玉山科技 AsiaPeak  
 


中文首頁
最新消息

解決方案

產品

檔案傳輸管理(MFT)

檔案加密傳輸服務

檔案傳輸管理員

檔案傳輸代理服務

跨平台SFTP/FTPS指令API

硬體加密模組(HSM)

網路型 HSM

單機型(PCIe卡) HSM

USB介面 HSM

OpenPGP加密

PGP加密指令集與API

PGP for Java API

PGP加密伺服器

PGP加密

PGP加密原理

電子郵件加密

網路磁碟機加密

硬碟加密

企業郵件加密環境建置

企業資料加密整合

電子時戳

資源

連絡我們

English Version

如何使用HSM協助DNSSEC (Domain Name System Security Extensions)保護DNS資料


The Domain Name Service (DNS) is the backbone of the Internet. It is a global address book for computers, and resolves Website addresses to specific IP addresses, enabling computers across the Internet to exchange information, such as Web pages and files.

However, DNS is vulnerable to attack. For example, an attacker can interfere with DNS responses, redirecting data to their own computers for malicious gain. The Domain Name Service Security Extension (DNSSEC) is an extension to DNS that addresses this problem. DNSSEC uses Public Key Infrastructure (PKI) techniques to validate the DNS lookup response and so maintain the integrity of the DNS address book.

For DNSSEC to function properly, it is essential that private keys, the Zone Signing Key and Key Signing Key, are protected. Typically, the DNS server stores these keys in software within the same DNS appliance. However, this provides only limited security. The only way to properly secure the private keys is to store them in a nCipher product line Hardware Security Module (HSM). Because the keys never leave the HSM, they are never exposed on the host computer and therefore not potentially available to an attacker. Moreover, the HSM is highly resistant to physical tampering.

This guide explains how to store private DNSSEC keys within an HSM, and how to integrate the HSM with the Internet Systems Consortium (ISC) BIND DNS server and OpenSSL. This guide does not give a detailed explanation of the protocol, but does provide references to sources that give a more in depth explanation of DNSSEC and BIND.

歡迎各大ISP業者及擁有NDS Server的大型企業或銀行來電索取這份資料: nCipher HSM integration guide for ISC BIND DNSSEC

請電 02-77128295


Google

玉山科技 版權所有 © Copyright AsiaPeak 2006, All Rights Reserved