DNSSEC: The extra security step all business sites should implement
Natasa Djukanovic
June 6, 2018

I always imagine a spaceship attack when someone says the word “cyberattack.” And most of the other words describing internet security threats, like spoofing and hijacking, seem like attacks in a galaxy far, far away. When we don’t understand something, a lot of the time we rely on experts to take care of the problem.

However, with one in 10 people falling victim to cybercrime, it’s time for both big and small businesses alike to start taking cybersecurity seriously. If you knew that one extra security step could protect your customers, wouldn’t you take it in a heartbeat? That’s where DNSSEC comes in.

When understanding DNSSEC, it is important to know what happens behind the screen when a user comes to your website. For example, when someone types your website's name in the browser, the computer sends a request for the translation of a domain name into an IP address. Each computer is assigned its own IP address, in a form of strings of numbers. The IP address of domain.me is 50.63.201.97, and thanks to an internet directory called Domain Name System (DNS), you don’t have to worry about remembering it. DNS is made up of thousands of computers which “talk” amongst themselves to find out which one knows the answer. Once they figure it out, the answer is provided to the computer of the user and the request from her computer to the website is sent. This is, of course, oversimplified. You can read more about DNS here.

What is DNSSEC?

DNS + SEC is a set of extensions that add extra security to the DNS protocol. A person with bad intents can hijack the request-answer process. For example: Imagine you’re calling a car-service to make an appointment. Someone answers and books a car for you. There’s no doubt that you dialed a car-service. Or is there? Are you sure you got the right number and not somebody who just wanted your credit card data?

The same can happen online. A hijacker may intercept the communication and send a user to his own deceptive website. This means that somebody wants you to go to a website you think is legitimate and secure, somewhere you leave your personal data like your username, password, credit card number, etc. You probably won’t even suspect that the website is actually fake.

By setting up DNSSEC, you are protected and sure that you get the website you wanted. DNSSEC (Domain Name System Security Extensions) is a technology developed to protect against DNS malicious attacks by digitally signing data so users are sure it is valid.

The Ins of DNSSEC

DNSSEC mitigates the risk of cyber crimes such as man-in-the-middle attacks, DNS spoofing, and cache poisoning. By using it, your customers are protected and can be confident that the website they searched for is on their screens. DNSSEC protects the communication by adding a signature to it, which increases trust in internet activities, such as e-commerce, VoIP, etc. DNSSEC definitely opens the door for more types of secure data transactions.

The Outs of DNSSEC

Although DNSSEC protects you to some extent, it is not a unique solution for all online security problems. That’s why it is crucial to implement other layers of protection, such as SSL certificate and two-factor authentication. Additionally, DNSSEC deployment requires software on every link of the DNS chain, and it has to be deployed through the chain of DNS servers. The signing procedure isn’t so simple, and managing the process on the authoritative side brings more difficulties. Any error on a site’s backend can disrupt site verification causing a perfectly safe site to be flagged. Fortunately, since we aren’t all equally tech-savvy, registrars offer a simple process of deploying DNSSEC.

Conclusion

DNSSEC does not solve all online security issues. However, it is not wrong to say that its contribution deserves to be acknowledged by all of us who are working towards making the internet a safer place. Since the cyber crimes are becoming harder to detect and more serious than ever before, every domain name owner should have DNSSEC enabled, in addition to all the available online tools which can increase the level of online security.

 

An economist by education, Natasa Djukanovic is the sales and marketing director of Domain.ME. She's spent her entire career at the intersection of banking, social media, leadership and technology, and is constantly trying to figure out the secret to being in three different places at the same time.

If you enjoyed this article, sign up for SmartBrief’s free e-mail from the Mobile Marketing Association, among SmartBrief's more than 200 industry-focused newsletters.