Syracuse University and other institutions that use ‘.edu’ in their Web sites will have an opportunity for extra security by the end of March 2010, as announced earlier this month by EDUCAUSE, the group that operates the .edu domain name in cooperation with the U.S. Department of Commerce.

Hackers can interfere with the translation of an IP address, a numeric code needed for a computer to connect to the Internet and used to identify Web sites, said Steve Worona, director of Policy and Networking Programs for EDUCAUSE. The new security program, Domain Name System Security Extensions, will create layered protection to keep such hackers away.

‘Relatively few domains have chosen to take this step,’ Worona said. ‘Out of millions and millions of hosts on the Internet, only a few are protected.’

Christopher Croad, director of information security at SU’s Information and Technology Services, said SU is planning on implementing the new security system as soon as possible. The security system, however, is not a number one priority for ITS, Croad said.

‘(ITS) will sit down as a group and look at what we have scheduled to happen,’ Croad said. ‘It’ll go into the list of projects. As soon as we can get to it, we will.’

In order to receive this protection, Worona said people in charge of college and university Web sites first have to register their domain name on the EDUCAUSE Web site. Once the DNSSEC is set in place, those in charge of each registered Web site can incorporate a digital signature with the IP address. This can help prevent hackers from adjusting the numbers on the IP addresses.

Croad said SU has seen such activity from hackers, though not at an alarming level.

‘There are sites that we’ve seen certain things happen,’ he said. ‘Hackers have put ads for legal drugs, for other sites. They’ve been able to manipulate the pages.’

Before the March 2010 debut, EDUCAUSE will have a trial run with the security system involving a group of college and university campuses. Worona said this will allow the organization to see if there are any problems with the program and test how the school Web sites will operate with the security in place. He said the campuses involved in the test group have not been chosen yet.

Worona said college and university Web sites in particular have been enthusiastic about the new security opportunity.

‘We’ve gotten dozens of messages from the .edu community,’ he said. ‘They are eager to use the technology once it’s put in place. As soon as the capability is turned on, we expect dozens of people to take advantage of it.’

smtracey@syr.edu

Published on September 21, 2009 at 12:00 pm