Change cryptographic keys (protection of the domain name system), which announced on October 11 around the world – will not lead to interference in the operation of the Internet in Ukraine, because on its territory there are not so many hub servers, however, users have to be careful with their data.
Comments about this correspondent of ГолосUA reported operating officer of the company 10Guards Vitaly Yakushev.
“Change of a domain key associated with the replacement of their servers resolve domain names – the so-called DNS servers. The procedure for changing keys can be a completely safe, and completely disorderly. Change the data of the keys – not some supernatural science, so, I don’t think there are serious grounds for concern”, – said the expert.
Yakushev explained that DNS translates alphanumeric addresses that we use to go to one or the other website in the “machine”.
“The DNS system allows human (symbolic) addresses to translate into “machine” (IP address). But the problem is that if one enters a legitimate address, then the attacker at the time of replacement (translation) can replace him on the fake “native” and “drag” it to another server. That is, if we are talking about the Bank’s website, the attacker can lure the user to a fake website and steal the money. Or steal his username and password, lured by a fake website of a particular social network,” – said the expert.
Also, as noted by V. Yakushev, during key replacement DNS servers may be temporarily unavailable. Therefore, some resources may be loaded either long or not load at all.
“The process of updating the servers that store matching “human” names and machine theoretically takes up to three days. But, as a rule, this occurs for two to three hours. And it can affect only a small percentage of users,” – said the expert.
As explained Vladimir Yakushev, the fact is that when you change keys, the site may not be available because when referring to the DNS server that contains its machine room, the computer will not get the right IP address to connect.
“It is important that this moment will be replacing, this are unable to exploit. So while there will be a replacement domain keys is better not to carry out financial transactions,” – said the expert.
However, if you change the keys will need to urgently implement an action associated with the transfer of funds, in this case, Yakushev advises not to use the DNS server of the local ISP and use a secure server Google, by typing in the address bar 220.127.116.11 or server Cloudflare – 18.104.22.168.
“When a legitimate DNS server, you enter in the browser address bar facebook.com., the computer communicates with the nearest DNS server (specified in the settings of your device) and makes a request for switching to “machine” address. Then the system compares these two addresses and provides a response, after which the browser by routing goes to the server and downloads the appropriate site,” – explained the expert.
As an example, he cited an analogy. Inside the network any provider can offer not to go to the root (the main one) DNS server (or Google), and use its local copy to increase speed of access for users.
“Local server stores a copy of the global server. But what prevents me as the owner of this local server to replace the data? Interferes with integrity. While hackers not a hindrance. Therefore, if a compromised provider and a copy of the global server (local DNS server), then the substitution of “machine” addresses possible. So in the settings should always immediately put global addresses to leave less chances to the attackers,” said Yakushev.
Recall that according to figures announced by the Corporation on management of domain names and IP addresses (ICANN) on October 11 assigned to the change of cryptographic keys for the protection of the domain name system. Because of this, some web users may experience difficulties with access to a number of web pages. It is noted that such a process will be the first time in history.
Corporation for assigned names published a guide that will help everyone prepare for the updates.
According to the results of the preliminary analysis, 99% of users this process will not affect. However, a small proportion of users the problem is still affected. Experts said that every person will understand if you become a victim of technical changes. Within 48 hours after the upgrade he gets the error messages: for example, server failure, or SERVFAIL. As follows from published guidance, to help solve the problem will the operator.
Staff clarified that the October 11, 2018 – tentative date of the change of keys. The Board of the organization must approve it in September.