DNSSEC

Domain Name System Security Extensions (DNSSEC) is a process that makes use of digital signatures to enable servers to authenticate and verify the integrity of Domain Name System responses to queries.

Challenges:

  • To minimise risks associated with DNSSEC
  • To safeguard against attackers who gain access to your DNS process and may lure customers to a site that pretends to be yours, tricking them into providing private information
  • To implement DNSSEC in a software in order to prevent attackers from gaining access to signing keys and compromising the DNS query process

Solutions:

  • nShield Hardware Security Modules (HSMs): These HSMs enable top-level domains (TLDs), registrars, registries and enterprises to protect critically important signing processes used to validate the integrity of DNSSEC responses across the Internet, and protect the DNS from 'cache poisoning' and 'man-in-the-middle' attacks. HSMs provide proven and auditable security advantages, enabling proper generation and storage of signing keys to assure the integrity of the DNSSEC validation process.

Benefits:

  • Ensuring integrity of the DNSSEC validation process with independently certified HSMs (FIPS 140-2 Level 3 and Common Criteria EAL4+)
  • Maintaining a strong tamper-resistant hardware boundary and a proven, auditable mechanism to protect valuable signing keys, even when archived
  • Enforcing separation of duties through robust access controls to mitigate the threat of single 'super users' and facilitate regulatory compliance
  • Achieving high availability and improved DNS server performance with unlimited key storage, secure backup and recovery and powerful cryptographic acceleration

Required Products:

  • General Purpose HSMs

 

 

Get In Touch