Executive interview: DNS designer Eric Holtzman discusses net security

/in


The domain name system (DNS), which enables any computer on the internet to be identified in a human-readable form, is often regarded as the modern equivalent to the classic phone book. It’s organised as a tree, with the root server and branches – known as top-level nameservers, such as .org, .com and .edu – followed by what are known as authoritative nameservers.

Eric Holtzman, who previously worked as chief scientist at IBM, is the designer of the global DNS registration system used by the Internet Corporation for Assigned Names and Numbers (ICANN), and now works as chief strategist at decentralised cyber security network Naoris Protocol.

The success of the DNS system has resulted in the explosion of servers on the internet, and has made it possible for anyone to have a website, which can be accessed if the URL is known or can be found through a web search. This is both powerful and a massive security risk. “The DNS system has fundamentally no security whatsoever, even today,” he says. “If you had even the remotest idea of what you were doing, you could sit in a hotel room on your laptop and take entire countries off the internet.”

There have been initiatives to harden DNS, but there is a lack of motivation to resolve the security issue. Holtzman says that a quarter of a century ago, the people behind the internet agreed on an improved DNS – DNSSec – to carry cryptographic identification information at each node on the DNS tree.

In his experience, company executives simply do not want to spend the extra money needed to fix internet security. “Why would you spend half a billion dollars to improve your security? That’s actually an issue for the regulators,” says Holtzman.

In some places, like the US, he says there is a lack of privacy and understanding of what security means. The fines imposed on companies for data losses are so insignificant that there is little incentive to improve security. For instance, pointing to Equifax, Holtzman says that one in every three Americans were affected by its data breach, yet it received a minimal fine, so the downside of a data breach is trivial.

According to Holtzman, another fundamental problem with the…

Source…