AlbertPacino
Skilled
Technical and political challenges loom
The internet Domain Name System (DNS) requires both a technical and political update if it is to meet future challenges from hackers and accommodate further growth, says a new report from The National Academies Research Council.
The Root Domain Name System is a distributed network of servers run by 13 operators in Europe, North America and Japan.
The servers contain records for all the internet domains in the world, making sure that a web visitor gets connected to the right server. The internet can't function without the system.
"The continued successful operation of the DNS is not assured: many forces are challenging DNS's future," says 'Signposts in Cyberspace: The Domain Name System and Internet Navigation,' the study by a team of leading scientists from the computer industry.
Last year June an army of zombie PCs launched an attack against the DNS system, cutting off access to several search engines including Google and Yahoo for about two hours.
Although last year's attack was quickly fended off, it did point out that the DNS system is susceptible to attacks.
The DNS system is also vulnerable for so-called pharming attacks. Hackers re-route internet traffic to a clone-site looking just like the original one and harvest login names and passwords from unsuspecting web users.
There are technologies available to thwart such attacks such as Domain Name System Security Extensions (DNSSEC) software and Anycast servers. But such security enhancements aren't deployed fast enough, chairman of the study and president of Strategy & Innovation Consulting Roger Levien told vnunet.com.
"Even without any real threats, we have to prepare for the unexpected," he said.
"On the internet you can never predict what kind of attacks will happen. At the root level, the internet fundamentally depends on that system. Nothing may happen, but the risk exists that portions of the root domain name system could go down."
He explained that above to the technical challenges, the governance and administration of the Domain Name System are even more pressing.
Next year will mark the expiration of the mandate for the Internet Corporation for Assigned Names and Numbers (ICANN) and the US Department of Commerce to manage the Domain Name System. ICANN is likely to become the sole steward, but the organisation faces pressure from commercial and political interests that might compromise its independence, the study warns.
Some suggest for instance that the DNS operators should adopt market mechanisms to increase the number of servers and thereby the robustness of the system. Commercial parties could compete by offering optional services such as porn filtering.
But the study warns that such parties might go against existing standards and practices that ensure interoperability across different networks.
Other forces aim to put ICANN under the control of some international political organisation.
"We strongly argue against that," Levien said.
"The issues ICANN deals with surpass those of governments and political interests, and such a structure would only slow down the decision making process. [ICANN] needs to move more quickly than international organisations are typically capable of."
Source
The internet Domain Name System (DNS) requires both a technical and political update if it is to meet future challenges from hackers and accommodate further growth, says a new report from The National Academies Research Council.
The Root Domain Name System is a distributed network of servers run by 13 operators in Europe, North America and Japan.
The servers contain records for all the internet domains in the world, making sure that a web visitor gets connected to the right server. The internet can't function without the system.
"The continued successful operation of the DNS is not assured: many forces are challenging DNS's future," says 'Signposts in Cyberspace: The Domain Name System and Internet Navigation,' the study by a team of leading scientists from the computer industry.
Last year June an army of zombie PCs launched an attack against the DNS system, cutting off access to several search engines including Google and Yahoo for about two hours.
Although last year's attack was quickly fended off, it did point out that the DNS system is susceptible to attacks.
The DNS system is also vulnerable for so-called pharming attacks. Hackers re-route internet traffic to a clone-site looking just like the original one and harvest login names and passwords from unsuspecting web users.
There are technologies available to thwart such attacks such as Domain Name System Security Extensions (DNSSEC) software and Anycast servers. But such security enhancements aren't deployed fast enough, chairman of the study and president of Strategy & Innovation Consulting Roger Levien told vnunet.com.
"Even without any real threats, we have to prepare for the unexpected," he said.
"On the internet you can never predict what kind of attacks will happen. At the root level, the internet fundamentally depends on that system. Nothing may happen, but the risk exists that portions of the root domain name system could go down."
He explained that above to the technical challenges, the governance and administration of the Domain Name System are even more pressing.
Next year will mark the expiration of the mandate for the Internet Corporation for Assigned Names and Numbers (ICANN) and the US Department of Commerce to manage the Domain Name System. ICANN is likely to become the sole steward, but the organisation faces pressure from commercial and political interests that might compromise its independence, the study warns.
Some suggest for instance that the DNS operators should adopt market mechanisms to increase the number of servers and thereby the robustness of the system. Commercial parties could compete by offering optional services such as porn filtering.
But the study warns that such parties might go against existing standards and practices that ensure interoperability across different networks.
Other forces aim to put ICANN under the control of some international political organisation.
"We strongly argue against that," Levien said.
"The issues ICANN deals with surpass those of governments and political interests, and such a structure would only slow down the decision making process. [ICANN] needs to move more quickly than international organisations are typically capable of."
Source
