TKEY Vulnerability in BIND DNS Server

The Domain Naming System (DNS) has been a core technology to the usefulness of the Internet since the beginning of its public introduction. The ability to associate an English-readable fully qualified domain name (FQDN) with an IPv4 address is crucial to its user-friendliness. Due to its age, several flaws have been discovered in its code, one of the more recent being referenced as CVE-2015-5477, which affects all versions of Berkeley Internet Naming Daemon (BIND) available before July 31, 2015. We will cover what this error is, describe and test its effectiveness against an older BIND v. 9.9.6 server, and discuss options for resolving the issue

Estudio sobre la importancia de los sistemas de monitoreo de redes de datos en las empresas

Mostrar la importancia de los sistemas de monitoreo dentro de las empresas, mostrando la variedad de software existentes en el mercado, tipos de ataques orientados a la red y ataques informáticos a nivel empresarial.Show the importance of monitoring systems within companies, show the variety of software identified in the market, types of network-oriented attacks and business-level computer attacks

DETERMINING THE INFLUENCE OF THE NETWORK TIME PROTOCOL (NTP) ON THE DOMAIN NAME SERVICE SECURITY EXTENSION (DNSSEC) PROTOCOL

Recent hacking events against Sony Entertainment, Target, Home Depot, and bank Automated Teller Machines (ATMs) fosters a growing perception that the Internet is an insecure environment. While Internet Privacy Concerns (IPCs) continue to grow out of a general concern for personal privacy, the availability of inexpensive Internet-capable mobile devices increases the Internet of Things (IoT), a network of everyday items embedded with the ability to connect and exchange data. Domain Name Services (DNS) has been integral part of the Internet for name resolution since the beginning. Domain Name Services has several documented vulnerabilities; for example, cache poisoning. The solution adopted by the Internet Engineering Task Force (IETF) to strengthen DNS is DNS Security Extensions (DNSSEC). DNS Security Extensions uses support for cryptographically signed name resolution responses. The cryptography used by DNSSEC is the Public Key Infrastructure (PKI). Some researchers have suggested that the time stamp used in the public certificate of the name resolution response influences DNSSEC vulnerability to a Man-in-the-Middle (MiTM) attack. This quantitative study determined the efficacy of using the default relative Unix epoch time stamp versus an absolute time stamp provided by the Network Time Protocol (NTP). Both a two-proportion test and Fisher’s exact test were used on a large sample size to show that there is a statistically significant better performance in security behavior when using NTP absolute time instead of the traditional relative Unix epoch time with DNSSEC