security researcher Dan Kaminsky, were proven to be able to poison the servers that translate domain names into internet protocol (IP) addresses, potentially infecting user PCs with malicious code or intercepting and editing email.

ENISA says it is looking into three standard technologies to combat the flaws. They include Multiprotocol Label Switching (MPLS ), IPv6 and Domain Name System Security Extensions (DNSSEC).

DNSSEC, for example, is a set of DNS extensions that provide origin authentication of DNS data, data integrity and authenticated denial of existence. The agency says several European Country Code Top Level Domain Registries have already adopted the use of DNSSEC and are actively participating in the agency's activities.

"The recent spotlight in the news on DNS vulnerabilities and attacks highlights the importance and relevance of ENISA's work on improving the resilience of public communications, vital for European e-government and ultimately, e-business," says Andrea Pirotti, ENISA's executive director.

The final results of the agency's research will be presented at a "Resilience of Public e-Communication Networks" workshop that will take place in Brussels in November.