Add Trust to Your DNS

“One of Brazil's biggest banks has suffered an attack that redirected its customers to fraudulent websites that attempted to steal passwords and install malware, according to an unconfirmed report. According to a Google translation of an article penned in Portuguese, the redirection of Bradesco was the result of what's known as a cache poisoning attack on Brazilian internet service provider NET Virtua. DNS cache poisoning attacks exploit weaknesses in the internet's domain name system. ISPs that haven't patched their systems against the vulnerabilities are susceptible to attacks that replace the legitimate IP address of a given website with a fraudulent number. End users who rely on the lookup service are then taken to malicious websites even though they typed the correct domain name into their browser.” The Register

When you visit a web site, send an email, or download software, can you be sure you are communicating with the server you should be? The answer is that you can’t, at least not with certainty.

For organizations that rely on the Internet to perform daily operations, trusting that a DNS query comes from an authorized source and has not been altered in transit is critical. Only DNSSEC can add this high level of security to the DNS.

What is DNSSEC?

DNSSEC adds digital signatures to DNS responses, which are then be validated by the recipient. So, if someone tries to impersonate an authorized DNS server, the response is detected as bogus and discarded. Or if someone tries to forge a response, the forged response is detected and discarded. With DNSSEC, you know with certainty whether a response can be trusted or not.

OMB mandate M-08-23 and FISMA regulations in the federal government have made deploying DNSSEC a requirement. Other industries, such as service providers, financial services and higher education, are also quickly adopting DNSSEC due to its security advantages. But implementing DNSSEC correctly can be difficult. It is a complex process to learn, requiring programming or system integration skills that you may not have available within your organization. And this learning curve, coupled with endless hours of project dedication can turn this into a high ROI initiative. Plus, any mistake may cause your web and email servers to be unreachable.

Secure64 DNS Signer is the first and only DNSSEC key management and zone signing software that makes DNSSEC easy to implement and completely secure. There is no current off-the-shelf application that allows for faster or safer deployment.

Simple, Scalable and Secure

Secure64 DNS Signer fully automates DNSSEC key generation, key rollover, zone signing and re-signing processes, It scales to extremely large, dynamic environments by safely keeping DNSSEC signing keys online while providing incremental zone signing and extremely high signing performance.
Signer integrates into your existing infrastructure configuration. It is fully compatible with Secure64 DNS Authority, BIND, NSD, and Microsoft DNS masters and slaves. And Signer supports all of the RFCs and best practices required to deploy DNSSEC. It’s so simple to use that all you need to do is plug it into your existing DNS infrastructure, turn the application on, and your zones are signed!

Safety First

DNSSEC thwarts many of the attacks used for committing fraud, including

Pharming
Cache poisoning
DNS redirection attacks or hijacking

When an attack occurs, particularly one that is publicized, it degrades the confidence customers have—or no longer have--in the security of their online communications or transactions. By deploying Secure64 DNS Signer you can protect your customers and:

Reduce Costs