On 5th February 2019, a report regarding DNSSEC was shown on the SRF “Tagesschau” program. What exactly is DNSSEC, and how does it contribute to security when e-banking?
Any web server, i.e. website on the Internet, can generally only be reached via a so-called IP address. However, since humans can remember names (such as www.ebas.ch) better than numbers (for instance 220.127.116.11), a Domain Name System (DNS) was established. The DNS is something like the telephone directory of the Internet - it converts a domain name to an IP address so that you as a user only have to enter the website’s name into your browser’s address bar and not the number. DNSSEC (Domain Name System Security Extensions) now describe a DNS extension which is meant to ensure security and prevent any potential manipulations.
The Swiss financial institutions’ e-banking systems are already secured extremely well by way of secure data transmission (SSL), two-factor authentification and background transaction monitoring. DNSSEC is another instrument to increase this security further. And Swiss Internet service providers (such as banks, too) are encouraged to determine whether they can implement this technology as well.
It is however important to note that DNSSEC can only protect against certain types of attack, i.e. those which are directly aimed at the DNS system. Attacks aimed directly at the end customer (e. g. phishing mails which include a link to a faked website) are still possible, even when DNSSEC is in use.
It is therefore important for you as an e-banking user that you still…
- never use any link you have received via e-mail to log into any financial institution.
- never fill in any forms received by e-mail asking you to enter log-in information.
- never disclose any confidential information during telephone calls, such as passwords.
- always enter the address for a financial institution’s log-in page manually.
- always check that the connection is secure.