DNSSEC Practices Statement Module 2 CaribNOG 3 12 June 2012, Port of Spain, Trinidad

Slides:

Advertisements

Similar presentations

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.

Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

All Rights Reserved, Duke Medicine 2007 IT Security Presented by: Trisha Craig and Don Elsner Principal Auditors – IT Audit Duke University 1.

Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.

Securing the Government’s DNS Infrastructure with DNSSEC

DNSSEC Sample Implementation MENOG 10 Workshop 22 April 2012, Dubai

David L. Wasley Office of the President University of California A PKI Certificate Policy for Higher Education A Work in Progress Draft David L.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,

Security Controls – What Works

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

Environmental Management Systems Refresher

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

© Copyright 2003, Binomial International Inc. Phoenix Business Continuity and Disaster Recovery Planning Software Recovery Planning Software Tools Recovery.

Session 3 – Information Security Policies

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Information Security Technological Security Implementation and Privacy Protection.

SEC835 Database and Web application security Information Security Architecture.

Evolving IT Framework Standards (Compliance and IT)

Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

IANA Department Activities, RIPE 66, Dublin, Ireland May 2013 Elise Gerich.

WebTrust SM/TM Principles and Criteria for Certification Authorities CA Trust Jeff

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

Security and Stability of Root Name Server System Jun Murai (From the panel on Nov. 13 th by Paul Vixie, Mark Kosters, Lars-Johan Liman and Jun Murai)

Security considerations for mobile devices in GoRTT

Introduction to Secure Messaging Issues Russ Chung, American Eagle Group The Open Group Messaging Forum July 24, 2003.

+1 (801) Standards for Registration Practices Statements IGTF Considerations.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

DNSSEC deployment in NZ Andy Linton

PKI Activities at Virginia September 2000 Jim Jokl

Engineering Essential Characteristics Security Engineering Process Overview.

A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

.LV today and tomorrow Katrīna Sataki, NIC.LV Riga, 19 April 2013.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

OpenDNSSEC Deployment Tianyi Xing. Roadmap By mid-term – Establish a DNSSEC server within the mobicloud system (Hopfully be done by next week) Successfully.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

HEBCA – The Operating Authority July 2005 Dartmouth PKI Summit.

ISO Registration Common Areas of Nonconformances.

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

POLICY: Application rules Moderator John Berryhill – John Berryhill LLC Panelists Thomas Barrett - EnCirca Mike Rodenbaugh – Rodenbaugh Law Nick Wood –

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

ISO CONCEPTS Is a management standard, it is not performance or product standard. The underlying purpose of ISO 1400 is that companies will improve.

Operational Issues. Operational Changes It is important to organisations to ensure that they abide by the Law when caring for the safety of their employees,

Information Security tools for records managers Frank Rankin.

Models of Security Management Matt Cupp. Overview What is Security Management? What is Security Management? ISO/IEC ISO/IEC NIST Special Publication.

UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.

HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.

© 2007 Open Grid Forum Authentication Service Profile Christos Kanellopoulos 14 th EUGridPMA, Lisbon, PT October 7 th, 2008.

LoA In Electronic Identity Jasig Dallas Levels of Assurance In Electronic Identity Considerations for Implementation Benjamin Oshrin Rutgers University.

DNSSEC Operations in .gov

IS4680 Security Auditing for Compliance

A Longitudinal, End-to-End View of the DNSSEC Ecosystem

Securing and Protecting Citizens' Data

Emerging Audit and Internal Control Issues

LO1 - Know about aspects of cyber security

Presentation transcript:

DNSSEC Practices Statement Module 2 CaribNOG 3 12 June 2012, Port of Spain, Trinidad

References DNSSEC Policy & Practice Statement Framework.SE DPS, Root DPS Credits: Fredrik Ljunggren Anne-Marie Eklund-Lowinder Tomofumi dnssec-dps-framework-07 dnssec-dps-framework-07

Sample DPS Introduction-Section 1 Publication and Repositories-Section 2 Operational Requirements-Section 3 Management, Operational and Physical Control- Section 4 Technical Security Controls-Section 5 Zone Signing-Section 6 Compliance Audit-Section 7 Legal Matters-Section 8

Introduction Describes document and DNSSEC (1.1 – 1.2) – Version control (1.2) Defines roles and responsibilities – Registry (1.3.1) – Registrars (1.3.1) – Registrants (1.3.2 and 1.3.4) – Relying party (1.3.3) Other (1.4)

Publication and Repositories Identifies where DPS and KSK are published (2.1 and 2.2) Other (2.3)

Operational Requirements Define domain names (3.1) Child zone – DS record requirements (3.2, 3.4) Proof of private key possession (3.5) Removal (3.6) – Manager identification (3.3)

Management, Operational and Physical Control Physical Controls – Access Controls – Facilities Site location and construction (4.1.1) Physical access (4.1.2) Environmental concerns (4.1.3 – 4.1.8) Operational and Management Controls – Procedural controls Trusted roles (4.2.1 and 4.2.3) Separation of duties (4.2.2 and 4.2.4) – Personnel controls (4.3)

Management, Operational and Physical Control Operational and Management Controls – Audit logging procedures (4.4) – Compromise and disaster recovery Incident management (4.5.1 – 4.5.3) Contingency plan (4.5.4 – 4.5.5)

Technical Security Controls Key management – Key pair generation and installation (5.1) – Private key protection and cryptographic modules and engineering controls (5.2) – Other aspects (5.3 and 5.4) Security controls – Computer (5.5) – Network (5.6) – Timestamp (5.7) Lifecycle technical controls (5.8)

Zone Signing Key lengths and algorithms (6.1 – 6.3) Key rollover, timing (6.4 – 6.6) Other (6.7 – 6.9)

Compliance Audit Frequency of audit (7.1) Auditor choice issues (7.2 – 7.3) Other (7.4 – 7.6)

Legal Matters Fees (8.1) Privacy (8.2) Limitation of liability (8.3) Other (8.4)

Demo DPS