Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing the Government’s DNS Infrastructure with DNSSEC April 3, 2012 Matt Larson – Verisign.

Similar presentations


Presentation on theme: "Securing the Government’s DNS Infrastructure with DNSSEC April 3, 2012 Matt Larson – Verisign."— Presentation transcript:

1 Securing the Government’s DNS Infrastructure with DNSSEC April 3, 2012 Matt Larson – Verisign

2 2 The Importance of the Internet & DNSSEC.GOV Domain Space Vital to Government & National Security DNS open to attack Millions of users rely on.GOV DNS Security Extensions Additional Security to the.GOV domain space Securing.GOV domains with DNSSEC is a mandate from the OMB DNSSEC has been “Road Tested”

3 3 OMB Mandate – M0823 Mandate: Apply DNSSEC to 2 nd level.gov names by Dec Approximately 60% compliance

4 4 Signed USG Domains Reference:

5 5 DNSSEC Challenges DNSSEC is a more rigid protocol More complex Management of DNSSEC key pairs May require new equipment for your infrastructure DS Records Manual submission of DS records to parent registry

6 6 Signing Service Product Overview  Product Functionality  Signing of domain name zones & management of associated key rollovers that DNSSEC requires  Cloud based service  Zone signing  Creates the necessary keys / Ongoing key management  Notifications for expiring signatures  What problems does this solve?  Reduces complexity for signing 2 nd level domain names  Reduces the costs for additional equipment to sign and manage names Incorporation of the DNSSEC Signing Service is optional Use of the service does not exclude registrants from using other mechanisms to sign zones

7 7 DNSSEC Signing Service Public DNS Unsigned Zone Master Registrant Registrar Web Site Signed Zone Master Enable Signing Create Unsigned Zone Signed Zone Update Publish Signed Zone Register Domain DNSSEC Publish Unsigned Zone

8 8 DNSSEC Analyzer Tool Tool Available at: debugger.verisignlabs.com Also a Mobile version: p/dnssec- analyzer/id ?mt=8

9 9 DNSSEC Analyzer

10 10 Call to Action – Sign your.GOV name Instruct your technical staff on the urgency of DNSSEC Become compliant with the OMB Mandate 2008/m08-23.pdfhttp://www.whitehouse.gov/sites/default/files/omb/memoranda/fy 2008/m08-23.pdf Signing has been made easier Tools and services are easing the complexity DNSSEC has been “Road Tested” Large top level domains have been signed For more information visit Verisign’s information resource

11 11 Questions?


Download ppt "Securing the Government’s DNS Infrastructure with DNSSEC April 3, 2012 Matt Larson – Verisign."

Similar presentations


Ads by Google