TechNow Hosts Linux Security Seminar
TechNow will be hosting a Linux Security Seminar March 15th. With 23 years of UNIX/Linux security consulting and training, we are ready to help you get CompTIA continuing education credits, and keep it interesting! The Seminar covers six topics: AIDE, DNSsec, Logging & Auditing, Linux Security Modules & SE-Linux, Linux Containers, and Tunneling. The seminar will have hands-on live demonstrations of all topics. We will take a few paragraphs to write a little about DNSsec, and look forward to seeing you in the security seminar. DNSsec is a Federal Mandate and organizations have been moving rapidly into compliance.
DNSsec
Falsification of IP addressing has long been a thorn in the side of networked systems. Spoofing of IP addressing has many attack vectors, but one of the most effective mechanisms has been DNS cache poisoning.
- DNSsec DNS servers sign all their information (zone data) cryptographically.
- Recursing or caching DNS servers can check the signatures of all signed zones (domains) they come across.
- Current generation of Microsoft Windows support DNSsec in addition the many Linux/UNIX variants.
- You administer your own DNS zones, you can sign your own zones and publish your certificates and signatures.
DNSsec is a Public Key Infrastructure (PKI) for DNS zone data, is an incredibly cost effective mechanism to manage PKI and can be used for applications. No longer does an organization have to pay for certificates to a public certifying authority like Verisign or Thawte. When a zone administrator digitally signs all of the different types of Resource Records (RRs) in a given zone, and publishes those signatures and the zone's signing key's public certificate, it then becomes possible for any recursing name server that makes queries against that zone to validate those signatures and, therefore, to have cryptographic proof that the answer to a given DNS query hasn't been forged or tampered with.
DNSsec provides a simple "chain of validation", all the way from the zone I really want to validate (lackland.af.mil or redmond.microsoft.com or raleigh.redhat.com), all the way up to the root domain. What if the parent domain isn't signed? The "chain of validation" becomes broken, so the Internet Software Consortium (maintainers of BIND the original DNS implementation), maintain a DNS Look-aside Validation (DLV) database of keys for zones having precisely this sort of gap in their chains of validation.
DNSsec is very easy to implement and works great! The seminar will provide attendees a great opportunity to ask questions, and see live demonstrations to answer those questions.
If you are interested in registering for the Linux for Security Professionals seminar please do so as soon as possible; registration will be held on first come first served basis and will end on March 08, 2013.
For more information about the seminar and registration process please visit the link below.
Linux for Security Professionals Seminar and Registration
For more detailed information and scheduling of our courses check out our website:
Very Respectfully,
TechNow Staff