Security Featured Article

Secure Computing, a provider of enterprise gateway security solutions, said it offers the only commercially available firewall to include Domain Name System Security (DNSSEC) controls mandated by a new Office of Management and Budget (OMB) requirement memo.

 

Secure Firewall, formerly known as Sidewinder, from Secure Computing complies with the OMB requirement memo that mandates that government agencies ensure all ‘.gov’ domains are DNSSEC signed by December 2009.

 

DNS security of organizations has been a grave concern among security professionals. The need for a long-term solution to DNS insecurity was discussed at the Black Hat conference 2008, after a demonstration by Dan Kaminsky from IOActive (News - Alert) in which he outlined an attack that could compromise e-mail, Web, and other systems on any network using DNS redirection.

 

DNSSEC, according to Secure Computing, creates a method for organizations to ensure that the Internet Protocol (IP) addresses they are asking for are authentic and from the requested server rather than a redirected attacker.

 

Secure Firewall appliance provides global visibility of dynamic threats and control for maximum protection. It is capable of blocking viruses, worms, Trojans, intrusion attempts, spam and phishing tactics, cross-site scripting, SQL injections, denial of service (DoS), and attacks hiding in encrypted protocols. The DNSSEC controls of Secure Firewall allow organizations to digitally sign DNS requests between Secure Firewall and an authoritative or root server, the company said.

 

"The OMB mandate of the use of DNSSEC is going to be difficult for some organizations in terms of deployment," said Marcus Sachs, director of the SANS Internet Storm Center, in a statement. SANS Internet Storm Center is a global cooperative cyber threat / Internet security monitor and alert system.

 

"Companies like Secure Computing making DNSSEC technology available in their security products will make it much simpler for federal agencies to comply with the requirement immediately," Sachs continued. 

 

"DNS is the linchpin of the Internet, and the Kaminsky attack demonstrates the ease with which one can exploit systems on the Internet through an insecure DNS," said Scott Montgomery, vice president of Global Technical Strategy for Secure Computing, in a statement. "Our inclusion of DNSSEC within the Secure Firewall is a fundamental part of our commitment to providing the best firewall security in the market."

 

The DNSSEC system is already in place in Sweden and Puerto Rico.