The majority of networked applications depend on the Domain Name System (DNS), which contains unsecured and vulnerable caching name servers that are easy targets for hackers to hijack. The developer community has recommended Domain Name System Security Extensions (DNSSEC), which use digital signatures and public key encryption to add authenticity to DNS. This allows DNS resolvers to verify the answers to DNS queries, i.e., the validity of the IP address that a domain name refers to. DNS zones are in urgent need of being digitally signed and SafeNet HSMs meet the necessary requirements to put this level of security in place.
SURFnet identified a need to safeguard the data used in DNSSEC for signing DNS zones, both internally, as well as for its constituency, the academic community. The company currently manages more than 5,000 DNS zones, and hopes to have a significant amount of their connected institutions DNSSECenabled during the next two years. When selecting a solution, a key factor for SURFnet was to ensure that data was secure from operational staff and outside parties in order to assure the security of customer data. SafeNet's Luna SA HSM, featuring integrated hardware key management and cryptographic acceleration, was an ideal solution.
Compatibility with OpenDNSSEC and the availability of integration support were also key deployment elements for SURFnet. SafeNet was selected as the vendor of choice at the end of 2009 and the initial solution was quickly implemented to meet SURFnet's deadlines. The system is due to be rolled out on a wider scale during the coming months.
Roland van Rijswijk, Technical Product Manager at SURFnet comments, "When considering who to work with on this project, SURFnet was keen to choose a company with a strong market reputation and experience with relevant technologies. When we began looking for a data protection solution there were several factors we considered. SafeNet's PKCS 11# implementation, as well as the high availability and secure backup features, were key for us. Also, the fact that all data is backed up on Luna SA's integrated HSM was ideal."
Mark Yakabuski, director of HSM product management at SafeNet says, "It has been great to work with SURFnet on this project and help them achieve their business goals. The success of the project will be determined by the positioning of SURFnet as one of the first organisations to deploy DNSSEC in the .nl domain space. SafeNet HSMs have been a trust anchor in securing digital infrastructures for 25 years, and working with SURFnet demonstrates our continued leadership in the evolving digital security market space. Working with SURFnet, we hope to establish a best practice case that will help the companies they work with and the wider business community benefit from this project and use it as a guide for their own DNSSEC deployments in the future."
About SURFnet
SURFnet is the National Research & Education Network (NREN) organisation in The Netherlands. SURFnet develops and provides innovative services for education and research in the field of network infrastructure, authentication and authorisation, and online collaboration environments. Every day, SURFnet provides access to these services to over one million users in higher education and research.
SURFnet is part of SURF, the collaborative organisation for higher education institutions and research institutes aimed at breakthrough innovations in ICT.. For more than 20 years, SURFnet has been one of the world's leading research network operators. More information can be found at www.surfnet.nl/info/en/.