DNS Security, Stability and Resiliency



Similar documents
Internet Security and Resiliency: A Collaborative Effort

Strengthening our Ecosystem through Stakeholder Collaboration. Jia-Rong Low, Sr Director, Asia 20 August 2015

Internet Structure and Organization

Global DNS-CERT Business Case: Improving the Security, Stability and Resiliency of the DNS

Submission of the.au Domain Administration Ltd (auda) to the Australian Government's Cyber Security Review

ICANN STRATEGIC PLAN JULY 2012 JUNE 2015

ICANN Engagement Strategy Middle East! Baher Esmat!! MENOG 13! Kuwait, September 2013!

Measures to Protect (University) Domain Registrations and DNS Against Attacks. Dave Piscitello, ICANN

Telecom and Internet Regulatory Challenges and Opportunities Names, Numbers, Internet Governance

Cybersecurity thoughts and issues from a political perspective

How To Manage Icann

PLAN FOR ENHANCING INTERNET SECURITY, STABILITY, AND RESILIENCY

Best Practices in Domain Name Registry Solutions Understanding the Technical Requirements of ICANN's Applicant Guidebook

Strategic Planning for Small Business. Carol Rovello * carol@strategic-workplace-solutions.com *

Current Counter-measures and Responses by the Domain Name System Community

Security in the Network Infrastructure - DNS, DDoS,, etc.

SAC 049 SSAC Report on DNS Zone Risk Assessment and Management

Lessons from Defending Cyberspace

Root zone update for TLD managers Mexico City, Mexico March 2009

IANA Functions to cctlds Sofia, Bulgaria September 2008

BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE

Multi-Stakeholder Model Internet Governance

DNSSEC - Why Network Operators Should Care And How To Accelerate Deployment

] RIN 0660 XA23:

DNS Security Survey for National Computer Security Incident Response Teams December 2010

Seamus Reilly Director EY Information Security Cyber Security

Internet Bodies.

DNS Risks, DNSSEC. Olaf M. Kolkman and Allison Mankin. and 8 Feb 2006 Stichting NLnet Labs

Final. Dr. Paul Twomey President and Chief Executive Officer Internet Corporation for Assigned Names and Numbers (ICANN)

Consultation Paper on the Review on Administration of Internet Domain Names in Hong Kong

Innovating with the Domain Name System: From Web to Cloud to the Internet of Things

[Letterhead of cctld]

U. S. Attorney Office Northern District of Texas March 2013

A Survey of cctld DNS Vulnerabilities. ITU cctld Workshop March 3, 2003

How To Understand The Role Of Internet Governance

The FBI and the Internet

Computer Networks: Domain Name System

Declaration of Principles of the World Summit. Tunis in 2005 adopted by Heads of States and Governments stated that:

DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008

Comments on Docket Number , Enhancing the Security and Stability of the Internet s Domain Name and Addressing System

The Future of the Internet

Asset Management Plan Development and Gap Analysis. Katie Erickson, City of Wyoming

ICANN 33. Patrick Jones ICANN, Registry Liaison Manager 4 November 2008

New gtld Basics New Internet Extensions

Before the. Committee on Energy and Commerce Subcommittee on Communications and Technology United States House of Representatives

PM Governance. Executive Team ADCA ADCA

BUENOS AIRES ccnso Secure Communication for cctld Incident Response Working Group [C]

5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep)

Understanding Internet Focus Institutions [Session 6]

Monitoring the DNS. Gustavo Lozano Event Name XX XXXX 2015

JPCERT/CC Internet Threat Monitoring Report [January 1, March 31, 2015]

FY17 Operating Plan & Budget

Defending Against Cyber Security Threats to the Payment and Banking Systems

Cybersecurity Framework: Current Status and Next Steps

OPERATIONAL REQUIREMENTS DOCUMENT

The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness

DNS Measurements, Monitoring & Quality Control

Business Continuity for Cyber Threat

Business Continuity Management Charter

Solving the Security Puzzle

Legal Issues / Estonia Cyber Incident

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 1 of 12. CentralNic. Version 1.0. July 31,

SDNP.mw cctld DOMAIN REGISTRATION POLICY Ver 1.2 of 23 July 2015

Year End Results for FY10 Trimester Goals Color Key: T1 T2 T3

Vendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire

.Masr IDN registry system. National Telecom Regulatory Authority Of EGYPT ( NTRA ) ( 20 Min )

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities

Business Continuity Management

IT Service Management

ICANN- INTERNET CORPORATION OF ASSIGNED NAMES & NUMBERS

Provide access control with innovative solutions from IBM.

Securing DNS Infrastructure Using DNSSEC

ICANN: achievements and challenges of a multi-stakeholder, bottom up, transparent model

CRISP Team Response to the IANA Stewardship Transition Coordination Group (ICG) Call for Public Comment on IANA Stewardship Transition Proposal

Cyber Security Risk Management

Deploying DNSSEC: From End-Customer To Content

Applying SDN to Network Management Problems. Nick Feamster University of Maryland

Commercial Stakeholder Group Charter

Best Practice Strategies for Managing and Mitigating Key Cyber Risks. Brendan Saunders, Principal Security Consultant - November 2015

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Date: May 29, Introduction

FAQ (Frequently Asked Questions)

Bradford J. Willke, CISSP

aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA

MIC s Efforts on Cybersecurity Human Resource Development

SaudiNIC Experiences in Managing the Saudi cctld (.sa)

The Environment Surrounding DNS. 3.1 The Latest DNS Trends. 3. Technology Trends

DNS Security Control Measures: A heuristic-based Approach to Identify Real-time incidents

4A Healthcare Data Security & Privacy

Toward A Closer Digital Alliance

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)

Domain Name Market Briefing. 24 June 2012

Distributed and Outsourced Software Engineering. The CMMI Model. Peter Kolb. Software Engineering

Online Training Opportunities

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security

Cyber security in an organization-transcending way

Exam Results. IT 4823 Information Security Administration. Project Management for Information Security. Introduction. Project Planning Considerations

CERT Collaboration with ISP to Enhance Cybersecurity Jinhyun CHO, KrCERT/CC Korea Internet & Security Agency

The Practical Guide to HIPAA Privacy and Security Compliance

Cyber Security for Advanced Manufacturing Next Steps

Transcription:

DNS Security, Stability and Resiliency John Crain Chief Technical Officer April 21st 2009 Garmisch 1

Agenda The Global DNS SSR Symposium Problems and Opportunities Questions? 2

The Organization Sponsors: Georgia Tech, DNS-OARC, George Mason University, ICANN Chairs: Dave Dagon, Georgia Tech John Crain, ICANN 3

Global DNS Symposium Feb 2-3 2009, Atlanta, Georgia 100+ invited experts Attendees from many sectors Registries Registrars Security Agencies ISPs DNS software manufacturers OS/browser manufacturers Hardware Suppliers 4

Goal of Symposium Main purpose was to document known risks to the DNS and to perform a gap analysis on current work and solutions. Further to define areas where collaborative solutions may exist. http://www.gtisc.gatech.edu/icann09 5

Focus areas Enterprise use of DNS DNS in resource constrained environments Combating malicious use of the DNS 6

Understanding Risks When talking about Risk one of the first things we realized... The level of awareness with respect to the DNS is very low All quotes from Symposium Report 7

Problems & Opportunities 8

Problem: There is a need for training across all sectors of the industry to raise both skills and awareness. Operators and managers from the smallest cctld to large service providers require training to increase skill and capacity in operating and defending the DNS The issue came up in all three sub-groups! 9

Opportunity: ICANN has been active in promoting training for CcTLD administrators. Technical workshops together with organizations such as ISOC and the NSRC. Working with regional TLD groupings to train on Contingency Planning. How do we improve in other areas of the industry? Who should be doing this type of awareness/skill raising? 10

Problem: There is need for better coordination! CERT s are not as well known in the operational community as we would have hoped. The DNS technical, operational, and security communities are disjointed and in need of a dedicated information sharing and incident response capability 11

Opportunity: Recent needs to coordinate against conficker have raised awareness in the community. Discussions will be held at ICANN Sydney in June. How do we bridge the gap between the CERT world and the DNS world? Awareness is first step to a solution? 12

Problem the toolset, both technical and non-technical must improve; operators need simplified technical tools, managers need ways to conduct operations proactively and the community as a whole needs accountability standards and methods for measuring those standards There are very few affordable tools available that focus on DNS operations. 13

Opportunity: There would appear to be a market for such tools. How can we as a community make developers aware? Are there things that can be done to encourage specific open-source tools? Who can champion this cause? 14

Problem concerns were expressed over organizational outsourcing of DNS services based on an incomplete review of information which didn t account for potential reductions in control, visibility, privacy and internal know how The underlying issue seemed to be about making informed decisions rather than outsourcing per se. 15

Opportunity: Training programs such as those held by ICANN, ISOC and NSRC will hopefully increase DNS operators ability to make informed decisions. Are there other things that could/should be done? If so by whom and how? 16

Problem: clearer understanding is needed of ICANN s mission and role with respect to security, stability and resiliency of the DNS and the Internet at large. There was a wide divergence on what people thought ICANN s role was or should be. 17

Opportunity ICANN will publish a document soon that will hopefully bring clarify to what ICANN s role is, and as important is not with respect to the Security, Resiliency and Stability of the Internet 18

The whole report It is a fact that there are many threats associated with the use of DNS including lack of authentication, cache poisoning, DDOS etc. However often it can be simple and less complicated issues that are the root cause of failures. Lack of awareness of the importance of DNS and not planning accordingly can cause equally catastrophic results. - John Crain Please read the report! 19

More importantly When reading the report please think about possible ways of becoming part of the solution. Being more aware is a good start but maybe you can also help with specific issues? 20

Thank You 3

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information