Research & Development World

  • R&D World Home
  • Topics
    • Aerospace
    • Automotive
    • Biotech
    • Careers
    • Chemistry
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Software
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
    • Semiconductors
  • R&D Market Pulse
  • R&D 100
    • Call for Nominations: The 2025 R&D 100 Awards
    • R&D 100 Awards Event
    • R&D 100 Submissions
    • Winner Archive
    • Explore the 2024 R&D 100 award winners and finalists
  • Resources
    • Research Reports
    • Digital Issues
    • R&D Index
    • Subscribe
    • Video
    • Webinars
  • Global Funding Forecast
  • Top Labs
  • Advertise
  • SUBSCRIBE

Sandia helps IT pros visualize complex network vulnerabilities

By R&D Editors | January 11, 2012

DNSViz

Sandia computer scientist Casey Deccio developed a software tool called DNSViz to help network administrators with Domain Name System (DNS) vulnerabilities. DNSViz provides a visual analysis of the DNSSEC authentication chain for a domain name and its resolution path in the DNS namespace. Photo by Dino Vournas

Sandia National Laboratories computer scientist Casey Deccio has developed a visualization tool known as DNSViz
to help network administrators within the federal government and global
IT community better understand Domain Name System Security (DNSSEC) and
to help them troubleshoot problems.

DNSSEC
is a security feature mandated for all federal information systems by
the White House’s Office of Management and Budget (OMB). The 2008
mandate requires that “the top level .gov domain will be DNSSEC-signed,
and processes to enable secure delegated sub-domains will be developed.”

The
entity that serves to translate the hostname of a Uniform Resource
Locator (URL) into an Internet Protocol (IP) address is known as the
Domain Name System (DNS). A DNS “lookup” is a prerequisite for doing
almost anything on the Internet, including Web browsing, emailing or
videoconferencing.

Although
the mandate made perfect sense, said Deccio, there soon emerged a
problem when .gov organizations actually began deploying DNSSEC.

“DNSSEC
is hard to configure correctly and has to undergo regular maintenance,”
he said. “It adds a great deal of complexity to IT systems, and if
configured improperly or deployed onto servers that aren’t fully
compatible, it keeps users from accessing .gov sites. They just get
error responses.”

The
still-new DNSSEC security feature is designed to allow user
applications like Web browsers to ensure that the IP addresses they have
received from the DNS have not been “spoofed” by anyone with ill
intent. As such, Internet-connected systems within the government can
verify that the responses are authoritative and have not been altered.
Still, the hiccups with implementing DNSSEC convinced Deccio that there
was a need for a tool like DNSViz.

DNS,
said Deccio, is inherently insecure. Without DNSSEC, tampering by
third-party attackers could go undetected, thus redirecting online
communications to unwanted destinations. This represents a particularly
troublesome problem for .gov addresses owned by government organizations
guarding national security information and other vital data.

Deccio believes DNSSEC is of little use if network administrators don’t know how to configure or use it.

He
describes DNSViz as a “tool for visualizing the status of a DNS zone.”
It provides a visual analysis of the DNSSEC authentication chain for a
domain name and its resolution path in the DNS namespace, made available
via a Web browser to any Internet user at http://dnsviz.net/.
It visually highlights and describes configuration errors detected by
the tool to assist administrators in identifying and fixing
DNSSEC-related configuration problems.

DNSViz
brings together all the components that work together for DNSSEC to
function properly into a single graphical representation. The resulting
visualization is a collection of configuration data and relationships
that are otherwise difficult to assemble, assess and understand.

To
help network administrators in their DNSSEC deployment, Sandia’s DNSViz
tool functions in two primary ways: It actively analyzes a domain name
by performing pertinent DNS lookups and it makes the analysis available
via the Web interface. The active analysis occurs periodically to build a
history of DNSSEC deployment over time and provide a historical
reference for DNS administrators.

Currently,
the Web interface is the primary source for viewers to observe data,
though Deccio intends to expand DNSViz functionality to allow access via
other means. For example, alert mechanisms might be used to inform
affected parties, and application programming interfaces (API) can be
designed to allow administrators to programmatically access the
information instead of manually browsing the DNSViz website.

Deccio
has the tool running in the background on Sandia/California’s servers,
monitoring a list of some 100,000 DNS names. It performs an analysis a
couple times each day and offers a situational awareness of what the DNS
configuration for each name looks like from top to bottom.

Though
the functionality provided by DNSViz could potentially be included in a
marketable software product that’s sold by a for-profit company, Deccio
says he envisions it as an open-source tool available to anyone who
needs it. With further funding, he hopes to expand the tool so that it
can analyze DNS health and security on a continuous basis, essentially
creating a full-blown monitoring system that is scalable, versatile and
more informational.

           

SOURCE

Related Articles Read More >

2025 R&D layoffs tracker tops 92,000
Eli Lilly facility
9 R&D developments this week: Lilly builds major R&D center, Stratolaunch tests hypersonic craft, IBM chief urges AI R&D funding
Five cases where shaky science snowballed into public confusion
Caltech, Fermilab, and collaborators test quantum sensors for future particle physics experiments
rd newsletter
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, trends, and strategies in Research & Development.
RD 25 Power Index

R&D World Digital Issues

Fall 2024 issue

Browse the most current issue of R&D World and back issues in an easy to use high quality format. Clip, share and download with the leading R&D magazine today.

Research & Development World
  • Subscribe to R&D World Magazine
  • Enews Sign Up
  • Contact Us
  • About Us
  • Drug Discovery & Development
  • Pharmaceutical Processing
  • Global Funding Forecast

Copyright © 2025 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search R&D World

  • R&D World Home
  • Topics
    • Aerospace
    • Automotive
    • Biotech
    • Careers
    • Chemistry
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Software
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
    • Semiconductors
  • R&D Market Pulse
  • R&D 100
    • Call for Nominations: The 2025 R&D 100 Awards
    • R&D 100 Awards Event
    • R&D 100 Submissions
    • Winner Archive
    • Explore the 2024 R&D 100 award winners and finalists
  • Resources
    • Research Reports
    • Digital Issues
    • R&D Index
    • Subscribe
    • Video
    • Webinars
  • Global Funding Forecast
  • Top Labs
  • Advertise
  • SUBSCRIBE