Educause Security Discussion mailing list archives
FYI-- Welcome to DNSSEC This Month, May 1, Vol. 1, No. 1
From: "T. Charles Yun" <tcyun () INTERNET2 EDU>
Date: Wed, 3 May 2006 14:34:55 -0400
-------- Original Message -------- Subject: [Fwd: Welcome to DNSSEC This Month, May 1, Vol. 1, No. 1] Date: Wed, 03 May 2006 14:06:29 -0400 From: T. Charles Yun <tcyun () internet2 edu> To: DNSSEC () internet2 edu FYI, Amy Friedlander asked me to help spread the word about the new newsletter available at: http://www.dnssec-deployment.org/news/dnssecthismonth/current/ There is a table of contents with links to a quick Internet2/Joint Techs summary (as well as links to the rest of the newsletter). The website clearly telegraphs its purpose in the domain name and I believe that it will be a good resource as the pilot project moves forward. - Charles ps Apologies in advance for multiple copies -------- Original Message -------- Subject: Welcome to DNSSEC This Month, May 1, Vol. 1, No. 1 Date: Mon, 01 May 2006 12:10:27 -0600 Reply-To: Invitation to DNSSEC This Month <news-invite () dnssec-deployment org> To: Invitation to DNSSEC This Month <news-invite () dnssec-deployment org> I'm writing to invite you to subscribe to our free newsletter, DNSSEC THIS MONTH. As you probably know, threats to Internet infrastructure are increasing - although these attacks are not always widely reported in the mainstream media. In a recent study by the Pew Internet and American Life Project, technical experts predicted a serious attack within the next ten years. Engineers have been at work on remedies for over a decade, and deployment of the DNS Security Extensions protocol (DNSSEC) is an important part of a portfolio of tools that can improve the security of the Internet infrastructure. Our coordination project supports that global deployment effort. I've included the full text of the inaugural issue of the newsletter below. Or you can download it from our website: http://www.dnssec-deployment.org/news/dnssecthismonth/ or http://www.dnssec-deployment.org/news/dnssecthismonth/200605-dnssecthismonth /200605-dnssecthismonth.pdf. In the coming months, we plan to expand to include interviews with key players in business, higher education and government. For 10-20 minutes of your time a month, we hope to offer you a way to monitor progress in this important initiative. My apologies in advance if you've received more than one copy of this message. We're employing an opt-in strategy, so if you are interested in receiving the e-mail newsletter on a regular basis, please send a message to news-subscribe () dnssec-deployment org. Please feel free to share this message with others in your company or network of friends and colleagues who might be interested in following these issues. Take us out for spin and let me know what you think. Amy Friedlander Publisher -------------------------------------------------------------------------- DNSSEC THIS MONTH May 1, Vol. 1, No. 1 Welcome to the first edition of DNSSEC THIS MONTH, a monthly newsletter about advances in securing the Internet's naming infrastructure in the government, business and education sectors. Some 10 percent of servers in the network today are vulnerable to domain name system (DNS) attacks, and many experts expect a serious attack on the underlying infrastructure within the next decade. The DNS Security Extensions (DNSSEC) Deployment Coordination Initiative (http://www.dnssec-deployment.org), which produces this newsletter, is part of a global effort to deploy new security measures that will help the DNS perform as people expect it to -- in a trustworthy manner. This newsletter will offer updates on new policies, early adopters and advances in DNS security extension development. The U.S. Department of Homeland Security Science and Technology Directorate provides support for coordination of the Initiative. To subscribe, please send a message to news-subscribe () dnssec-deployment org To unsubscribe, please send a message to news-unsubscribe @dnssec-deployment.org ----------------------------------------------------------------------- 65 percent of American voters say the U.S. government needs to make Internet protection a higher priority. 2005 Cyber Security Industry Alliance survey ---------------------------------------------------------------------- Editor: Denise Graveline Contact: news-editor () dnssec-deployment rg ---------------------------------------------------------------------- * White House unveils R&D plan to boost IT infrastructure security: A new Federal Plan for Cyber Security and Information Assurance Research and Development has been issued by the White House Office of Science and Technology Policy, providing a blueprint for coordination of Federal R&D across agencies that will maximize the impact of investments in this key area of the national interest, according to John H. Marburger III, Science Adviser to the President. The plan, available in a preprint here (http://www.nitrd.gov/pubs/csia/FederalPlan_CSIA_RnD.pdf), notes the expanding role of the domain name system, and with it, an increased need to assure the authenticity of the DNS responses and an increased possibility that the DNS itself will be targeted for attacks. Public comments on the report were taken during April; to order a print copy of the report, click: (http://www.nitrd.gov/pubs/request.php). * DNS Security Extensions (DNSSEC) on path to be included in new federal standards: DNSSEC has been proposed as part of a new standard that aims to help federal agencies improve their information technology security and comply with the Federal Information Security Management Act (FISMA) of 2002. A plan for staged deployment of DNSSEC technology within federal IT systems was included in recently released Draft Special Publication 800-53, Revision 1: Recommended Security Controls for Federal Information Systems. NIST 800-53r1 specifies the mandatory minimum security controls necessary to comply with Federal Information Processing Standards (FIPS) required by the FISMA legislation (Federal Information Processing Standard (FIPS) Publication 200, Minimum Security Requirements for Federal Information and Information Systems; and FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems). A recently released NIST Security Guidance document (Draft NIST Special Publication 800-81, Secure Domain Name System (DNS) Deployment Guide) provides the technical details and detailed implementation guidance to assist agencies in deploy new DNS security measures with confidence. Agencies will have a year after final publication to meet the requirements. See the news release here (http://www.nist.gov/public_affairs/releases/securitystandard.htm) and the Federal Information Processing Standard (FIPS) Publications 199, 200 (http://csrc.nist.gov/publications/fips/) and Special Publications 800-81 and 800-53 (http://csrc.nist.gov/publications/nistpubs/). * Dot-aero endorses DNSSEC adoption, signs Afilias to provide it: SITA, the sponsor and operator of the .aero domain, has encouraged wider adoption of DNSSEC and selected Afilias as the new registry operator for .aero; transition of its registry services is already complete. SITA provides IT business solutions and communications services to the air transport industry. In a statement, SITA announced it "believes that the adoption of DNSSEC is important not only because of the greater incidence of security breaches, but also because of the wider security implications of increased data transfer within air transport operations." * Internet2 Joint Techs Workshop leads to dot-edu advisory group on DNSSEC: Internet2 has formed a dot-edu Internet2 advisory group on adopting the DNSSEC, with participants from Educause, MIT, the University of Oregon, REN-ISAC, University of Massachusetts-Amherst, University of Pennsylvania, University of California-Berkeley and more. Members of the group are discussing the viability of establishing a cross-signing pilot project in which a subset of Internet2 member universities would sign at least one of their zones and exchange keys with others in the experiment. * Signed zones offer new examples of DNSSEC at work: The DNSSEC Deployment Initiative has signed its own domain name. The primary name server ns.shinkuro.com will permit zone transfers for those who would like to see an example of a signed zone. Technical details are available at http://www.dnssec-deployment.org/news/dnssec-deployment.orgissigned.htm.... In Russia, R01 (http://www.r01.ru/), a Russian registrar, is making a signed copy of the .RU zone available on the name server ns.dnssec.ru (195.24.65.7). Registrants with a .RU domain using R01 as a registrar can sign their own zones and R01 will provide secure delegation in the signed copy of the .RU zone. Additional information on the signed zone and how it can be used can be found at http://www.dnssec.ru/. The Swedish national registry (.SE) was the first ccTLD country code top level domain to provide DNSSEC-capable service in November 2005, and the European infrastructure services provider, RIPE NCC, based in the Netherlands, has a major initiative in place to deploy DNSSEC in zones it manages. * Workshops help networks, organizations deploy DNSSEC: While the protocols needed to add additional security to DNS queries and responses exist, network administrators and organizational leaders in all sectors need to accept DNSSEC and put it to use. To help them work through potential issues and concerns about deployment, the Initiative conducts hands-on workshops around the world: o Most recently, a workshop at ICANN's New Zealand meeting in March, gave Internet service providers a live demonstration and presentations from MIT Lincoln Laboratory; MelbourneIT; Afilias Ltd.; UltraDNS; and Shinkuro, Inc., which coordinates the DNSSEC Deployment Initiative. o Members of the Initiative team also presented a one-day DNSSEC workshop at the Internet2 Joint Techs Workshop held in Albuquerque, NM, February 5-9. (See a related plenary talk here http://www.internet2.edu/presentations/jt2006feb/20060208-dnssec-kolkmanmank in.htm.) o Upcoming DNSSEC-related workshops include: an NSEC3 workshop, organized by Nominet and DENIC, on May 8-10, 2006, in Frankfurt, Germany. The workshop will focus on NSEC3 tools and implementation, and comprehensive testing of the NSEC3 RR in NSEC3-only and NSEC/NSEC3 environments. Space is limited and preference will be given to participants with previous NSEC3 involvement or DNSSEC development or deployment experience. To inquire about registration, go here (http://www.dnssec-deployment.org/feedback.htm)... DNSSEC Deployment Initiative team members will present at AusCERT2006 Asia Pacific Information Technology Security Conference in Gold Coast, Australia, on May 24, with a tutorial on May 25. To register, go to https://www.secureregistrations.com/aus06/. * NIST online tool offers test for DNS Security Extensions: A new online instant test from NIST allows you to check the integrity of a particular zone, and whether it will conform to the proposed guidance under NIST special publication 800-81 (see earlier item on proposed new federal standards) by entering the zone name and the zone IP address. Find the tool at http://www-x.antd.nist.gov/dnssec under the "instant test" link. (c) 2006. Shinkuro, Inc. All rights reserved ############################################################# This message was sent to you to invite you to subscribe to: DNSSEC This Month <news () dnssec-deployment org> To subscribe please send a message to: news-subscribe () dnssec-deployment org -- T. Charles Yun tcyun internet2 edu Internet2 1000 Oakbrook Suite 300, Ann Arbor, MI 48108 desk,cell,fax 734.352.4960, 734.730.3300, 734.913.4255 web people.internet2.edu/~tcyun yahoo,msn,aim tcharlesyun -- T. Charles Yun tcyun internet2 edu Internet2 1000 Oakbrook Suite 300, Ann Arbor, MI 48108 desk,cell,fax 734.352.4960, 734.730.3300, 734.913.4255 web people.internet2.edu/~tcyun yahoo,msn,aim tcharlesyun
Current thread:
- FYI-- Welcome to DNSSEC This Month, May 1, Vol. 1, No. 1 T. Charles Yun (May 03)