ICANN suggests implementing DNSSEC technology immediately

The Domain Name System is vulnerable to multiple cyberattacks, so the organization has requested to implement better security measures

According to network security and ethical hacking experts from the International Institute of Cyber Security, the Internet Corporation for Assigned Names and Numbers (ICANN) has called for a collective effort to develop a security technology to reinforce reliability of Domain Name System (DNS) that can protect website operators from attacks by the most dangerous hacker groups.

To be specific, what ICANN proposes is to perform a complete implementation of the DNS Security Extensions (DNSSEC) on all unsecured domain names. The DNS system is the part of the Internet infrastructure worldwide that is responsible for moving the names of sites in common language to IP addresses needed to access websites, use email platforms, etc. DNSSEC would try to implement a new security layer for DNS.

DNSSEC technologies have existed for almost 10 years, although they are not yet widely used. According to network security specialists, less than 20% of DNS registrars worldwide have implemented this technology. It is believed that the adoption of DNSSEC has been delayed because it could reduce functionality in favor of improving security measures, and that DNSSEC was always considered an option, not as a security requirement.

This technology could prevent attacks that take advantage of replies to DNS queries by cryptographically signing DNS records to verify their authenticity.

The problem is that most DNSSEC implementations are incompatible with current DNS requirements. “Inherited implementations of DNSSEC break basic DNS functions, such as geo routing, it is also difficult to implement this technology in multiple vendors, so performance would be affected, as well as its availability for final users would be reduced,” said network security specialists.

According to ICANN, the total implementation of DNSSEC technology ensures that end users access legitimate online websites and services. “While this is not a solution to all Internet security issues, DNSSEC would provide additional protection to a critical sector,” adds ICANN.  

In a statement, ICANN claims that its application is backed by multiple reports that mention groups of malicious hackers exploiting a wide variety of resources and methodologies to carry out their plans.

“Some recent cyberattacks have focused on DNS; hackers make some changes to the domain name structure without authorization, so you can perform various malicious activities. DNSSEC technology is fully functional against this type of attack,” says ICANN.

ICANN also published a list of DNS security measures so that industry members can protect their customers, their information systems, and their entire infrastructure.

ICANN’s call comes shortly after the U.S. Department of Homeland Security decreed that all agencies at the federal level had to reinforce their computer security systems to the growing tide of global cyberattacks.