Categories

• Automation
• Compliance
• Consolidation
• Data Protection
• Networking News
• News
• RAID
• Security News
• Sencilo News
• Storage News
• Uncategorized
• Vendor News
• Virtualization

Archived by Date

• June 2011
• May 2011
• April 2011
• March 2011
• January 2011
• December 2010
• November 2010
• October 2010
• September 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008

ICANN and overbearing governments are gearing up for a major expansion of the attack surface of the DNS. - January 7, 2008

The use of domain names in most phishing is relatively crude, You see a lot of names like www.somefreewebsite.com/~ingrid/www.bankofamerica.com/.... There's no SSL, and the tricky part of the domain name is off to the right. A user would really have to ignore the domain name and focus on the body of the page, which is where the real phishing expertise comes in.But a potentially lucrative minefield for phishing domains may open up through a series of developments currently underway. One of them is the move by some governments to develop alternative root servers. The other is the development of internationalized domain names, especially top-level domains. In at least one case the two are combined.

The alternative root server is a strange concept to most people, says Brian McCarthy President of Sencilo Solutions. The root servers are the DNS servers that control the root of the DNS. They control the top of the hierarchy or the bottom (root) of the tree, depending on the metaphor you want to use. So eWEEK controls the eweek.com domain; VeriSign controls the .com domain; and the root, the level above .com and also known as "." is controlled by the IANA (the Internet Assigned Numbers Authority).

This Wikipedia article includes a list of alternative roots that exist and the non-standard zones they include. For instance, the home page for OpenNIC is http://opennic.glue/. You might be wondering at that ".glue" top-level domain, and if you click on it you'll get an error. That's because OpenNIC is an alternative root with a completely different name space. Your DNS, probably derivative of your ISP's DNS, doesn't point into the OpenNIC name space. Organizations like OpenNIC sometimes exist in order to escape the control of ICANN. Free to put up any TLD they wish, they have .geek for example.

But OpenNIC does exist on the public Internet; it's not a private network. If your DNS is set up for it, it's possible to see these as well as the real Internet. In fact, UnifiedRoot goes this extra mile, by setting up your systems to see the public DNS as well as their own, on which they sell new TLDs to whoever wants them.

These groups don't worry me. Who's going to use them anyway? I get worried when I see whole countries, like Russia, trying to set up separate roots. In the case of Russia, the government wants more control over the Cyrillic portion of the Internet. They can never have real control as long as the root zone is in the hands of the IANA. Call me a western hegemonist, but I just don't trust the Russian government with a root zone.

Compounding the Russian issue is the ongoing development of IDNs (Internationalized Domain Names), which are domain names that support non-Latin character sets, including the Cyrillic used in Russia. Work on this has been in standards bodies coordinated by ICANN for years and some are in use. Work on Internationalized TLDs is also underway, and here's where the phishing angle becomes really clear. .ru the Russian TLD, translates in Cyrillic to .py, the TLD for Paraguay. It's not hard to see a Cyrillic phishing domain in the Paraguayan .py being used to fool Russian users.

This specific example isn't the real point. I have a general concern about these expansions of the DNS in ways that seem destined to provide massive new opportunities for abuse. The limitations of freedom for the people of Russia and China, which is also interested in both developments. Internationalized domain names are not inherently objectionable, of course, and it would be great if they could be made to work securely. Unfortunately, I see most of the news being about new browser exploits and scams.  It's companies like Infoblox that keep things running.  Read more about this in the 2H2007 Gartner, Inc.'s Magic Quadrant.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.phpAbout Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint