This page contains a Flash digital edition of a book.
IN THE SPOTLIGHT Staying ahead of Internet threats


Without a doubt, the cost of running critical Internet infrastructure at these performance levels is high, but let’s consider the cost of failure.


If Internet connectivity were significantly interrupted for an extended time period, or even just our infrastructure that enables the lookup of the more than 120 million .com and .net domain names in the world, a long list of things we’ve come to rely upon would likely fail, all with varying degrees of impact. Naturally, we would probably lose access to much of the news and information that guides our day-to-day lives. The communication channels to family, friends, and business associates would fail.


While important, these impacts are benign in comparison to others, such as loss of critical notification systems, or an interruption to the billions of dollars per day of economic activity that occurs on the Internet. Thankfully there are a number of redundancies built into Internet infrastructure that are designed to help prevent this from happening.


Verisign has pioneered solutions for addressing new generations of threats to the security and stability of critical Internet infrastructure. As the strength of the DNS has engendered public trust, and businesses, governments and individuals have moved critical operations and information online, this has also created a massive opportunity for cyber criminals to engage in competitive sabotage, extortion, theſt, and general disruption of services. Some of the most talked about and common methods of disruption seen today are distributed denial of service attacks (DDoS), advanced persistent threats (APTs) and exploitation of user errors through techniques such as typosquatting and phishing.


DDoS attacks have increased massively in size and in frequency in the past 12 months. While there are several different types of DDoS attacks, in general this term describes what occurs when attackers use multiple hosts (such as compromised PCs or servers) to overwhelm service bandwidth or computer power, rendering a site unavailable. Beyond direct attacks on websites, we are seeing the authoritative DNS being targeted in DDoS attacks and have developed specialised defences in response.


APTs refers to cyber espionage activities sponsored by nation states. Tis type of activity has increased in recent years as access to more critical information has been made available by


www.worldipreview.com


the Internet. Te primary goal of APTs is usually to gain and maintain access to target networks to exfiltrate intellectual property, personally identifiable information, and financial and targeted strategic information from governments, corporations and individuals. It takes spying to a whole new level.


Lastly, the trend of malicious actors registering typosquatting domains is also on the rise. Most of us have typed a domain name incorrectly into our browsers, usually to be directed to the wrong website or an error message. Unfortunately, there are several ways that malicious actors can take advantage of this common mistake by replicating a legitimate website on the wrong URL, so unsuspecting visitors who think they are safely conducting business on an intended website may actually be opening themselves up to malware or phishing.


Planning for the future


In 2013 and beyond, we expect to see an increase in all of the aforementioned threats, so Verisign is working to develop innovative services to help thwart these. Our DDoS Protection service, developed with expertise from protecting the infrastructure for .com and .net, is helping defend enterprises from attacks by blocking harmful traffic in the cloud before it reaches their network or application. Our iDefense Security Intelligence Services are working to provide up-to-the-minute, actionable intelligence on how to prevent APTs. And we have implemented DNSSEC in the .com and .net zones to help assure users that the data they receive from their Internet request originated from the stated source and that it was not modified in transit by malicious actors.


Our team of researchers is also constantly working to identify new and improved ways of safeguarding the Internet through, among other things, participating in the public stakeholder discourse on Internet governance and best practices, conducting primary research, and developing patented innovations spanning the technology landscape.


We have been instrumental in advancing DNS protocols for security and efficiency. For example, we have worked to enhance the DNS-Based Authentication of Named Entities (DANE) protocol, which builds on the DNSSEC infrastructure to enable cryptographically secure communications. This technique can be used to exchange cryptographic credentials, such as for more generally enabling signed and encrypted email between Internet users.


Scott Courtney is vice president of infrastructure engineering for Verisign. He has worked at Verisign for nine years where he heads up the infrastructure engineering group, comprising about 120 people who design, develop, and test the company's high traffic Internet services. Te team also is responsible for Verisign's systems and network architectures, and evaluating and standardising hardware, operating systems and shared applications.


Trademarks Brands and the Internet Volume 2, Issue 2 27


The work of our teams underscores the point that to continue to enable secure and reliable connectivity, we need to look differently at DNS: not because the services we’ve been providing are any less important, but because the services our stakeholders and customers are likely to want in the future continue to evolve. They need a back-end service to support infrastructure, but they also need more intelligence in the front end and the middle. They need simple answers to simple questions, but sometimes they also need different answers. And they need a place to look up more information than just the IP addresses of servers. In effect, they need a way to enable access to more things with confidence and reliability, any time, anywhere.


Our commitment is to ensuring that an infrastructure powered by Verisign is always operating at the highest level to enable the innovation required to address the needs of the future, while also addressing the needs of today. n


Scott Courtney is is vice president of infrastructure engineering for Verisign.


www.verisigninc.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44