Securing the .edu top-level domain with DNSSEC

The .edu domain will soon support DNSSEC authentication to bring better security to the domain name system. It joins .com, .net, .gov, and .org in making the move, reports ars technica.
The report continues:
The domain name system (DNS) resolves Internet addresses like arstechnica.com into a numerical IP address—but the ancient DNS protocol provides little to no security. Hackers have figured out ways to poison the DNS cache, redirecting users who think they’re visiting one site to another, quite different site. The insecurity of this fundamental piece of Internet architecture has been a boon for phishers and other miscreants, and the problems have been recognized for years.

To read this ars technica report in full, see:
arstechnica.com/security/news/2009/09/securing-the-edu-top-level-domain-with-dnssec.ars

A news release announcing the increase of security for .EDU is below:
Security of .edu Internet Domain to Increase [news release]
EDUCAUSE and VeriSign announced today the initiation of a project to enhance Internet reliability and stability. By the end of March 2010, the project will deploy a security system known as Domain Name Security Extensions (DNSSEC) within the .edu portion of the Internet, which EDUCAUSE manages under a cooperative agreement with the U.S. Department of Commerce. When the project is completed, institutions whose domain names end in .edu will be able to incorporate a digital signature into those names to limit a variety of security vulnerabilities.

The Domain Name System (DNS) is the part of the Internet that translates names such as “educause.edu” into numeric addresses (for example, 198.59.61.90). All Internet applications—from electronic mail to online banking—depend on the accuracy and integrity of this translation. Over the years, Internet security experts have discovered a variety of ways that DNS translation may be compromised. The DNSSEC security system limits the problem by allowing owners of domain names to provide a digital signature that adds an extra level of authentication to the translation process.

The project plan includes a test-bed implementation, targeted for September 2009, to allow predeployment testing by a number of selected campuses in a nonproduction environment. Final deployment of DNSSEC for .edu will build on the previously announced U.S. Department of Commerce project to deploy DNSSEC at the authoritative root zone of the Internet.

Diana Oblinger, president and CEO of EDUCAUSE, said, “We are very pleased to be working with VeriSign and the U.S. Department of Commerce to add this important element of security to the Internet. Higher education is increasingly dependent on trustworthy and reliable digital communication for learning, research, and outreach. Adding DNSSEC to the .edu domain is a major step forward for our community and for the Internet. What we learn will be of value to other organizations around the world.”

Shel Waggener, chief information officer of the University of California at Berkeley, noted, “Berkeley is pleased to support EDUCAUSE and VeriSign in testing the improved security of DNSSEC. By digitally signing DNS responses with public-key cryptography, we will be improving the security of one critical aspect of the Internet—the Domain Name System—which otherwise could be exploited for the purposes of fraud or even cyberterrorism. It is our hope that with widespread deployment DNSSEC will help improve Internet security for the higher education community.”

Pat Kane, vice president of VeriSign, said, “VeriSign and EDUCAUSE share a common goal of ensuring that the Internet infrastructure be as secure as possible. That is why we are working together to implement DNSSEC into .edu. EDUCAUSE and VeriSign understand that as a complex initiative, DNSSEC must be introduced carefully and methodically. Our two organizations are committed to that approach.”

“The Internet plays a vital role in higher education by facilitating online learning, collaboration, and research,” said Lawrence E. Strickling, Assistant Secretary for Communications and Information at the Department of Commerce. “We are pleased that DNSSEC will be implemented in the .edu domain, which complements work already underway to better secure the Domain Name System overall.”

EDUCAUSE is the association for information technology in higher education, encompassing over 2,300 colleges, universities, and related organizations. Since October 2001, EDUCAUSE has operated the .edu domain under a cooperative agreement with the U. S. Department of Commerce.

About EDUCAUSE

EDUCAUSE is a nonprofit association and the foremost community of IT leaders and professionals committed to advancing higher education. EDUCAUSE programs and services are focused on analysis, advocacy, community building, professional development, and knowledge creation because IT plays a transformative role in higher education. EDUCAUSE supports those who lead, manage, and use information technology through a comprehensive range of resources and activities. For more information, visit www.educause.edu.

The above news release was sourced from:
www.educause.edu/About+EDUCAUSE/PressReleases/SecurityofeduInternetDomaintoI/178963