Computerworld - The software that runs the Internet's addressing system that helps make Web commerce and communication possible led the CERT Coordination Center's list of systems that faced serious intruder problems last year.
The Internet Software Consortium's Berkeley Internet Name Domain (BIND) server software is key to running the Internet's Domain Name System (DNS). Since Sept. 11, the Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit group overseeing many of the Internet's technical issues, has been spending more time on security issues. It recently formed a security committee headed by Stephen Crocker, who helped develop protocols for Arpanet, the original network that became the basis for the Internet. In an interview, Crocker discussed some of the issues facing his committee.
Q: ICANN is responsible for ensuring the stability of the DNS. From a security perspective, what does that entail?
A: ICANN has a fair amount of responsibility, but there are a lot of other players as well. It's a cooperative business with other parties. It has direct relationships with the registries who control the .com, .biz., .org, etc. [top-level domains].
One area is to work closely with those parties to set the rules and procedures to ensure operations are smooth, reliable and resistant to being penetrated. There are also the root servers, the top-level machines that point to the .com, .biz, .org and .net machines. There are 13 of these root servers around the world, and they are somewhat independent.
It's not terribly important who is in charge so much as whether or not everybody has the same shared picture of what to do. In general, we are concerned with both the availability of the domain name servers and the preservation of the integrity of the information provided by the servers.
Stephen Crocker helped develop protocols for Arpanet
A: It clearly is one of the areas to look at. Actually, not all of the servers are running BIND these days. Some diversity has developed, and I expect this trend will continue. That said, BIND is clearly the dominant implementation and deserves particular attention.
I think it worth knowing that the two most recent versions of BIND, versions 8 and 9, are actually distinct implementations. This was done at least in part to provide some diversity. That's the good news. The bad news is that
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
