DNSSEC from an application perspective.

 

This topic introduces IPsec and DNSSEC from an application perspective. Research how to implement these protocols using networking devices. Why would an organization choose to implement these protocols using external networking devices rather than from within a domain controller? Briefly provide some benefits and disadvantages.

Reply to responses
A Shauna
DNSSEC adds security to DNS responses by providing the ability for DNS servers to validate DNS responses. With DNSSEC, resource records are accompanied by digital signatures. These digital signatures are generated when DNSSEC is applied to a DNS zone using a process called zone signing. IPSec is usually used in the context of a virtual private network between two machines over a public network that is almost as secure as a connection on a private network. VPN’s most well-known use case is to allow remote employees to access secured files behind a corporate firewall as if they were working in the office. The reason of why an organization may use external networking devices is because a domain controller holds a lot of sensitive information and is best to keep anything malicious off of the domain controller. Implementing these protocols can make sure sites are legitimate and they are trusted.
Fruhlinger, J. (2021, December 30). How IPsec works, it’s components and purpose. CSO Online. Retrieved March 22, 2022, from https://www.csoonline.com/article/2117067/data-protection-ipsec.html
Step-by-step: Demonstrate DNSSEC in a test lab. Microsoft Docs. (2016, August 31). Retrieved March 22, 2022, from https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831411(v=ws.11)
B Cory

IP Security Architecture (IPsec) is a protocol that is intended to boost security for communications within and outside of a network. It functions on the IP Level of the TCP/IP Protocols, and essentially allows the packets of data that are transmitted to be encrypted to deter potential threats that are listening or for those packets that are captured. It also helps authenticate packets that the network and devices receive to ensure they are not malicious. A famous example of IPsec in action would be a Virtual Private Network (VPN) (Roles of IPsec, n.d.) Domain Name System Security Extensions (DNSSEC) is another protocol that was designed with the intention of boosting security for networks and their devices. It was originally based on the Domain Name System (DNS), and was developed as DNS became less reliable. DNSSEC strengthens the DNS protocols by enforcing Data Origin Authentication, which is essentially when the sender of the data is verified as true, and Data Integrity Protection, which checks that the data received has not been changed or altered in any way since it left the sender. This helps the network to verify if the data it receives is both accurate and trustworthy, which greatly assists in protecting the network overall (Liu, 2013).
For implementation purposes, these protocols are generally implemented on the network devices themselves, rather than on the domain controller. The reason for this is for fault tolerance purposes. If these protocols are only enabled on the Domain Controller and if the Domain Controller Device ever went offline, the rest of the network would then be left vulnerable without these protocols enabled. On the opposite side, while it would be advantageous to only host these protocols on the Domain Controller to have better control and overall view of how the network is processing data, the advantages do not outweigh the risks (Implementing IPSec Network Security, 2011).

This question has been answered.

Get Answer