The good, the bad and the ugly of DNS security on the Internet

How to DDOS a federal wiretap; DNS problem linked to DDoS attacks gets worse Network/Systems Management Alert NetworkWorld.com | Update Your Profile | Forward this to a Friend >>> Sponsored by Cisco Forrester Research: ROI of Cisco WAAS and Windows Server In this new study, Forrester conducted nine in-depth interviews with clients using Cisco WAAS and Windows Server. See the many quantifiable results of clients, who on average saw a risk-adjusted ROI of 190% along with a 11-month payback period. Read It Now Spotlight Story The good, the bad and the ugly of DNS security on the Internet The Measurement Factory's fifth annual DNS Survey results show an increasing number of name servers on the Internet that are vulnerable to distributed denial of service attacks. Read full story Related News: How to DDOS a federal wiretap Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S. DNS problem linked to DDoS attacks gets worse Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet's DNS (domain name system), making it easier for hackers to launch distributed denial-of-service (DDoS) attacks against their victims. With botnets everywhere, DDoS attacks get cheaper Cyber-crime just doesn't pay like it used to. Boise State ditches Cisco DNS Boise State University, the largest university in Idaho, has replaced its aging Cisco Network Registrar software with appliances from BlueCat Networks that it says are easier to manage and less expensive to operate for Domain Name System and Dynamic Host Configuration Protocol services. Secure Updates in Server 2008 DNS One of the big benefits of combining AD and DNS on the same system using Active Directory Integrated (ADI) zones is that you can specify that dynamic updates should be "secure." (This operation is accomplished either through the DNS administrative console or the DNSCMD command line tool. You're given the choice in the new zone wizard but you can always change it later on.) Windows Server 2008 R2 supports DNS Security Extensions As promised, the latest version of Windows Server 2008 R2 is the first Windows Server to fully support DNSSEC. DNSSEC is a security protocol that helps to verify that a Web address hasn't been hacked and redirected to a pretender. Better still, Windows 7 also supports DNSSEC, which Microsoft claims is a first among client operating systems. Active Directory Integrated DNS Zones In my last posting I mentioned that it's not necessarily a good idea to always separate AD DS (Active Directory Domain Services) and DNS on different systems. Let's now take a closer look at why that might be the case. If you run DNS on domain controllers, you have the opportunity to use something called Active Directory Integrated zones, or ADI zones. In classical DNS, the zone information... Active Directory and DNS on the Same System I've found the AD/DNS relationship to be one of the least understood aspects of Active Directory, and the literature is full of misinformation and half-truths. I was surprised to realize that in this blog, we've never taken a closer look at how DNS supports the inner workings of Active Directory in Windows Server 2008 and Server 2003. So, to right that wrong, the next few entries will do just that.... VeriSign bolsters security for .com, .net sites VeriSign says it will support DNS Security Extensions, dubbed DNSSEC, in the .net and .com top-level domains by March 2011. November giveaways Cisco Subnet is giving away free books on VMware vSphere security. Microsoft Subnet is giving away training from New Horizons and free books on Exchange Server 2010. Google Subnet is giving away free books on Android app development. Entry forms can be found on the main contest page. Trivia answers are revealed on each main Subnet page. Network World on Twitter? You bet we are Ethernet everywhere! Inside planes, trains, cars and spaceships, Ethernet is a morph master. Here's a look at some of Ethernet's cooler implementations. 7 tools to ease Windows 7 rollout These utilities help you plan, ensure app compatibility and manage images. The Dramatically Shifting Role of Network Management The traditional approach to network management focused just on the availability of networks. While that is still important, today's network managers are also being held responsible for the performance of network and applications. Listen to a conversation between Jim Metzler and Stelio D'Alo that discusses the business, technology and management trends that are impacting your job. View Now Why Print Management Matters Print Management provides a breakthrough answer to today's top business challenge: reducing overhead without harming productivity. Jim Salzer of DocuAudit Intl. shows how Print Management allows you to control documentation expenses by outsourcing the management of your current print environment. Download This Paper Now   November 16, 2009 MOST-READ STORIES How to DDoS a federal wiretap Microsoft rebukes employee who claims Win 7 inspired by OS X Wall St.: HP-3Com union a real Cisco threat What's next for Wi-Fi? Priceless! The 25 funniest vintage tech ads 3Com customers welcome HP Cisco raised a big stink over losing a customer's deal to HP HP and 3Com: a good fit, but not without overlap How Nortel optical networking sale will change the industry HP & 3Com, my two cents Take Control of Change, Configuration & Compliance Live: Wednesday, December 9th 2 PM ET / 11 AM PT. Join Industry experts as they discuss how IT management can now automate continuous configuration compliance across their server infrastructures to maintain security, comply with regulations, follow configuration best practices, and meet SLAs. Register today! EMO Labs: Better Sound Through Innovation at DEMOfall 09 EMO Labs' Invisible Speaker innovation takes People's Choice Award top honors at DEMO conference. Watch EMO Labs product launch.   This email was sent to security.world@gmail.com Complimentary Subscriptions Available for newsletter subscribers. Receive 50 issues of Network World Magazines, in print or electronic format, free of charge. Apply here. Terms of Service/Privacy   Subscription Services Update your profile To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. Unsubscribe Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701 Copyright Network World, Inc., 2009 www.networkworld.com | Forward this to a Friend >>>