Internet security takes a giant leap forward today with the global roll-out of technology aimed at making the public...
network safer for all users without affecting performance.
The Domain Name System (DNS) which translates web site names into IP addresses does not have any inherent security features and is undergoing a security overhaul.
The world's 13 root-name servers have completed preparations for the introduction of the DNS security extensions (DNSSEC) designed to overcome the security weaknesses of DNS.
DNSSEC works by authenticating the origin of DNS data and verifying its integrity while moving across the internet.
The main benefit of DNSSEC is that it will prevent cybercriminals from redirecting users to the fake websites that are typically used to spread malware and carry out phishing attacks.
The DNSSEC public key can now be added to all root name servers, which is an important milestone, according to not-for-profit internet support organisation RIPE NCC.
RIPE NCC, the Regional Internet Registry (RIR) for Europe, the Middle East and parts of Central Asia, has promoted the development and deployment of DNSSEC.
The signing of the root zone marks the culmination of almost two decades of work by the global internet community and the RIPE NCC.
"Now both ISPs and the domain name industry can move on to full deployment of DNSSEC, taking another stop in our effort to make the internet a safer place for all," said Rob Blokzijl, chair of RIPE.
DNSSEC does not ensure confidentiality of data or protect against denial of service attacks, but has been widely seen as a potentially a massive blow to cybercriminals.
However, some security experts have warned against exaggerating the effects of DNSSEC, saying that while the signing of responses from the 13 root zone server clusters is an important step forward, there is more work to be done.
"To be effective, DNSSEC needs to be implemented down the whole DNS chain, from the root down to your ISP or company," said Kevin Hogan, senior director at Symantec Security Response.
Many more milestones have still to be achieved before DNSSEC can fulfil its promise, he said.
Hogan said it also remained to be seen whether or not cyber criminals will find ways around the signed response safeguard introduced by DNSSEC.
Daniel Karrenberg, chief scientist of the RIPE NCC said it is crucial that internet community collaborate globally to protect the sustainable growth of the internet.
Some top level domains (TLDs) such as .uk and .org already use DNSSEC, while many more TLDa like .us and .biz are working on signing their zones.
"As more domains are secured the internet becomes more reliable and stable, benefitting end-users," said Karrenberg.