Extensiones de Seguridad para el DNS (DNSSEC)

Ver:

·         Envenenamiento del DNS

·         Pharming

·         Secuestro de DNS

·         Suplantación de DNS

·         RFC 4033 - DNS Security Introduction and Requirements

·         RFC 4034 - Resource Records for the DNS Security Extensions

·         RFC 4035 - Protocol Modifications for the DNS Security Extensions

Extensiones de seguridad para el Sistema de Nombres de Dominio

Las Extensiones de seguridad para el Sistema de Nombres de Dominio (del inglés Domain Name System Security Extensions, o DNSSEC) es un conjunto de especificaciones de la Internet Engineering Task Force (IETF) para asegurar cierto tipo de información proporcionada por el sistema de nombre de dominio (DNS) que se usa en el protocolo de Internet (IP). Se trata de un conjunto de extensiones al DNS que proporcionan a los clientes DNS (o resolvers) la autenticación del origen de datos DNS, la negación autenticada de la existencia e integridad de datos, pero no disponibilidad o confidencialidad.

http://es.wikipedia.org/wiki/Domain_Name_System_Security_Extensions

(en) Domain Name System Security Extension (DNSEC)

DNSSEC was designed to protect internet resolvers (clients) from forged DNS data, such as that created by DNS. All answers in DNSSEC are digitally signed. By checking the digital signature, a DNS resolver is able to check if the information is identical (correct and complete) to the information on the authoritative DNS server. While protecting IP addresses is the immediate concernfor many users, DNSSEC can protect other information such as general-purpose cryptographic certificates stored in CERT records in the DNS.

DNSSEC is intended to protectthe end user from DNS protocol attacks. Unfortunately the current DNS is vulnerable to so-called spoofing or poisoning attacks, whichcan fool a cache into accepting false DNS data. Various man-in-the-middle attacks are also possible. The (DNSSEC) is not designed to end these attacks, but to make them detectable by the end user.

FY 2013 - Chief Information Officer - Federal Information Security Management Act - ReportingMetrics, November 30, 2012

Domain Name System Security Extensions (DNSSEC)

The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions

Temas relacionados

Términos