TKEY Vulnerability in BIND DNS Server

The Domain Naming System (DNS) has been a core technology to the usefulness of the Internet since the beginning of its public introduction. The ability to associate an English-readable fully qualified domain name (FQDN) with an IPv4 address is crucial to its user-friendliness. Due to its age, several flaws have been discovered in its code, one of the more recent being referenced as CVE-2015-5477, which affects all versions of Berkeley Internet Naming Daemon (BIND) available before July 31, 2015. We will cover what this error is, describe and test its effectiveness against an older BIND v. 9.9.6 server, and discuss options for resolving the issue

IPv6-kotiverkon liittäminen Internetin nimipalveluun

Current home networks are very simple containing only a few devices. As the number of devices connected to the home network increases, there is no reasonable way for a user to access devices using only IP addresses. Due to the exponential growth of devices connected to the Internet, the addresses of the current IP version are however soon to be depleted. A new IP version has already been implemented in the Internet, containing a very large amount of addresses compared to the current IP version. Addresses in the new IP address version are also much longer and more complicated. Therefore it is not reasonable to try to use IP addresses alone to access devices anymore. The previous facts force to implement a name service to the home network. Name service is quite similar to that used in the Internet, although the home network version should be much more automatic and user friendly. This means that users do not have to type IP addresses anymore to be able to access services, but they can use meaningful names like in the Internet. The first objective of the thesis is to examine methods to implement as automated name service as possible to the home network. Second objective is to examine connecting the home network name service to the Internet name service. Accomplishing this allows users to access services at home from the Internet. This has to be made in a secure manner to protect the integrity and authenticity of the user information. A live experiment of the thesis concentrates to the second objective of the thesis by establishing the connection and transferring the name service information between home network and the Internet name service. The study and the live experiments indicate that there is still work to be done before the two objectives can be fully accomplished. At the moment there is no convenient way to automatically name devices at home. Connecting to the Internet name service involves also quite a lot of effort, thus requiring more than basic computing skills from the user

Extensiones de seguridad para el Sistema de Nombres de Dominio (DNSSEC)

El presente trabajo presenta el conjunto de extensiones de seguridad para el Sistema de Nombres de Dominio (DNSSEC). En una primera parte se expone el estado del arte del Sistema DNS, detallando conceptos generales, formato de mensajes, tipos de servidores y sus funciones. A continuación se muestra una clasificación y análisis de las amenazas más comunes y seguidamente se describen conceptos de criptografía en el contexto del Sistema DNS. En base a los conceptos previos, el trabajo se centra en presentar los aspectos y definiciones fundamentales para el funcionamiento de DNSSEC. Se definen los conceptos de Punto de Entrada Seguro, Cadenas de Confianza, Claves de Zona y Clave de Claves, Delegación segura. Se continúa con una definición de especificaciones para los nuevos Registros de Recursos y ejemplo de cada uno de ellos. Finalmente se expone el método de validación alternativa y reportes de despliegue a nivel mundial.Facultad de Informátic

Un estudio comparativo en Extensiones de Seguridad para el Sistema de Nombres de Dominio (DNS)

La obra presenta un caso de estudio para la alternativa DNSSEC, donde se exponen los resultados de la implementación de dicha alternativa. Se analiza el impacto en cuanto a consumo de recursos (tiempos de respuestas, cantidad de consultas, carga de tráfico), frente a una implementación basada en DNS estándar.Facultad de Informátic

Netzwerkmanagement und Hochleistungskommunikation. Teil XXIV. Seminar SS 2001

This Technical Report includes student papers produced within a seminar of "Network Management and High Performance Communications". For the 24nd time this seminar has attracted a large number of diligent students, proving the broad interest in topics of network management and high performance ommunications. The topics of this report may be coarsely divided into two blocks: One block is devoted to high speed and high performance technology. At first, the concept of modern High Speed Switches and Routers with quality-of-service support is described. Subsequently, Efficient Methods and Algorithms for Routing Table Lookups as well as Classification of IP Packets and multiprotocol Label Switching (MPLS) are presented. A second block deals with various topics such as wireless communications, network management and security. The first article shows advantages of the Policy-based Networks to manage todays networks. Furthermore, Security Extensions of DNS for secure use of the domain name service are examined and presented. The next article describes how to use mobility profiles in mobile ad-hoc networks. Methods for watermarking of multimedia data are discussed in a subsequent article. Moreover, Technical Challenges and Solutions for IP-telephony are also presented, whereby the Stream Control Transmission Protocol is described separately as an approach to achieve a better transport of signaling messages over the Internet. The last article deals with group communication and shows New Approaches for Multicast Routing as well as an overview of some Multicast transport protocols