資訊管理學報
張宏昌;
頁: 185-208
日期: 2017/04
摘要: 在這個資訊網路普及的時代,隨著人們對網際網路的依賴日漸增加,網路的安全性早已是不可忽視的問題。網路攻擊、犯罪手法層出不窮,其中又以「網路釣魚」最為常見,有鑑於此,許多國家紛紛引入具有「資料完整性」、「來源可驗證性」與「可驗證之不存在性」三大特性的DNSSEC 來解決這樣的問題。雖然DNSEEC 相較於傳統的DNS 服務提供了我們更強大的安全性,可是其需要的較高的技術門檻以及缺乏對相關人士的升級部署誘因卻也讓DNSSEC 在推廣上遇到了不少困難。為了瞭解全球各頂級國碼域名在DNSSEC 推動發展狀況,以作為台灣未來在部署、維運DNSSEC 服務上之重要參考,本研究利用問卷和E-Mail 的方式與各國相關人士進行訪談,並且同時以於網路上所蒐集的資料輔以佐證,最後再實際透過第三方的測試軟體對所得資訊進行全球不同區域主要頂級國碼域名在DNSSEC 整體建置推動之驗證、比較與分析研究,希望能夠藉由這些寶貴的經驗與資訊實際瞭解並掌握目前各國在推動DNSSEC 服務上的發展情形,包括組織編制、實作方法、成本預算、進度與時程以及遭遇困難和解決方法等等。本研究發現,各國在實作DNSSEC 方法與推廣、部署過程上都有許多相似的地方,由於現今資訊網路發達,即使是遭受海洋或叢山峻嶺的阻隔,相隔幾千里的國家也能透過E-Mail 等交談工具以及RIR 與ICANN 等組織的協助,輕易學習、分享彼此在部署上的技術與經驗,而造成各國在建設進度上出現落差的原因,除了與可利用的經費有關之外,該國的風土民情也是影響DNSSEC 部署建設的因素之一。
關鍵字: DNSSEC;ccTLDs;網路釣魚;DNS;
Abstract: Purpose-DNSSEC is the next generation of Internet infrastructure. For a more stable and secure network environment, countries around the world are actively promoting the deployment. In view of this, this paper propose is to survey status of DNSSEC implementation to help technology and promoting staff to do evaluation, promotion DNSSEC deployment easily in Taiwan. Design/methodology/approach-Detection and Statistics are the most important features of DNSSEC deployment survey. We can use this feature to detect their service to obtain the status of DNSSEC deployment and its environment. We observe the target object, and record their resource record. Then we can analyze these data to estimate the status of deployment of the target objects. Finally, we will refer the results to the relevant personnel. Findings-DNSSEC deployment issue in recent years have been enthusiastically discussed and implemented. DNSSEC is indispensable role next generation. For this reason, we introduced related knowledge in the first place and proposed an Auxiliary Deployment System for DNSSEC to help our government to more easily promote the deployment lastly. Research limitations/implications-DNSSEC does not provide confidentiality of DNS responses or communications between DNS clients and servers. It also does not prevent attacks on DNS servers using other parts of the network stack-for instance, implementation of DNSSEC does not protect against distributed denial of service attacks or IP spoofing. Practical implications-Unlike the majority of Top Level Domains (such as .com and most Asia ccTLDs), .tw does not offer registrations at the second level. The .tw zone is partitioned into 14 second level domains, and the remainder (such as .gov.tw, and mod.tw) are managed within the public sector. In spite of the high level of second level domains, .co.tw is by far the largest of the zones managed by Hinet, accounting for between 92-95% of monthly registrations over the past five years. For a TLD structured into second level domains, like .tw, implementing DNSSEC is more complex than with other TLDs. In reality, this did not introduce DNSSEC to .tw domain name registrants, Only then was it possible for .tw registrars to complete the chain of trust through to individual domains. Originality/value - Deployment System for DNSSEC greatly reduces the complexity of deployment tasks which has many advantages, including Friendly interface, Real-time information, Integration, and Security. In the future, we will actively use the system in DNSSEC deployment.
Keywords: DNSSEC;ccTLDs;phishing;DNS;
瀏覽次數: 16045 下載次數: 143
引用 導入Endnote
頁: 185-208
日期: 2017/04
摘要: 在這個資訊網路普及的時代,隨著人們對網際網路的依賴日漸增加,網路的安全性早已是不可忽視的問題。網路攻擊、犯罪手法層出不窮,其中又以「網路釣魚」最為常見,有鑑於此,許多國家紛紛引入具有「資料完整性」、「來源可驗證性」與「可驗證之不存在性」三大特性的DNSSEC 來解決這樣的問題。雖然DNSEEC 相較於傳統的DNS 服務提供了我們更強大的安全性,可是其需要的較高的技術門檻以及缺乏對相關人士的升級部署誘因卻也讓DNSSEC 在推廣上遇到了不少困難。為了瞭解全球各頂級國碼域名在DNSSEC 推動發展狀況,以作為台灣未來在部署、維運DNSSEC 服務上之重要參考,本研究利用問卷和E-Mail 的方式與各國相關人士進行訪談,並且同時以於網路上所蒐集的資料輔以佐證,最後再實際透過第三方的測試軟體對所得資訊進行全球不同區域主要頂級國碼域名在DNSSEC 整體建置推動之驗證、比較與分析研究,希望能夠藉由這些寶貴的經驗與資訊實際瞭解並掌握目前各國在推動DNSSEC 服務上的發展情形,包括組織編制、實作方法、成本預算、進度與時程以及遭遇困難和解決方法等等。本研究發現,各國在實作DNSSEC 方法與推廣、部署過程上都有許多相似的地方,由於現今資訊網路發達,即使是遭受海洋或叢山峻嶺的阻隔,相隔幾千里的國家也能透過E-Mail 等交談工具以及RIR 與ICANN 等組織的協助,輕易學習、分享彼此在部署上的技術與經驗,而造成各國在建設進度上出現落差的原因,除了與可利用的經費有關之外,該國的風土民情也是影響DNSSEC 部署建設的因素之一。
關鍵字: DNSSEC;ccTLDs;網路釣魚;DNS;
The Comparison of DNSSEC Development and Implementation for ccTLDs
Abstract: Purpose-DNSSEC is the next generation of Internet infrastructure. For a more stable and secure network environment, countries around the world are actively promoting the deployment. In view of this, this paper propose is to survey status of DNSSEC implementation to help technology and promoting staff to do evaluation, promotion DNSSEC deployment easily in Taiwan. Design/methodology/approach-Detection and Statistics are the most important features of DNSSEC deployment survey. We can use this feature to detect their service to obtain the status of DNSSEC deployment and its environment. We observe the target object, and record their resource record. Then we can analyze these data to estimate the status of deployment of the target objects. Finally, we will refer the results to the relevant personnel. Findings-DNSSEC deployment issue in recent years have been enthusiastically discussed and implemented. DNSSEC is indispensable role next generation. For this reason, we introduced related knowledge in the first place and proposed an Auxiliary Deployment System for DNSSEC to help our government to more easily promote the deployment lastly. Research limitations/implications-DNSSEC does not provide confidentiality of DNS responses or communications between DNS clients and servers. It also does not prevent attacks on DNS servers using other parts of the network stack-for instance, implementation of DNSSEC does not protect against distributed denial of service attacks or IP spoofing. Practical implications-Unlike the majority of Top Level Domains (such as .com and most Asia ccTLDs), .tw does not offer registrations at the second level. The .tw zone is partitioned into 14 second level domains, and the remainder (such as .gov.tw, and mod.tw) are managed within the public sector. In spite of the high level of second level domains, .co.tw is by far the largest of the zones managed by Hinet, accounting for between 92-95% of monthly registrations over the past five years. For a TLD structured into second level domains, like .tw, implementing DNSSEC is more complex than with other TLDs. In reality, this did not introduce DNSSEC to .tw domain name registrants, Only then was it possible for .tw registrars to complete the chain of trust through to individual domains. Originality/value - Deployment System for DNSSEC greatly reduces the complexity of deployment tasks which has many advantages, including Friendly interface, Real-time information, Integration, and Security. In the future, we will actively use the system in DNSSEC deployment.
Keywords: DNSSEC;ccTLDs;phishing;DNS;
瀏覽次數: 16045 下載次數: 143
引用 導入Endnote