Xelerance DNSX Secure Signer: a staple in the new DNS secure world
VeriSign, which operates two of the Internet’s 13 root domain name service (DNS) servers, has called its deployment of DNSSEC in the .com TLD a “critical milestone to improve the integrity” of the Internet, the Inquirer reports.
According to the article, a key advantage with DNSSEC is DNS records can be verified because they are digitally signed using public-key cryptography: “This should, in theory, mitigate the possibility of DNS hijacking attacks, where users are unwittingly sent to the wrong website by having a domain name resolved to an incorrect quad-dot numerical Internet address.”
VeriSign’s move illustrates the importance of getting it right all the time in today’s DNS secure world in which losing a domain – even for a brief period – can be catastrophic for commercial organizations. And mistakes happen: In 2010, Puerto Rico (.pr) vanished from the Internet because the old digital signature was deleted before the new one became active. Recently, France (.fr) was down for 15 minutes because there was no monitoring capability on the software used for signing their DNSSEC key.
“The key to avoiding this is to implement good common practices and then automate those practices,” says Sergius Heifa, President of the Ottawa-based Xelerance Corporation. “Implementing good practices for DNSSEC requires an in-depth knowledge of DNS plus the added in-depth knowledge of security extensions. There are a number of ways to achieve this: hire the talent, contract external consultants, or install automation tools with built-in best practices.”
Xelerance’s flagship product, the DNSX Secure Signer, is the world’s first and only pure DNSSEC appliance. It provides a complete pro-active DNSSEC management and monitoring solution, handling not just the technical signing process but also the implementation of DNSSEC management and security policies mandated and recommended by the U.S. National Institute of Standards and Technology and the Internet Engineering Task Force.
A fully tamper-proof DNSSEC solution with Federal Information Processing Standards (FIPS) 140 Level 3 certification, the DNSX Secure Signer is the fastest product on the market in terms of key-generation and zone-signing speed.
Headquartered in Ottawa, the high-tech capital of Canada, Xelerance offers products and services to secure the Internet. Its DNSX Secure Signer, which won the Best Security Hardware award at FOSE 2010, automates the complicated tasks of managing and maintaining the signature keys required by DNSSEC.
For more information contact: