ION Cape Town, 8 September 2015 - DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.

1. Why Implement DNSSEC
ION 2015
Capetown, SA
8 September 2015
Simon M. Balthazar

2. DNS Refresher
● DNS converts names (www.gumtree.co.za) to
numbers (23.214.106.52)
● To identify services such as www and emails.
● Serves as a link between customers and online
businesses and vice versa
● DNS is a critical infrastructure that is a part of
all IT ecosystems. i.e. e-government, online
banking, e-commerce, social networks etc.

3. DNS Data Flow

4. DNS Vulnerabilities

5. DNS: The Problem
● DNS data published by the registry is being
replaced on its path between the server and the
client.
● Kaminsky Bug (2008) reveals a DNS Flaw that
allows hackers to redirect traffic from the
legitimate website to the fake one without
website operator or end user knowing.
● These vulnerabilities calls for a permanent fix!

6. DNSSEC: It is happening ...
● DNSChanger: The Biggest
Cybercriminal Takedown in History –
4M Machines, 100 Countries, $14M
● End-to-end DNSSEC Validation would
have avoided the problems

7. DNSSEC
● DNSSEC secures the name to address
mapping
● DNSSEC introduces digital signatures into DNS
to cryptographically protect its records
● It ensures authentic DNS source and no
modification of data between server and client
● With DNSSEC fully deployed a business can be
sure that a customer gets un-modified data and
vice versa

8. Why DNSSEC?
● With more and more of the world economy and
transactions depending on the Internet
cybersecurity is becoming a major concern for
governments, businesses and end users.
● They expect service providers such as
registrars, registries, and ISPs to invest in
strong security measures.
● They also desire solutions that are easy to
understand, quickly usable and easily
manageable.

9. DNSSEC: Standout from the rest
● Businesses may use DNSSEC offering as a
differentiator and a competitive advantage
against other businesses
● Marketplace has evolved the need to guide
corporate behaviour based on online-safety for
businesses and end users
● Safety, Quality and Stability are essential for the
proper functioning of the DNS marketplace
● Fundamentals requires that we go for values
based competition over price based competition

10. DNSSEC: Save your business
● As Internet becomes essential to the success
and failure of companies, a move to more
secure model is inevitable
● This happens as companies willingly pay
hundreds of dollars to provide enhanced
security for their customers i.e. Online
transaction security using SSL
● Once companies realize that DNSSEC will
protect their domain names against DNS
spoofing then they will adopt

11. Thank You!
● simon [at] tznic.or.tz
● +255 754 711 104