Domain Name System Security Extensions (DNSSEC) AUTHORS: Ryan Ducharme LuYao Zhang ADVISOR: Scott Kitterman
Vulnerabilities in the Domain Name Domain Name System Security Extensions (DNSSEC) System have been discovered that Department of Computer Science allow attackers to hijack sessions and deceive users into visiting their web Abstract server. Domain Name System Security Extensions (DNSSEC) is a suite of extensions that are designed to make surfing the web safer by validating you Project Goals are getting the information you asked for. Since only 8% of .EDU domains are DNSSEC-enabled, this project’s purpose is to propel the University of New Hampshire to join the minority What’s Next? and eventually implement DNSSEC on www.UNH.edu. This involves creating reporting tools to monitor the health of a test DNS server with DNSSEC capabilities. The goal is to build tools that will give UNH network administrators confidence to implement DNSSEC at the University so users can be always be connected to valid sources. Project Team: Ryan Ducharme + LuYao Zhang Project Advisor: Scott Kitterman
Vulnerabilities in the Domain Name System have been discovered that allow attackers to hijack sessions and deceive users into visiting their web server. Domain Name System Security Extensions (DNSSEC) is a suite of extensions that are designed to make surfing the web safer by validating you are receiving the information you asked for.
Since only 8% of .EDU domains are DNSSEC-enabled, this project’s purpose is to propel the University of New Hampshire to lead the way and implement DNSSEC on www.UNH.edu.
DNSSEC Chain of Trust
Long-Term • Sign the UNH.EDU zone at the University using appropriate keys • Configure all name servers to support DNSSEC
.GOV DNSSEC Implementation
Snapshot of a Report on the Project Web Server
Short-Term • Create reporting tools on a remote server using MySQL database • Run queries against an isolated test domain that is signed with DNSSEC • Scripts query the domain automatically from the remote server using Bash scripts • Maintain a web server to display reports and health checks of the signed zone
• • •
Install and test DNSViz alert tools on the remote server • These tools will alert administrators if keys are nearing expiration or if the trust chain is broken Monitor the website regularly to ensure the zone is being signed automatically Analyze DNS log files for unusual activity or potential DDoS attempts
A Simple DIG ANY of www.it710.net
COMPUTER SCIENCE-APPLICATIONS
.EDU DNSSEC Implementation
Peer Review Dashboard AUTHORS: Mitchell Fillion Kylie Patton
The Computer Science department at the PEER REVIEW DASHBOARD University of New Hampshire currently has no uniform platform available to manage Senior Capstone peer reviews. The peer reviews are used to monitor how teams work together and help identify any issues that evolve during the senior project creation. The Peer Review Dashboard project aims to provide a uniform interface that will allow for the creation, distribution and analysis of student reviews. The dashboard is a custom-made website, written primarily in PHP, running on a Linux web server. Professors in the Computer Science department will be able to create and share review questionnaires with their students within a secure web application. Once review data has been submitted by a student, the professor can log into the administrative portal and view a summary of the review data that has been entered by the students. The administrative portal will also allow the professor to manage users and teams, retrieve various statistics, and more. The Peer Review Dashboard eliminates the need to export data from one platform to another, keeping the data contained in one central repository. Authors: Mitchell Fillion & Kylie Patton Project Sponsor: Collette Powers
Problem Statement
Solution
•
Google Forms is the current platform for CS/IT Senior Capstone Peer Reviews. This allows for little to no
•
administrative abilities such as searching, scalability, data manipulation, and the like.
•
CS professors will be administrators
Administrators will have the ability create and share review questionnaires with their students visa a secure web application
•
ADVISOR: Collette Powers
Additional Issues with Previous Format
Administrative portal will have the following capabilities:
•
A view of summary review data
•
Management of users and teams
•
Google tools only allows for viewing forms by submission No usable analytics for data being collected
•
Export data efficiently
•
•
Various statistic retrieval
•
Need for customized creation, distribution, and analysis of peer reviews
•
And more!
Comparison
Old format: Google Form • Date exported to an excel sheet • Group size and other variables were not scalable • No ability to search among reviews • No efficient way for an administrator to manage or visualize data New format: Website/Dashboard • Unified engine • Manage users and teams directly from application • View responses by team or individuals
Technologies Used:
Security
The Peer Review Dashboard was built with security in mind.
• Secured with the latest standards to keep your data safe
• Encrypted connections using TLS 1.2 authentication protocol, ECDHE_RSA with P-256 key exchange, and AES_256_GCM ciper
• Advanced controllers prevent unauthorized access to web pages • Backups are encrypted to help prevent data breaches • Trust certificate: InCommon RSA Server CA
Winning Project
2017
2017UNDERGRADUATERESEARCHCONFERENCE
Backups & Reliability
Next Steps: Optimization & Usability
Automated backups – ensures the data stays the way you intended it to.
Optimization
•
Crontab ensures that the backup scripts run reliably and predictably
•
•
rsync keeps I/O operations low by only copying modified files
Usability
Code will be revised and optimized to reduce server overhead
•
Application will be deployed to small test groups to determine areas of improvement
•
Application will be revised to enhance usability based on user feedback