On the eve of DNSSEC going live for .com top-level domain, survey results provide interesting perspective on how much is left to do
TACOMA, Wash. -- IID (Internet Identity), a provider of technology and services that help organizations secure their Internet presence, today announced results from a survey of corporate IT security experts on the impact and future of domain name system security extensions (DNSSEC). The survey, conducted in coordination with the Online Trust Alliance, found that half of the respondents either hadn't heard of DNSSEC or expressed limited familiarity with it. Those who do understand the technology believe key obstacles including lack of training/implementation services, slow ISP resolver rollout and limited client-aware applications will lead to a two to five year adoption period.
DNSSEC is an emerging Internet security standard. It is designed to protect Internet users from getting misdirected to unintended Internet destinations by ensuring domain name system (DNS) entries remain unchanged in transit. The Internet's root servers at the top of the DNS hierarchy added DNSSEC support last July. More than 25 top-level domains--including .gov, .org, .edu and .net--have enabled DNSSEC since then. On March 31, DNSSEC will be enabled on the .com top-level domain, which has more than 80 million registered names according to VeriSign, the operator of .com.
Some of the findings of the IID survey include:
1) 50 percent of respondents have never heard of DNSSEC or don't understand it clearly.
2) Of those who are familiar with DNSSEC, a vast majority correctly identified the key benefits for the technology. When asked, "What is the purpose of DNSSEC," the number one answer was to, "Prevent cache-poisoning attacks at recursive nameservers (e.g. your ISP)."
3) Of those surveyed, only one percent acknowledged their organization has experienced losses to date due to cache poisoning attacks.
4) The majority of respondents believe it will take two to five years for DNSSEC to become widely adopted in their industry, and all believe that adoption is inevitable.
5) Only five percent of those polled said their organization has already implemented DNSSEC for their domains, while an additional 16 percent plan to implement it.
6) According to those surveyed, the two biggest overall obstacles to DNSSEC adoption today are Internet Service Provider deployment of DNSSEC resolvers and DNSSEC-aware client applications like browsers and email.
7) When asked about the biggest roadblock to individual DNSSEC adoption, the number one answer was, "Not enough vendors offering services to implement it."
8) That said, many respondents plan to implement it themselves. In response to "Who would you choose to provide a DNSSEC PUBLISHING (authoritative records and key management)" and "Who would you expect to be able to provide a DNSSEC resolving (running recursive nameservers my employees use) implementation for your organization?," a preponderance of respondents answered, "My own internal IT staff."
"This survey provides key insight into the market's knowledge (or lack thereof) regarding DNSSEC, and what the future may hold with the security standard," said IID President and CTO Rod Rasmussen. "Perhaps unsurprisingly, about half of all respondents do not have a clear understanding of the technology or its benefits, indicating the industry still has its work cut out. However, those who have familiarity with DNSSEC seem to understand its key benefits and current challenges, which is promising for eventual adoption."
"While the security community and Federal Government have recognized value of DNSSEC, in order to realize the true benefit, the ecosystem including browser vendors, registrars and the business community must work together to secure the DNS before a major exploit occurs," said Craig Spiezle, Executive Director and President, Online Trust Alliance. "We are encouraged by the adoption of leading government sites and look forward to working with industry leaders including IID to develop tools, resources and prescriptive advice to accelerate adoption with leading banking and ecommerce sites."
The survey was conducted between January 17 and March 28, 2011. Since DNSSEC is a highly technical standard, participants were limited to internal and external IT personnel in charge of Internet security at the world's largest organizations.
About IID
IID (Internet Identity) has been providing technology and services that secure the Internet presence for an organization and its extended enterprise since the company was founded in 1996. It recently started delivering the industry's first and only solution for detecting, diagnosing and mitigating border gateway protocol (BGP) and domain name system (DNS) security and configuration issues for an organization and its extended enterprise. IID also provides anti-phishing, malicious software (malware) and brand security solutions for many of today's leading financial services firms, and e-commerce, social networking and ISP companies, and more. The company is working hard to deliver solutions that help keep the Internet safe and trusted for businesses. IID is headquartered in Tacoma, Washington. More information can be found at www.internetidentity.com.
About The Online Trust Alliance
Formed in 2004, the Online Trust Alliance (OTA) is a global non-profit organization representing the Internet ecosystem, supporting user choice and controls, protection of critical infrastructure, privacy and data governance, promoting marketing best practices and self-regulation. The OTA's mission is to develop and advocate best practices and public policy which mitigate emerging privacy, identity and security threats to businesses, online services, brands, government agencies, organizations and consumers, thereby enhancing online trust and confidence. More information about OTA can be found at: https://otalliance.org or by calling: +1 425-455-7400.
Комментариев нет:
Отправить комментарий