Home > Resource Center > Library

Library

Datasheets

Secure64® DNS Authority™
Secure64 DNS Authority is the most secure DNS application with the only built-in denial-of-service protection features to help ensure your Internet-dependent business is always accessible.
Secure64® DNS Cache™
Secure64 DNS Cache is high-performance, highly secure DNS caching software with unmatched throughput, extremely low latency, and industry leading five layer defense against cache poisoning attacks.
Secure64® DNS Signer™
Secure64 DNS Signer makes deploying DNSSEC simple and secure, providing Internet-dependent businesses with a powerful means to increase customers’ confidence in transacting online.

Top of page

Whitepapers

Simplifying DNSSEC with Secure64 DNS Signer
This whitepaper provides details about Secure64 DNS Signer deployment options, trusted computing platform, and system components, including DNSSEC key generation and management, the signing engine and DNS zone database, the metadata manager, the parent-child synchronization engine, key backup and recovery, and system monitoring.
How to Plan for DNSSEC: Operating Principles and Deployment Options
This whitepaper begins by helping you set up DNSSEC key and signing policies that are right for your organization. It then discusses the advantages and disadvantages of three different approaches to deploying DNSSEC: do-it-yourself with software, do-it-yourself with a hardware-security module (HSM), and automated commercial products. Finally, it discusses how automated products can greatly reduce implementation time, while increasing security and reducing the chance for errors.
Have I Reached the Party to Whom I am Speaking?
In this whitepaper, we discuss the security vulnerabilities in the current DNS infrastructure. We then examine DNSSEC and how it can benefit organizations and the services that rely on the DNS.
Anycast DNS: The Secret to High Availability and Performance
Anycast is a networking and routing technique in which the same IP address is assigned to multiple hosts or servers that provide the same service. For authoritative name servers, anycast helps improve response times and provides automatic failover when a server goes down. In addition, anycast can improve load distribution and provide additional resiliency against DoS and DDoS attacks. This whitepaper explains the advantages of deploying anycast for DNS in environments where high availability and reliability is critical.
Eliminating Malware and Rootkits: Six Essential Characteristics of a Genuinely Secure OS
Vulnerabilities in general purpose operating systems continue to force companies to invest in costly security equipment and complex system management processes, and yet the cycle of vulnerability, exploit, attack and patch shows no signs of letting up. This whitepaper explores the root causes of today’s security vulnerabilities. It describes the essential characteristics of a Genuinely Secure architecture that eliminates the vulnerabilities that fuel this vulnerability-exploit cycle, using Secure64’s SourceT micro OS as an example implementation.
Surviving DNS DDoS Attacks
DNS servers are vulnerable to a variety of denial-of-service attacks that can severely compromise their ability to perform their intended function. Conventional approaches to defending against such attacks are costly and often ineffective. This whitepaper introduces the concept of a self-protecting DNS server and shows how the integration of attack countermeasures into the operating system’s I/O stack can effectively detect and defend against these debilitating attacks.
Secure64 Cache Poisoning Protection
In 2008, security researcher Dan Kaminsky discovered a fundamental vulnerability in the DNS protocol, which raised a high level of concern about the security and trustworthiness of the DNS. This whitepaper describes five layers of defense provided by Secure64 DNS Cache against the Kaminsky vulnerability, which together provide the highest level of protection against Kaminsky attacks available today.
The 5 Reasons You Should Worry About Your DNS (A Hurwitz & Associates whitepaper)
DNS servers are one of the most critical, yet most vulnerable, network infrastructure applications. Because of their exposure to the Internet, they are among the most vulnerable computers that an organization deploys. This whitepaper explains the top five DNS concerns in depth, providing technical details and background information. It then describes genuinely secure DNS server technology, explaining its approach to handling these important problems.From denial-of-service attacks to poor performance, issues with your DNS servers affect your ability to do business efficiently. Find out how Genuinely Secure DNS servers from Secure64 address these issues.
Breakthrough Security for Internet-Connected Businesses (An Itanium Solutions Alliance whitepaper)
Built from the ground up for high security, the Secure64 DNS Authority application is immune to all forms of malware and highly resistant to network attacks. It also serves as a model for a new generation of ultra-fast, Genuinely Secure Itanium 2-based servers that can be used for a wide range of business applications. (No registration required.)
Itanium 2-based Solutions and the X86 Architecture (An Intel whitepaper)
A number of advanced security capabilities were built into the Intel Itanium 2 microarchitecture, including support for four privilege levels, more than 16 million memory protection keys and the ability to compartmentalize memory. It also provides ultra-fast parallel throughput for encryption algorithms. These capabilities provide fundamental advantages for addressing many of today's security issues, and enable mainframe-class security on industry-standard Itanium 2-based servers. (No registration required.)
Secure64 DNS Authority Software: Performance and Attack Resistance Test Results
An independent test laboratory, ExtremeLabs, measured the performance, performance under attack, and security characteristics of the Secure64 DNS Authority server under a variety of test conditions. Secure64 DNS Authority was found to perform at over 100,000 queries per second, remain available under all network attack conditions up to the saturation point of a Gigabit Ethernet line, and present an extremely low attack surface which could neither be fingerprinted nor exploited.
Secure64 DNS Authority Software: Availability Under Attack Test Results
ExtremeLabs measured the ability of both Secure64 DNS Authority and Linux/BIND, running on the same hardware, to respond to legitimate DNS queries while under three common attacks: a reflected UDP flood, a direct UDP attack, and a TCP SYN flood. Authority remained 100% available under attack until the Gigabit Ethernet line was saturated in both the UDP reflected flood and UDP direct attack. In the TCP SYN flood attack, Secure64 DNS showed high availability compared to BIND. Consistently, BIND became unavailable earlier under attack volumes that are ‘normal’ for the kinds of attacks simulated.
SourceT OS Security Evaluation
Matasano Security evaluated the architecture of the SourceT micro OS in order to validate Secure64’s claim that, for remote attackers, SourceT and its applications are "immune to rootkits and malware". Matasano security experts could identify “no architectural flaws that would allow for the injection of foreign code in to the SourceT system," and “methods which would directly lead to privilege escalation, or allow a remote attacker to alter the boot process, were also not identified.” Matasano evaluated the SourceT architecture against three areas of vulnerability: code injection, privilege level escalation, and alteration or subversion of the trusted boot process, as they comprise the strategy of typical malware such as worms, spyware or Trojan horse applications to introduce arbitrary code into a computing system.

Top of page

Webinars

DNSSEC: A Key Component of FISMA
The DNS system has served us well for over 20 years. It is the first element used in almost every Internet transaction. However, today when users access a web site they simply hope they are getting to the right location. When user send an email they simply hope the mail will be delivered to the right destination.

As more and more governmental, military, defense and critical national infrastructure is Internet based, when more and more citizens interact with their government over the Internet, hope is no longer enough. Fortunately, modern DNS security standards (DNSSEC) are available to secure this essential infrastructure component.
DNSSEC: When SSL Is Not Enough
The Internet is an increasingly unfriendly environment. Companies and organizations are consequently committing significant resources to securing their infrastructure to fight a rising tide of phishing, pharming and other attacks in an apparently never-ending battle. Unfortunately the DNS is too often overlooked in building a secure environment. Without reliable and verifiable results from the DNS, site-based security can be rendered ineffective if a user does not get to the right place – the right IP address.

Fortunately, modern DNS security standards (DNSSEC) are available to secure this essential infrastructure component.

Top of page

Surveys

Study Shows Most Internet-Dependent Businesses Losing Costly Battle Against DNS Attacks
In early 2007, Secure64 commissioned Mazerov Research to conduct a survey of IT administrators to learn about their experiences and concerns with the DNS. The study of 465 IT and business professionals revealed that companies are having to deploy a costly and often complex mix of security measures to keep their DNS protected from malicious attackers. Even so, many businesses remain vulnerable, as over half the respondents reported having fallen victim to some form of malware attack. Over one third had been hit by a denial-of-service attack while over 44 percent had experienced either a pharming or cache poisoning attack. Findings showed both external and internal DNS servers were equally vulnerable, as both types succumbed to attacks with roughly the same frequency.

Top of page