Reliability doesn't happen by accident

The Domain Name System is so important that it is a "critical infrastructure". Is SWITCH doing enough to protect it?

Text: Urs Eppenberger, published on 01.04.2014

My iPhone wakes me up right on time. Local news is on the radio in the kitchen. The booking confirmation for my weekend break in Engadin is in my inbox as expected. On the train to a meeting in Bern, I show the conductor the electronic ticket on my phone.

It was not so long ago that this journey involved snaking through a landscape dotted with farmhouses and fields full of cows. Today, I hurtle through a tunnel at more than a hundred miles an hour. I no longer need to switch my radio alarm clock to medium wave and listen for the pips because the Network Time Protocol (NTP) synchronises the clock app on the iPhone for me. The radio in my kitchen streams programmes via UDP instead of live FM broadcasts. The train ticket is a JPEG on a smartphone instead of a piece of paper. Luckily, rather than punching a hole in it, he uses a handheld reader to check with a central computer that I have actually paid for the journey. A nod and a smile confirm that everything is in order. That part is the same as ever.

Backbone of data communication

All of this information is sent via the Internet, whether we are aware of it or not. It is now the backbone of data communication in Switzerland. Everyone relies on it being stable, not breaking down, having sufficient capacity and transferring data in the shortest possible time. If the Swiss Internet were to break down, many areas of day-to-day life would come to a standstill. The Federal Council has acknowledged this and added the Internet to its list of “critical infrastructures”, together with electricity, oil and water supplies, railways, roads and the banking system. Critical infrastructures are systems that would have a severe impact on the population and the economy if they were to fail. They would start a chain reaction affecting other systems. The operators of Switzerland's Internet, the telecommunications firms and SWITCH itself, are thus on the radar of the Federal Office for Civil Protection and the Federal Office for National Economic Supply. SWITCH was tested to verify that it could guarantee security and stability in the operation of a critical infrastructure for Switzerland. It passed with flying colours. This was no fluke. SWITCH works hard to ensure that this critical infrastructure is secure and stable.

Security and stability in the DNA

You could say that security and stability are in its DNA. The foundation is geared to long-term continuity, not growth and shareholder value. This gives SWITCH a basis on which to provide high-quality services to the academic community and to Switzerland as a whole. The very heart of the Swiss Internet is not so well known. It is the Domain Name System (DNS), a database that serves as a kind of phone book for addresses ending in .ch and .li. It stores e-mail and web addresses together with the numbers identifying the servers where the data are kept. For security reasons, two such directories are maintained: one in Lausanne, one in Zurich. The up-to-date data are assigned a digital signature and exported to the primary name server once an hour. The server, too, exists in duplicate. All of these systems are protected by firewalls. An attack on the servers would be fatal as Internet queries could no longer be forwarded to the right address. At the same time, however, the directory data must be publicly accessible. To this end, more than 60 computers spread all over the world store the DNS data, ensuring that queries from even the most far-flung places receive an instant response. A special technology called Anycast is used to make it practically impossible for attackers to destroy several or even all of these 60-odd computers.

No match for the experts' security measures

Nevertheless, SWITCH's security experts record a constant stream of attempted attacks. Some of them are targeted, some are more akin to a quick turn of the handle to see whether the door is locked, but they are no match for the experts' security measures.

SWITCH has over a quarter of century's experience in operating the Domain Name System. It knows how to keep any IT service, not just the DNS, running securely and stably for the academic community or for the entire country – unseen and yet indispensable.

This article appeared in the SWITCH Journal April 2014.
About the author
Urs   Eppenberger

Urs Eppenberger

After graduating in Electrical Engineering at the Federal Institute of Technology in Zurich, Urs Eppenberger joined SWITCH in 1987. He has worked in a variety of fields is currently Head of Devision, Registry & Collaboration.

Other articles