Ver:
· Pharming
·
RFC 4033
- DNS Security Introduction and Requirements
·
RFC 4034 - Resource Records for the DNS Security Extensions
·
RFC 4035 - Protocol Modifications for the DNS Security Extensions
Las Extensiones de seguridad para el Sistema de Nombres de Dominio (del inglés Domain Name System Security Extensions, o DNSSEC) es un conjunto de especificaciones de la Internet Engineering Task Force (IETF) para asegurar cierto tipo de información proporcionada por el sistema de nombre de dominio (DNS) que se usa en el protocolo de Internet (IP). Se trata de un conjunto de extensiones al DNS que proporcionan a los clientes DNS (o resolvers) la autenticación del origen de datos DNS, la negación autenticada de la existencia e integridad de datos, pero no disponibilidad o confidencialidad.
http://es.wikipedia.org/wiki/Domain_Name_System_Security_Extensions
DNSSEC was
designed to protect internet resolvers (clients) from forged DNS data, such as
that created by DNS. All answers in DNSSEC are digitally signed. By checking
the digital signature, a DNS resolver is able to check if the information is
identical (correct and complete) to the information on the authoritative DNS
server. While protecting IP addresses is the immediate concernfor many users,
DNSSEC can protect other information such as general-purpose cryptographic
certificates stored in CERT records in the DNS.
DNSSEC is
intended to protectthe end user from DNS protocol attacks. Unfortunately the
current DNS is vulnerable to so-called spoofing or poisoning attacks, whichcan
fool a cache into accepting false DNS data. Various man-in-the-middle attacks
are also possible. The (DNSSEC) is not designed to end these attacks, but to
make them detectable by the end user.
FY 2013 - Chief Information
Officer - Federal Information Security Management Act - ReportingMetrics,
November 30, 2012
The Domain Name
System Security Extensions (DNSSEC) is a suite of Internet Engineering Task
Force (IETF) specifications for securing certain kinds of information provided
by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It
is a set of extensions to DNS which provide to DNS clients (resolvers) origin
authentication of DNS data, authenticated denial of existence, and data
integrity, but not availability or confidentiality.
http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions
Temas relacionados