Past Meetup

SGV Linux Users Group Monthly Meeting - DNSSEC

This Meetup is past

15 people went

Every 2nd Thursday of the month

Location image of event venue

Details

NOTE: You do not have to formally RSVP to come, but please let us know, so we have a ballpark headcount to communicate to the restaurant to ensure there is enough seating. The meeting starts at 7pm, but feel free to come as early as 6:30pm to help set up the room.

This month, SGVLUG member Carlos Meza will preview his SCALE 14x talk (http://www.socallinuxexpo.org/scale/14x/presentations/dnssec) on DNSSEC. Why should you care?

• DNSSec is an absolute requirement if we want to … use the Internet for anything non-trivial. -Cricket Liu, Leading expert on the Domain Name System ( DNS )

• “Why you need to deploy DNSSec now,” InfoWorld, Aug 5, 2014, http://www.infoworld.com (http://www.infoworld.com/article/2608759/security/security-why-you-need-to-deploy-dnssec-now.html)

• The Internet needs this technology and it needs it now, -Vint Cerf, Father of the Internet

• “DNSSEC Industry Coalition Meets with Google’s Chief Internet Evangelist Vint Cerf and Internet Researcher Dan Kaminsky”, Your Public Interest Registry, March[masked], Press Release (https://pir.org/dnssec-industry-coalition-meets-with-googles-chief-internet-evangelist-vint-cerf-and-internet-researcher-dan-kaminsky/)

• It is arguably one of the most important security improvements to the Internet ever. -Steve Crocker, Internet Pioneer and Chair of the Board of ICANN

• “2011 Steve Crocker speaks about DNSSEC Deployment”, Oct 2011, YouTube (https://www.youtube.com/watch?v=YHVB4MjZdZ0)

Abstract:

DNS (Domain Name System) is used by everyone who is a consumer of the Internet. It is a core component of the Internet, yet it is completely insecure. This puts us all at risk. DNSSEC offers a solution to address the vulnerabilities of DNS . For this reason I hope stir up demand and motivation to deploy DNSSEC.

We will go over the basic of DNS and its vulnerabilities. Then we will go over how DNSSEC works and the solution it provides. As users, we will look at why it is important for our safety to require that our service providers (ISPs, Registrars, Hosted Services (banking, commerce, etc)) provide DNSSEC. And we will also look at some user-end tools available to advantage of DNSSEC today. We will go over reasons why companies would want to make the effort and investment. For sysadmins, we will go over tools to aid with deployment and some considerations to be aware of.

At its essence, DNS translates names, that humans understand, to IP addresses, that computers understand. This is how we are able to find other computers on the Internet (webpages, email servers, etc). But DNS does not provide a way to validate the answer we receive. This exposes all of us to a large vulnerability. Exploits such as DNS hijacking and DNS cache poisoning miss direct us and can lead us to potentially malicious computers. DNSSEC provides a solution to this by allowing authentication of DNS data through a chain-of-trust. Being able to trust DNS goes a long way to creating a safer Internet.

When we can trust DNS other things become possible. We can now leverage DNS to store other information such as cryptographic keys. This means we can store and trust self signed SSL certificates in DNS because it is now a trusted source. This eliminates the need for certificate authorities and the issues with them.

DNSSEC is a great improvement on a fundamental component of the Internet we all us.

WHOAMI:

• Carlos has worked many years as a system administrator.

• His interest include InfoSec, site reliability and automation, and open source development

• While volunteering as an Interop Team Member, he was introduced to the significance of DNSSEC.

----

Join us for dinner and presentations. Dinner begins and 7 pm and any presentations will start after most people have received their food or 8 pm, whichever comes first.

You are not required to have dinner with us or order food or stay for the entire meeting. We will have separate checks. Validation is not required for parking. However, please take note of signs when parking.

----

SGVLUG is one of the oldest and most active Linux User Groups in the Greater Los Angeles area. In addition to Linux, the group also shares interests in other free and open source software, all forms of technology, and the discussion of issues that arise with the these new tools, such as privacy rights. SGVLUG attracts members from throughout LA County including Pasadena, Glendale, Burbank, and eastward throughout the San Gabriel Valley. Our members include software developers, system administrators, hardware engineers, and software users of all levels of experience. Many work in the technology field as employees, contractors or consultants, and enjoy the learning and networking opportunities available from the group. We also have many members that serve as volunteers of their time and skills at various local events, including the annual Southern California Linux Expo (SCaLE).