DNS creator says flaws in protocol put firms at risk

DNS flaws pose significant threat to business warn experts

Businesses will face ever greater threats to their security unless flaws in some of the building blocks of the internet are rectified, security experts have warned.

Weaknesses in the Domain Name System (DNS) desperately need to be addressed as web-based attacks become increasingly sophisticated, the protocol’s creator, Paul Mockapetris, has warned. DNS provides a mechanism to resolve web addresses.

“The problem is pretty clear ­ there is a big internet out there and all the bad guys and the good guys are mixed together,” said Mockapetris, now chief scientist and chairman of DNS firm Nominum.

“The service providers and broadband networks are in the middle and there are the users who are getting more diverse in a lot of ways. First of all, they are not all using computers these days, they may be using other devices that don’t necessarily have the same security mechanisms,” he said.

Earlier this year, security researcher Dan Kaminsky uncovered a DNS flaw that affected millions of computers across the globe.

Mockapetris believes that attacks based on similar principles will become increasingly sophisticated and that the problem needs to be addressed sooner rather than later.

One option for improving the resilience of DNS is through the use of Domain Name System Security Extensions (DNSSEC), which use digital signatures to solve the problem of DNS poisoning.

“It is time to recognise that we need digital signature technology,” Mockapetris said.

“It will take a while to get that technology in place, but it’s time to pay that price,” he added.

Mockapetris said he does not expect deployment of DNSSEC to be widespread before 2014.