Why DNSSEC Is Vital
Stolen user names, passwords and personal information. Not what you want associated with your organization’s website. But without DNS security extensions (DNSSEC) that’s exactly what you could face. These days, it’s easier than ever to poison DNS server caches and redirect your traffic to phony, malicious sites. Your organization’s reputation could take a major hit. With Neustar UltraDNS®, you’ve got the right protection.
"IT professionals should understand what DNSSEC can offer... Ultimately, the security advantages will lead to competitive advantages.- Forrester Consulting
Neustar UltraDNS®: Stress-Free DNSSEC
DNSSEC uses digital signature technology to detect cache poisoning attacks, creating keys to authenticate replies to server queries. Like other aspects of DNSSEC, key management can be complex. UltraDNS makes it simple and cost efficient with:
- A DNSSEC-compliant DNS platform
- Easy-to-use Web management portal
- Zone signing (ZSK and KSK keys)
- Automated or manual key rollovers
- Automated key rollover notifications
UltraDNS eases the challenges of cryptography, new policies and procedures, DNS server upgrades and larger domain zones. (Domain zones signed with DNSSEC are larger and contain more records to accommodate cryptographic signatures, potentially requiring extra hardware to handle the load.) As a fully managed service, UltraDNS avoids the need for costly DNSSEC training or additional staff to manage private and public key management.
More About Cache Poisoning
When users connect to websites, their requests must be routed to the correct host. A DNS server, typically run by the user’s ISP, transparently converts the URL to a corresponding IP address. When the correct answer is found, DNS servers cache it for a certain amount of time to decrease network traffic and accelerate future responses. When cyber criminals “poison” these caches with incorrect data, they redirect people to phony sites and steal user names, passwords and credit card data.
DNSSEC further secures the DNS protocol, providing origin authentication of DNS data, data integrity and authenticated denial of existence. Developed specifically to counter cache poisoning attacks, DNSSEC protects your users from receiving forged DNS responses. By including this extra security as a standard feature, UltraDNS delivers peace of mind.