玉山科技 AsiaPeak  
 


  中文首頁
  最新消息

  解決方案

  產品

  硬體加密模組(HSM)

>網路型 HSM

>單機型(PCIe卡) HSM

>USB介面 HSM

>Payment HSM

>KMIP金鑰管理

  PGP加密

>PGP加密原理

>電子郵件加密

>網路磁碟機加密

>硬碟加密

>企業郵件加密環境建置

>企業資料加密整合

  OpenPGP加密

>PGP加密伺服器

>PGP加密指令集與API

>PGP for Java API

   電子時戳

  儲存/資料庫/網路加密

>Storage/Tape加密器

>Data at Rest 加密

>網路加密器

>MS SQL 資料庫加密
   檔案傳輸管理(MFT)

>檔案加密傳輸服務

>檔案傳輸管理員

>檔案傳輸代理服務

>跨平台SFTP/FTPS指令與API

  資源

  連絡我們

 English Version

如何使用HSM協助DNSSEC (Domain Name System Security Extensions)保護DNS資料


The Domain Name Service (DNS) is the backbone of the Internet. It is a global address book for computers, and resolves Website addresses to specific IP addresses, enabling computers across the Internet to exchange information, such as Web pages and files.

However, DNS is vulnerable to attack. For example, an attacker can interfere with DNS responses, redirecting data to their own computers for malicious gain. The Domain Name Service Security Extension (DNSSEC) is an extension to DNS that addresses this problem. DNSSEC uses Public Key Infrastructure (PKI) techniques to validate the DNS lookup response and so maintain the integrity of the DNS address book.

For DNSSEC to function properly, it is essential that private keys, the Zone Signing Key and Key Signing Key, are protected. Typically, the DNS server stores these keys in software within the same DNS appliance. However, this provides only limited security. The only way to properly secure the private keys is to store them in a Thales nCipher product line Hardware Security Module (HSM). Because the keys never leave the HSM, they are never exposed on the host computer and therefore not potentially available to an attacker. Moreover, the HSM is highly resistant to physical tampering.

This guide explains how to store private DNSSEC keys within an HSM, and how to integrate the HSM with the Internet Systems Consortium (ISC) BIND DNS server and OpenSSL. This guide does not give a detailed explanation of the protocol, but does provide references to sources that give a more in depth explanation of DNSSEC and BIND.

歡迎各大ISP業者及擁有NDS Server的大型企業或銀行來電索取這份資料: nCipher HSM integration guide for ISC BIND DNSSEC

請電 02-77128295


Google

玉山科技 版權所有 © Copyright AsiaPeak 2006, All Rights Reserved