|
|
IIJ to Adopt DNSSEC Expansion Method to Improve Security on DNS Services
GlobeNewswire
2011-01-17
TOKYO, Jan. 17, 2011 (GLOBE NEWSWIRE) -- Internet Initiative Japan Inc.
(IIJ) (Nasdaq:IIJI) (TSE1:3774), one of Japan's leading Internet access
and comprehensive network solutions providers, today announced that in
order to improve domain name system (DNS) security, it will upgrade all
of its DNS-related services, such as the DNS Outsourcing Service, to be
compatible with DNS Security Extensions (DNSSEC) on January 31, 2011.
DNS performs a function for linking IP addresses with host names.
Normally, when a client computer communicates with a specific server,
for example, the client computer sends a request to the DNS that
manages the domain information for that server, and based on the
information received back from the DNS, the computer communicates with
the specified server. However, DNS cache poisoning (*1), a type of
attack that exploits this system, became wide spread in the 1990s,
which created the risk of receiving false information from the DNS. The
Kaminsky Attack (*2), which made DNS cache poisoning relatively easy,
was discovered in 2008 and became a very large security risk. Computers
that receive false DNS information as a result of these attacks are
vulnerable to a number of threats, such as being forwarded to harmful
sites or having their webpage or mail content altered, and since the
DNS function itself is rendered inoperable, it may have a huge impact
on the entire Internet, which is why improving DNS security has become
a critical mission.
DNSSEC uses electronic signatures as a means of confirming that DNS
data has not be falsified, and since 1994, the IETF (*3) has been
examining the specifications. (*4) The integrity of DNS can be verified
by using a private key and public key arrangement, and thus this is
considered the most effective means of defeating security threats that
abuse the DNS system. Adoption of DNSSEC is growing in every country in
the world.
As the name suggests, the root server is the source of DNS on the
Internet, and as of the summer of 2010, the root servers are fully
DNSSEC ready, and with the DNSSEC conversion of Japan Registry Service
Co., Ltd. (JPRS), IIJ's DNS services will also be made DNSSEC
compatible. By using DNSSEC enabled services, clients can keep their
DNS servers secure without any specialized knowledge. DNSSEC has just
begun to be adopted around the globe, and because there is not a lot of
technological knowledge or expertise available regarding
implementation, it is easier to get the benefits of DNSSEC through
these services rather than implementing it on one's own.
IIJ will continue to expand the use of DNSSEC enabled services in the
future.
(*1) An attack that overwrites DNS information to direct people to
other sites and the user cannot access certain domains.
(*2) A new type of attack created by Dan Kaminsky in 2008, which makes
DNS cache poisoning more effective.
(*3) Internet Engineering Task Force: A volunteer organization to
promote standardization of Internet technology.
(*4) The current specifications (RFC4033, 4034, and 4035) were adopted
in 2005 (RFC5155, which sets out the NSEC3 method, was adopted in
2008).
DNSSEC enabled services
---------------------------------------------------------------------------------------------------------
Service Implementation
---------------------------- ---------------------------------------------------------------------------
DNS Outsourcing Service Signature and key renewal and management for relevant zone information
---------------------------- ---------------------------------------------------------------------------
DNS Secondary Service When the primary DNS is DNSSEC enabled, the secondary DNS server
with IIJ is automatically DNSSEC enabled.
---------------------------- ---------------------------------------------------------------------------
General-use JP domain
management service and
Organizational Type JP
domain management service Perform registration of DS (delegation signer) for upper-level DNS servers
---------------------------- ---------------------------------------------------------------------------
About IIJ
Founded in 1992, Internet Initiative Japan Inc. (IIJ) (Nasdaq:IIJI)
(Tokyo Stock Exchange TSE1:3774) is one of Japan's leading
Internet-access and comprehensive network solutions providers. IIJ and
its group of companies provide total network solutions that mainly
cater to high-end corporate customers. The company's services include
high-quality systems integration and cloud computing/data center
services, security services, Internet access, and content distribution.
Moreover, the company has built one of the largest Internet backbone
networks in Japan, and between Japan and the United States. IIJ was
listed on NASDAQ in 1999 and on the First Section of the Tokyo Stock
Exchange in 2006. For more information about IIJ, visit the IIJ Web
site at http://www.iij.ad.jp/en/.
The Internet Initiative Japan Inc. logo is available at
http://www.globenewswire.com/newsroom/prs/?pkgid=4613
The statements within this release contain forward-looking statements
about our future plans that involve risk and uncertainty. These
statements may differ materially from actual future events or results.
Readers are referred to the documents furnished by Internet Initiative
Japan Inc. with the SEC, specifically the most recent reports on Forms
20-F and 6-K, which identify important risk factors that could cause
actual results to differ from those contained in the forward-looking
statements.
CONTACT: IIJ Corporate Communications
Tel: +81-3-5259-6310 E-mail: press@iij.ad.jp
URL: http://www.iij.ad.jp/en/
|
|
|
