Day by Day Pregnancy: DNSSEC, From An End-User Perspective, Part 3

In the first post of this DNSSEC series, I have shown the problem (DNS vulnerabilities), and in the second post, the "solution." In this third post, I am going to analyze DNSSEC. Can DNSSEC protect the users against all of the attacks? Or just part of them? What about corner cases?

The following list are the attack types from the first post, where DNSSEC can protect the users:

DNS cache poisoning the DNS server, "Da Old way"
DNS cache poisoning, "Da Kaminsky way"
ISP hijack, for advertisement or spying purposes
Captive portals
Pentester hijacks DNS to test application via active man-in-the-middle
Malicious attacker hijacks DNS via active MITM

The following list are the attack types from the first post, where DNSSEC cannot protect the users:

Rogue DNS server set via malware
Having access to the DNS admin panel and rewriting the IP
ISP hijack, for advertisement or spying purposes
Captive portals
Pentester hijacks DNS to test application via active man-in-the-middle
Malicious attacker hijacks DNS via active MITM

If you are a reader who thinks while reading, you might say "What the hell? Am I protected or not???". The problem is that it depends… In the case where the attacker is between you and your DNS server, the attacker can impersonate the DNS server, downgrade it to a non DNSSEC aware one, and send responses without DNSSEC information.

Now, how can I protect against all of these attacks? Answer is "simple":

Configure your own DNSSEC aware server on your localhost, and use that as a resolver. This is pretty easy, even I was able to do it using tutorials.
Don't let malware run on your system! ;-)
Use at least two-factor authentication for admin access of your DNS admin panel.
Use a registry lock (details in part 1).
Use a DNSSEC aware OS.
Use DNSSEC protected websites.
There is a need for an API or something, where the client can enforce DNSSEC protected answers. In case the answer is not protected with DNSSEC, the connection can not be established.

Now some random facts, thoughts, solutions around DNSSEC:

Did you know .SE signed its zone with DNSSEC in September 2005, as the first TLD in the world?
Did you know DNSSEC was first deployed at the root level on July 15, 2010?
Did you know .NL become the first TLD to pass 1 million DNSSEC-signed domain names?
Did you know that Hungary is in the testing phase of DNSSEC (watch out, it is Hungarian)?
Did you know that you can also use and test that cool DNSSEC validator?
Did you know that there are alternative solutions like DNSCrypt?
Did you know that in the future you might be able to enforce HSTS via DNSSEC?
Did you know that in the future you might be able to use certificate pinning via DNSSEC?

That's all folks, happy DNSSEC configuring ;-)

Note from David:

Huh, I have just accidentally deleted this whole post from Z, but then I got it back from my browsing cache. Big up to Nir Sofer for his ChromeCacheView tool! Saved my ass from kickin'! :D

Why Should you take care of Day by Day Pregnancy?

Taking care of your baby and your body on Day by Day Pregnancy

If you're pregnant now, you should know how important is to take care of yourself and your future baby. Well, pregnant is something that every married girl dream of. Sooner or later, after you married and settle down, your husband and yourself will love to have a new comer in your house, especially if only both of you living together without living with your other family members like your parents, grandparents or any other sibling

It is extremely important to take care of your baby and yourself on day by day pregnancy. You must eat the right food and make sure that the food you ate will not harm your baby and yourself.

Yes, pregnant is great, eating right and good nutrition food for your baby is a must! but how about the excessive pounds you will get when you're pregnant and after you delivered? is it something that you must consider of? as a woman, it is extremely important to take care of our weight, fat means ugly, and what happen when we're fat? of course, we will lost our self confident at first. And what happen when we lost our self confident?

If you're not even dare to look at yourself in the mirror, do you think that your belove husband will like to hug you, kiss you and look at you like before? even if your husband looks at you like before, you might probably think, "what's wrong with him, he look at my fat meat all the time!"

well, dont' let this happens to you. It is Extremely important to get rid of the excessive fat during and after pregnancy.

Here at Pregnancy Without Pounds, I found an absolutely great course and guide for your day by day pregnancy course, free of charge. They'll send you article and some guide several times a week for you to learn how to take care of yourself and your baby.

This is what they claim:

"You absolutely DO NOT have to pack on extra pregnancy weight. Using my 15 years of experience as a health and nutrition coach and hours of research, I discovered the secrets to exercising and eating for pregnancy…
...9 months later I had lost all my weight and I'm now in better shape than I was before I was pregnant!” "

I hope by this Day by Day Pregnancy guide, you will get yourself benefited on it. Sign up to the FREE course now and get your benefit out of it!

Day by Day Pregnancy

Wednesday, January 17, 2024

DNSSEC, From An End-User Perspective, Part 3

More articles

No comments:

Why Should you take care of Day by Day Pregnancy?

Day by Day Pregnancy Free Course

Blog Archive

About Me