DNS Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications that adds security to the Internet’s Domain Name System (DNS) to provide assurance that the information received from a Domain Name Server is authentic. The security extensions are designed to protect the DNS from man-in-the-middle and cache poisoning attacks, which can occur when hackers corrupt DNS data stored on recursive name servers to redirect queries to malicious sites.
DNSSEC applies digital signatures to DNS data to authenticate the data’s origin and verify its integrity as it moves across the Internet and can provide users with effective verification that their applications, such as Web or email, are using the correct addresses for servers they want to reach.
In mid-2009, D-Link integrated Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) into its popular home and small office routers to thwart worms designed to access a router and alter the victim’s DNS records to divert traffic toward the attacker’s network.
CAPTCHA is a challenge-response test that ensures that a response during a user logon is not computer-generated but instead is truly entered by a human hand, by requiring a user to manually enter a small amount of text displayed in an image to help prevent automated registration and fraud.
By incorporating both DNSSEC and CAPTCHA initiatives, D-Link routers now facilitate strong security thus protecting Internet users against man-in-the-middle, cache poisoning and other cyber attacks to ward off web hacking and phishing.
“Unlike other brands, the majority of currently shipping D-Link routers is more difficult to be compromised due to our advanced set of security features. We’re excited to be the first in the market to announce we have taken the initiative to implement both CAPTCHA and DNSSEC into our routers, thus providing yet another layer of security, and we’ll continue to provide our users with the latest in advanced security technologies,” says Harrison Albert, Director of D-Link Middle East and Africa.
To further consider security while future-proofing its routers, D-Link is migrating to IPv6 certification. With the growing number of Internet-capable devices on the market – including mobile, media, and storage – the pool of IPv4 address has dropped to six percent and is expected to run out sometime in 2011. While this is a major motivation for IPv6, other improvements are also realised. The IPv6 specification now specifies certain security measures that were not defined in IPv4, such as IPSec. IPSec is a method of authenticating and encrypting data transferred between pairs of hosts. Although it was possible to implement IPSec with IPv4, it was not part of the specification. IPSec is now a requirement, not an option, in the IPv6 specification.
D-Link has begun the transition to IPv6 by participating in the ‘IPv6 Logo Testing Program’ to assure that its products support transitional technologies and provide IPv6 connectivity. All new D-Link routers currently ship with the “IPv6 Ready Phase II” certification and logo.
D-Link Middle East and Africa, the end-to-end networking solutions provider for consumers, businesses, and service providers, has enhanced its router security to a higher level of protection by incorporating both CAPTCHA and DNSSEC to guard against hacking, worms, viruses and other malicious Web attacks.
