Tim Rooney, Product Director - BT Diamond
DNSSEC has become widely recognised, not only as the solution for preventing DNS spoofing, but also as a way to provide additional security-in-depth for the Internet. Without DNSSEC, criminals can use DNS to pose as trustworthy online entities like government agencies by using DNS cache poisoning. DNSSEC uses PKI to digitally sign DNS messages. These digital signatures ensure the validity of responses to DNS queries preventing fraudulent DNS responses that could be used for attacks such as phishing. Generating, storing and managing cryptographic keys to a high level of assurance requires an HSM - with AEP Networks Keyper, your digital keys will be of high quality (generated using a highly random method) and safely stored where they cannot be accessed or misused.