DNS |
Sponsored by |
|
In general, a network firewall is just a traffic filter... Filtering rules can be anything from "allow my web server to hear and answer web requests but not other kinds of requests" to "let my users Ping the outside world but do not let outsiders Ping anything on my network." The Internet industry has used firewalls since the mid-1980's and there are now many kinds, from packet layer firewalls to web firewalls to e-mail firewalls. Recently the DNS industry has explored the firewall idea and the results have been quite compelling. In this article I'm going to demonstrate a DNS firewall built using RPZ (Response Policy Zones) and show its potential impact on e-mail "spam". more
Earlier this week we announced our "Proactive Nameservers", which is just marketing speak for what it really is: hot swappable nameservers or nameserver fail over. What is it? ... It's basically what every webmaster, IT department and CTO wishes they had set up before... more
So my prediction from last year that "ICANN will open the new gTLD application period without any glitches" could not have been more wrong. And yes - I actually used the word 'glitches'... Regardless of my crystal-ball gazing skills, it's been another incredibly eventful year, and below are the Top 10 Domain Stories from 2012. more
The ICANN community is ever closer to realization of its goal to bring long-overdue consumer choice and competition to Internet naming. Regrettably, but perhaps predictably, reliance on the Final Applicant Guidebook (AGB) is being challenged at the last minute by recent proposals from the Business and Intellectual Property Constituencies (BC/IPC), which demand "improvements" to the already extensive trademark protections that will be part of the new gTLD landscape. more
It's a simple, straightforward fact that the root is not a TLD. However, the current policy around new gTLDs treats the root like a TLD registry and as anyone who runs a TLD registry knows, they have certain inescapable characteristics that may not be the best for the root. In almost every TLD, once a domain name has been registered, the registrant can use it commercially with few restrictions... more
In February 2012, Neustar surveyed IT professionals across North America to better understand their DDoS experiences. Most were network services managers, senior systems engineers, systems administrators and directors of IT operations. In all, 1,000 people from 26 different industries shared responses about attacks, defenses, ongoing concerns, risks and financial losses. more
Starting in mid-September, one of the largest and most sophisticated DDoS attacks ever targeted the titans of American banking. Initially, victims included Bank of America, JPMorgan Chase, Wells Fargo, PNC Bank, and U.S. Bancorp. In the weeks to come, others would also feel the pain. Websites crashed, customers were unable to make transactions and IT professionals and PR gurus went into panic mode. Leon Panetta, U.S. Secretary of Defense, said the attacks foreshadowed a "Cyber Pearl Harbor." more
If there's one simple - high impact - thing you could do to quickly check whether your network has been taken over by a criminal entity, or uncover whether some nefarious character is rummaging through your organizations most sensitive intellectual property out of business hours, what would it be? In a nutshell, I'd look to my DNS logs. It's staggering to me how few security teams have gotten wise to regularly interrogating the logs from their recursive DNS servers. more
The 85th meeting of the Internet Engineering Task Force (IETF) begins next week in Atlanta, Georgia, USA. Over 1000 engineers, maybe as many as 1400 or more, from all around the world will gather in various working groups to discuss and debate issues relating to the open standards that define the Internet's infrastructure. more
Couple of weeks ago I started a new initiative called "Names, Numbers and Beyond". I started this as I genuinely think we are facing big issues due to the uncontrolled and non-standard growth of the IP and Name space used today and tomorrow. To keep in control and make everything manageable, parcelling out IP address space and the use of tight naming standards/policies is necessary to make networks work better and make them achievable. more
Convincing competitors, disparate business entities and researchers to collaborate - many donating their services and resources - to protect millions of end-users worldwide is no small feat. Yet FBI Supervisory Special Agent Thomas X. Grasso did just that by quietly working behind the scenes to create the DNS Changer Working Group that saved an inestimable number of end-users from losing access to the Web over the last two years. more
As the battle rages over threats to the Internet architecture, a recent publication over the Patent Application for Domain Name Transfers by Verisign is disturbing for those who advocate an open and free Internet. The Application is based on an immediate and direct threat towards an open and free Internet. Just in case people are tempted to think that this was a prank given that they filed it on the 1 April 2011, searches at the United States Patents and Trademark Office (USPTO) reveals that this is a legitimate application . more
Declan McCullagh reporting in CNET: "Twitter last year began to abbreviate all hyperlinks using its t.co domain name -- which had the side effect of introducing a central point of failure where none existed before. That failure happened last night [Sunday Oct 7] around 11:30 p.m. PT when t.co went offline, meaning millions of Twitter users received 'non-existent domain' errors when trying to follow links." more
Kaspersky Lab Expert, Fabio Assolini, has provided detailed description of an attack which as been underway in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, affecting 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems. more
The Internet Society Deploy360 Programme issues a call for speakers for a series of upcoming global ION Conferences. ISOC welcomes submissions from IPv6 and DNSSEC experts to speak at any of the following ION conferences. more
A World-Renowned Source for Internet Developments. Serving Since 2002.