A trio of Internet infrastructure companies joined a growing movement of companies testing their technologies with Verisign, an achievement in Internet security.
As Verisign has deployed Domain Name System Security Extensions (DNSSEC) in .net, the largest-ever domain secured by the technology, Arbor Networks, Infoblox and RioRey, have completed testing of their technology solutions in the Verisign DNSSEC Interoperability Lab.
Verisign provides critical infrastructure services that allow users to more securely and reliably use the Internet. Domain Name System Security Extension (DNSSEC) can help strengthen trust in the Internet by helping to protect users from redirection to fraudulent websites and unintended addresses.
The Internet is an increasingly critical infrastructure for the effective functioning of our government, economy, society and national security. Verisign supports DNSSEC as a way to increase trust in the Internet. The successful deployment of DNSSEC requires the support of the entire Internet community and a careful, methodical approach. Verisign is working alongside other members of the Internet community to facilitate a smooth, widely effective implementation of DNSSEC.
DNSSEC helps protect the Domain Name System (DNS) against so-called "cache poisoning" or "man-in-the-middle" attacks by allowing DNS data to be digitally signed and authenticated. These digital signatures authenticate the origin of the data and verify its integrity as it moves throughout the Internet.
Arbor Networks, Infoblox and RioRey (News - Alert) join a growing number of organizations – including A10 Networks, BlueCat Networks, Brocade, Cisco Systems and Juniper Networks – that have taken advantage of the opportunity to verify their solutions at Verisign's DNSSEC Interoperability Lab.
"Arbor Networks is very focused on the problem of infrastructure security and DNS is obviously among the most critical elements of it," said Rob Malan, Arbor Networks chief technology officer. "The Verisign DNSSEC Interoperability Lab allowed us to test our products to review compatibility with DNSSEC. Arbor's customers make up the vast majority of the world's ISPs and many of the largest hosting and data centers operators. This is a critical issue for our customers."
"Systemic vulnerabilities to the DNS, such as cache poisoning, represent a significant threat to e-commerce, online banking, email communications, customer service and even government secrets," said Cricket Liu, vice president of Architecture and Technology at Infoblox (News - Alert), a provider of network infrastructure automation and control, including physical and virtual DNS, DHCP and IP Address Management platforms.
"That's why a successful implementation of DNSSEC is vital, as is the need for the Internet community at large to verify that their solutions are compatible with DNSSEC. On that front, the Verisign DNSSEC Interoperability Lab has proven indispensable," Liu added.
Cache poisoning attacks can occur when hackers corrupt DNS data stored on recursive servers to redirect queries to malicious sites. With DNSSEC, a hacker's ability to poison the cache is eliminated for the zones that are signed and the resolvers that are validating signed records.
"DNSSEC will only be effective if it is implemented from end to end in an effort that is shared across the Internet," added Pat Kane, senior vice president and general manager of naming services at Verisign. "Now following the .net signing, Arbor Networks, Infoblox and RioRey are joining a critical group of forward-thinking Internet companies that are showing the leadership and initiative necessary to make this a truly successful community endeavor. We look forward to helping more Internet stakeholders test their solutions at the DNSSEC Interoperability Lab."
Also, Verisign has rolled out a program to ease DNSSEC deployment and adoption for a wide range of Internet stakeholders. Over the past several months, Verisign has published technical resources, led educational sessions, participated in industry forums and developed tools designed to simplify DNSSEC management.Anamika Singh is a contributing editor for TMCnet. To read more of Anamika's articles, please visit her columnist page.
Edited by Janice McDuffee