This entry was posted on Thursday, July 31st, 2008 at 8:40 pm and is filed under General Category. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Enterprise organizations must take note of the Kaminsky DNS flaw
|
|
If you haven’t heard about the current DNS vulnerability, here is a
Reader’s Digest-like summary. Security guru Dan Kaminsky found a
vulnerability that could give the bad guys a relatively easy way to
redirect Internet traffic. For example: You might think you are logging on to Bank of America’s Web site. But instead, some hacker may have just exploited a domain name system vulnerability and is now in control of your identity.
Kaminsky deserves credit for finding this flaw and alerting the Internet
community so it could fix the problem. This effort is well under way, but
according to an article in yesterday’s New York Times, Kaminsky believes
that 41 percent of all DNS servers are still vulnerable, meaning that no one has
patched these systems with new software that closes this gaping security
hole.
The danger here is that most of the world will shrug its collective shoulders, dismissing this as a technology problem. The truth is that this is the Internet equivalent of a bridge collapse on Interstate 35W in Minneapolis. This disaster demonstrated that a critical piece of infrastructure was badly in need of repair. Unfortunately, the same is true of DNS, a critical but rickety technology.
Clearly the folks who control most of the Internet infrastructure get
this. Comcast and Verizon have already patched their DNS servers, while
AT&T is in the process of doing so. Great, but what about all of the
companies with a large Internet presence? This is where the Internet may
be most vulnerable, folks. According to ESG Research, 48 percent of large
organizations (i.e. 1,000 employees or more) experienced at least one DNS
outage in the past 12 months. What’s more, 42 percent of these companies consider patching and upgrading DNS a time-consuming operational process. Given
these statistics, my guess is that a lot of enterprises believe that the
DNS problem doesn’t really impact them, that it is really an Internet
infrastructure problem. This is a misguided and dangerous perspective.
DNS anchors all Internet communications, thus it should be considered
critical infrastructure. It’s time that enterprise organizations realized
this and started treating it accordingly. Hopefully Kaminsky’s discovery
will act as a change agent to fix the problem. Otherwise, we could all be
in trouble.
Jon Oltsik is a senior analyst at the Enterprise Strategy Group.
See Also:
- Faster FireWire on way for gigabit generation
- What it takes to bring the Olympics to the PC
- Why Get Crushed by the Divorce “Financial Tsunami” When You Can Quickly Prepare to End it With Money in Your Pocket?
- MIT researchers split water to store solar energy
- Sweden to Receive Scandinavia’s First TomoTherapy System : Lund University Hospital to Offer Swedish Cancer Patients the Most Advanced Image-Guided Radiation Therapy Treatments
[Via CNET - News.com]
Leave a Reply
