Tuesday, July 20, 2010

Domain Name System Security Extensions Fully Installed

According to Wikipedia “The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality”.

Operators of the Internet’s authoritative root zone last week completed deployment of enhanced security protocols at the top level of the Domain Name System. The Internet’s 13 root zone DNS servers have been digitally signed using the DNSSEC since May. On July 15 the signed root zone was made available and a trust anchor was published with cryptographic keys that will allow users to verify the authenticity of DNS address requests.

Digitally signed responses to DNS queries that can be cryptographically validated are more difficult to spoof or manipulate. This can help to combat attacks such as pharming, cache poisoning, and DNS redirection that are used to commit fraud and identity theft and to distribute malware.

However, using DNSSEC not a complete solution to the DNS security infrastructure. The TLDs like .com and .net have yet to be signed. .gov and .org were signed in 2009. There is still a lot of work to be done on all of the intervening infrastructure from DNS servers, firewalls and other network equipment that processes/passes DNS, host stub resolvers, and DNS registries will have to support DNSSE. Then there still needs to be a reason to use DNSSEC over SSL/TLS since both protocols can positively identify and authenticate a host.

However, none can doubt about the utility of this first step that would go a long way in ensuring secure and safer DNS uses. With the increasing uses of DNS for malicious purposes, it is very important that we must use internationally accepted uniform standards in this regard.

Australian Federal Police Opens Office In New Delhi

Transborder crimes are difficult to detect and eve more difficult to prosecute. Although there are law enforcement collaborative platforms like Interpol yet at times it becomes imperative to act swiftly.

This requires collaboration of local law enforcement agencies in real time. This has inspired the Australian federal police to open its office in New Delhi which is expected to boost their capacity to fight common threats like terrorism and cyber crime.

Australian Federal Police (AFP) Commissioner Tony Negus is optimistic that this would help police in both the countries in combating crime.

In this globalised and inter connected world, transnational crime is a growing threat. This is more so regarding cyber crimes that can be committed through Internet.

This is a good step and India must also, if it has not already done so, open a similar office in Australia. Further, there is also a need of joint operations and joint trainings between Indian and Australian police forces.

E-Discovery Law In India

E-discovery law in India has still to be enacted. Although India has the cyber law of India incorporated in the form of information technology act 2000 (IT Act 2000) yet it is far from being sufficient for cyber forensics and e-discovery purposes.

Cyber forensics is different from E-Discovery, Digital Recovery or other synonymous terms. Cyber Forensics primarily caters the "Legal Requirements" whereas E-Discovery meets the requirements of private individuals and organisations.

In India we have an exclusive techno legal e-discovery research, training and educational centre. The same is managed by the Perry4Law Techno Legal Base (PTLB) segment of Perry4Law.

E-discovery issues are posing problems before the law enforcement officials, lawyers and judges in India. They find it real difficult to deal with these techno legal issues. Although these stakeholders are comfortable with traditional evidence issues yet when it comes to e-discovery or digital evidencing in India they are almost clueless.

There is an urgent need of training of police officers, lawyers and judges in crucial techno legal fields.