A threat report released this week by Cloudmark reveals potentially increasing vulnerabilities due to the adoption of Domain Name System Security Extensions (DNSSEC). Though the technology has been around for more than a decade, universal adoption had been slow. The analysis reveals that implementation of DNSSEC could give a false sense of security while not providing complete DNS protection. Lack of proper management despite the widespread deployment, the report shows, could mean that authenticating DNS records could become less secure and even enable new attacks.
Looking to the future, the report identifies proposed Internet protocol standards that aim to leverage the DNSSEC chain of validation model to enhance network service security such as DNS-Based Authentication of Named Entities (DANE). “A mix of new potential uses, the known deployment challenges, and continued questions regarding the security and utility of DNSSEC will factor in to the potential deployment plans of network managers,” Cloudmark analysts write. Proponents of DNSSEC argue that the benefits outweigh the limitations.
Other threats identified in the report included the rapid increase of SMS spam campaigns aimed at the UK and consumer use of home-based equipment.