Deploying DNS Security Extensions

Examensarbete för masterexamen

Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.12380/173693
Download file(s):
File Description SizeFormat 
173693.pdfFulltext1.71 MBAdobe PDFView/Open
Type: Examensarbete för masterexamen
Master Thesis
Title: Deploying DNS Security Extensions
Authors: ROSTAMPOUR, SAM
Abstract: The number of attacks towards the Domain Name System (DNS) increases exponentially. Due to the essential role of the DNS in the Internet service, fast reaction is needed to secure this system. Domain Name System Security Extensions (DNSSEC) is an Internet scale solution for protecting the DNS. DNSSEC provides security for the DNS by adding integrity and data original authentication to the DNS messages. As this solution is rolling out fast in the top-level domains (TLDs) and some second-level domains (SLDs) the VOLVO Information Technology (VOLVO IT) company became interested in implementing this solution in their infrastructure. Therefore, they initiated a thesis to become aware of the procedure of deploying DNSSEC and its requirements. In this thesis, we have gone through the design of the DNS system. We demonstrated how this system is unsecure and why it is the target of many attacks. We explained how DNSSEC protects the DNS and highlighted the objectives of this solution. We also discussed about the current implementation of the DNSSEC. Implementing this solution in a large-scale network is not an easy task and adds lots of complexity to the administrators of the DNS infrastructure. In addition, some security concerns still exist regarding this solution. We have analysed the common attacks and availability issue related to the DNSSEC implementation. We used this analysis to avoid using any implementation, which makes the DNS infrastructure vulnerable to the DNSSEC related attacks. We covered the deployment of the DNSSEC within a particular organization (VOLVO IT). We used the best practice solutions to reduce the security issues regarding the deployment of the DNSSEC. This thesis is mainly divided in two parts. One part is the security analysis of the DNS and DNSSEC design. The other part deals with the best practice solutions that can be used to set up a secure DNSSEC deployment within the infrastructure of the VOLVO IT.
Keywords: Informations- och kommunikationsteknik;Systemvetenskap, informationssystem och informatik;Information & Communication Technology;Information Systems
Issue Date: 2012
Publisher: Chalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)
Chalmers University of Technology / Department of Computer Science and Engineering (Chalmers)
URI: https://hdl.handle.net/20.500.12380/173693
Collection:Examensarbeten för masterexamen // Master Theses



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.