From the news: More security work to do

The U.S. government has won plaudits from internet experts for mandating the use of a new security mechanism to protect its Web servers from being impersonated with bogus Web sites. But some say the government needs to take further action – not just to protect its own sites, but also the millions of others that businesses, nonprofits and other organizations operate around the world.

Also in this report

DNSsec deadline looms

To seal the deal, the government needs to apply the Domain Name System Security Extensions (DNSsec) to cryptographically sign, or authenticate, the root of the DNS system, not just its own agency Web sites, according to Network World. The root consists of the 13 server clusters located around the world that resolve lookups for domain names and sit at the pinnacle of the Internet’s hierarchy of servers.

The United States could make this happen through its sponsorship of ICANN, the Internet Corporation for Assigned Names and Numbers, a nonprofit corporation in California set up to handle Internet tasks such as operating the root zone and managing domain names and IP addresses. The Commerce Department issued a request for public comments about DNSsec deployment on the root zone in October 2008 but has not yet acted on those recommendations. Lack of DNSsec action at the root level is the result of political wrangling in the Internet community, said Kim Davies, ICANN’s manager of root-zone services.

DNSsec works best and is most efficient when it is applied in an interlocking chain across all levels of the Internet’s hierarchy of servers: the root, top-level domains — such as .gov or .com — and subdomains — such as IRS.gov, or FCW.com.

But because so many players operate on different parts of the Internet, none has considered it to be in their interest to use DNSsec if other levels of the infrastructure do not use it. The U.S. government got the ball rolling last month when the General Services Administration started to use DNSsec to sign the .gov top-level domain. Individual agencies are supposed to sign their subdomains by this December.

Outside government, VeriSign promised last month to deploy DNSsec across all of the top-level domains it operates, including .com and .net, within two years, according to Network World.

Internet experts applaud the U.S. government for mandating the use of a new security mechanism to protect its Web servers from being impersonated with bogus Web sites. But some say the government needs to take further action that will more fully and efficiently protect its sites, in addition to the millions of others that businesses, nonprofits and other organizations around the world operate.

To seal the deal, the government needs to apply the Domain Name System Security Extensions (DNSsec) to cryptographically sign, or authenticate, the root of the DNS system, not just its own agency Web sites, according to Network World. The root consists of the 13 server clusters located around the world that resolve lookups for domain names and sit at the pinnacle of the Internet’s hierarchy of servers.

The United States could make this happen through its sponsorship of the Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit corporation in California set up to handle Internet tasks such as operating the root zone and managing domain names and IP addresses. The Commerce Department issued a request for public comments about DNSsec deployment on the root zone in October 2008 but has not yet acted on those recommendations. Lack of DNSsec action at the root level is because of political wrangling in the Internet community, said Kim Davies, ICANN’s manager of root-zone services.

DNSsec works best and is most efficient when it is applied in an interlocking chain across all levels of the Internet’s hierarchy of servers: the root, top-level domains — such as .gov or .com — and subdomains — such as IRS.gov, or FCW.com.

But because so many players operate different parts of the Internet, none has considered it to be in their interest to use DNSsec if other levels of the infrastructure do not use it. The U.S. government got the ball rolling last month when the General Services Administration started to use DNSsec to sign the .gov top-level domain. Individual agencies are supposed to sign their subdomains by this December.

Outside government, VeriSign promised last month to deploy DNSsec across all of the top-level domains it operates, including .com and .net, within two years, according to Network World.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group