Blog Post

The Business Parallels between IPv6 and DNSSEC

By Thomas Orthbandt

Nominum Logo

Posted on June 13, 2012 in: Network, Security

Tags: ,

 For two things that would seem to be completely unrelated there is an interesting parallel between IPv6 and DNSSEC.  In both cases there is a misalignment of interests between content providers and service?providers.   Content providers aren’t highly motivated to deploy IPv6 because only a small proportion of users have v6 connectivity and even fewer only have v6.  Service providers aren’t anxious to deploy IPv6? because there isn’t a lot of content on v6, and virtually none exclusively on v6 – so they don’t expand the universe of interesting stuff on the web by deploying IPv6.  Basically the same things could be said about DNSSEC.  Content providers don’t sign their domains so there is little reason to validate; and no one is validating so there is little reason to sign, at least until recently.  Fortunately this is starting to change on both fronts.

Blog Post

Spam from mobile networks? Who woulda thought…

By Thomas Orthbandt

Nominum Logo

Posted on May 2, 2012 in: Security

Tags: , ,

Mobile networks aren’t usually thought of as sources of spam, but a quick look at some of the resources that track spam reveals they actually are.  This is counter intuitive at first glance because when most people think of mobile they think of smartphones, and those aren’t known to be sources of spam (at least not yet).  What’s really going on is PCs connected to mobile networks with air cards, or tethered with a smartphone where it’s permissible, are the culprits.  Bot infected PCs aren’t at all uncommon, and of course bots don’t especially care if they’re using a costly mobile data service to send their spam.

Blog Post

DNS on Defense, DNS on Offense

By Thomas Orthbandt

Nominum Logo

Posted on April 18, 2012 in: Security

Tags: ,

Spam is a never-ending problem for service providers.  Unfortunately criminals can still make money at someone else’s expense so they persist in their mindless campaigns.  The DNS is an integral part of well-established techniques for handling incoming spam, so unwanted mail doesn’t get delivered to inboxes.

Read more

Blog Post

Driving DNSSEC

By Thomas Orthbandt

Nominum Logo

Posted on March 21, 2012 in: Security

Tags:

DNSSEC continues to gain momentum as network operators and domain owners watch and learn from early adopters.   The learning process is made easier by efforts such as the ongoing work conducted by researchers at Sandia labs to methodically identify and categorize the kinds of problems that are occurring.

Read more

Blog Post

A Volunteer Army for Defeating Botnets

By Thomas Orthbandt

Nominum Logo

Posted on March 8, 2012 in: Security

Governments around the world are starting to pay attention to botnets and the damage they can inflict.  Recently the Chairman of the US Federal Communications Commission (FCC), Julius Genachowski, called for action to address the bot problem and improve Internet security.

Read more

Blog Post

DNSSEC Implementation

By Thomas Orthbandt

Nominum Logo

Posted on February 21, 2012 in: Security

 

I first became familiar with DNSSEC around 2002 when it was a feature of the Bind9 server, which I was using to setup a new authoritative DNS platform for customers of the ISP I was working for. I looked at it briefly, decided it was too complex and not worth investigating. A couple of years later a domain of a customer got poisoned in another ISPs network. And while the DNS service we provided was working properly, the customers impression was we hadn’t protected them.

Read more

Blog Post

The Power of the Control Plane

By Thomas Orthbandt

Nominum Logo

Posted on January 10, 2012 in: Network, Security

Tags: , ,

Today’s hackers are all about money, they constantly change the face of their exploits to maximize their returns.  These agile attacks require agile defenses.  Moving security protections into the network is essential to enabling more reliable updates of threat information; aggregation also provides significant scaling and manageability benefits.  DNS-based security protections improve agility because DNS queries are a leading indicator of security exposure; from a strategic vantage point the DNS participates in web transactions that provide visibility into the presence of security threats.

Read more

Blog Post

Smarter DNS Makes a Smarter Security Solution

By Thomas Orthbandt

Nominum Logo

Posted on December 20, 2011 in: Network, Security

Tags: , , ,

Network operators and IT departments constantly reassess their security exposure and evaluate the best methods for protecting their networks and end users.  New security solutions are always emerging to help them and one that’s starting to receive a lot of attention is the DNS.  That’s raising an obvious question: “how in the world does the DNS become a security platform?”.

Read more

Blog Post

A Better Way to Protect Networks and End Users

By Thomas Orthbandt

Nominum Logo

Posted on December 15, 2011 in: Network, Security

Tags: , , ,

Everyone agrees protecting Internet users from malware and social engineering exploits like phishing is a valuable thing to do.  At minimum these attacks are a nuisance because they degrade the Internet experience, worst case they can be costly and dangerous.  But protecting networks and end users is becoming more difficult because attackers are making their exploits more dynamic and thus harder to detect.  This is stressing some solutions, like client software, that have been a primary means of protecting end systems.

Read more

Blog Post

Resilient DNS: Maximizing Internet Performance and Preparing for DDOS (part 3 of 3)

By Thomas Orthbandt

Nominum Logo

Posted on December 8, 2011 in: Network, Security

Tags: , , , ,

Just as it’s important for service providers and enterprises to maximize the performance and availability of their caching DNS servers, it’s important for brand owners and IT departments to ensure the robustness of their Authoritative DNS.  Some of the issues are similar, but ensuring security of Authoritative data also has to be considered.

Read more

1 5 6 7 8