Aug 13

D-Link News from

D-Link is beefing router security with the inclusion of DNSSEC, CAPTCHA, and IPv6 certification.

D-Link Systems said Wednesday that it is now incorporating DNS Security Extensions (DNSSEC) into its home networking routers to help consumers defend against the rising assault of worms, viruses, hacking and other malicious Web attacks. Previously the company improved router security by adding Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) to models DIR-615, DIR-625, DIR-628, DIR-655, DIR-825, DIR-855, DIR-685, and DGL-4500.

“Unlike other brands, the majority of currently shipping D-Link routers are more difficult to be compromised due to our advanced set of security features,” said A.J. Wang, chief technology officer, D-Link. “We’re excited to be the first in the market to announce we have taken the initiative to implement both CAPTCHA and DNSSEC into our routers, thus providing yet another layer of security, and we’ll continue to provide our users with the latest in advanced security technologies.”

As for CAPTCHA, D-Link integrated the technology in mid-2009. It’s a challenge-response test that verifies that a response during a user logon is actually a human and not computer-generated. Users confirm their organic origins by entering a small amount of text displayed in an image to help prevent automated registration and fraud.

“By incorporating both DNSSEC and CAPTCHA initiatives, D-Link routers now facilitate strong security thus protecting Internet users against man-in-the-middle, cache poisoning and other cyber attacks to ward off web hacking and phishing,” D-Link said.

The company also added that it will be migrating to IPv6 certification. In addition to the new realm of IP addresses, IPv6 brings “certain security measures” including IPSec, a method of authenticating and encrypting data transferred between pairs of hosts that wasn’t part of the specs for IPv4.

DNSSEC, CAPTCHA and IPv6 features are currently available on most currently shipping D-Link’s routers, however more will be updated.

Tags: , , ,

Aug 13

The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

The original design of the Domain Name System (DNS) did not include security; instead it was designed to be a scalable distributed system. The Domain Name System Security Extensions (DNSSEC) attempts to add security, while maintaining backwards compatibility. RFC 3833 attempts to document some of the known threats to the DNS and how DNSSEC responds to those threats.

DNSSEC was designed to protect Internet resolvers (clients) from forged DNS data, such as that created by DNS cache poisoning. All answers in DNSSEC are digitally signed. By checking the digital signature, a DNS resolver is able to check if the information is identical (correct and complete) to the information on the authoritative DNS server. While protecting IP addresses is the immediate concern for many users, DNSSEC can protect other information such as general-purpose cryptographic certificates stored in CERT records in the DNS. RFC 4398 describes how to distribute these certificates, including those for email, making it possible to use DNSSEC as a worldwide public key infrastructure for email.

What is the vulnerability in the DNS?

The efficient work of storing a response that functions as a mid-way point between an end user’s computer and an authoritative server is performed by a caching name server, usually operated by an ISP (Internet Service Provider). The DNS was designed to allow this caching server to accept the first response it receives. It is possible, without the verification provided by DNSSEC authentication, for a malicious user to flood this caching name server with a spoofed response that is, most often, intended to dupe the end user into providing personal and or financial information to what appears to be his or her intended destination.

How does DNSSEC work?

DNSSEC works through a system of keys. At each stage in supplying a DNS query response through the chain that takes it back to the initiator’s machine, a known key and a private key must be matched. In this way, the response to the query is authenticated and the response validated.

Tags: , , ,