DNS and DNSSec Eustace Asanghanwa Andrew Bates Shane Jahnke Brian Wilke.

Slides:

Advertisements

Similar presentations

Provenance-Aware Storage Systems Margo Seltzer April 29, 2005.

Advertisements

Windows® Deployment Services

Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.

19/05/2011 CSTS File transfer service discussions CSTS-File Transfer service discussions (2) CNES position.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Akamai DNS Offerings RSA © Conference ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.

Moving Target Defense in Cyber Security

DNS Security Overview AROC Guatemala July What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

DHCP Security Analysis Dallas Holmes / Matt MacClary ECE 478 Project Spring 2003.

INTEGRATING NETWORK CRYPTOGRAPHY INTO THE OPERATING SYSTEM BY ANTHONY GABRIELSON HAIM LEVKOWITZ Mohammed Alali | CS – Dr. RothsteinSummer 2013.

DNS Security A.Lioy, F.Maino, M. Marian, D.Mazzocchi Computer and Network Security Group Politecnico di Torino (Italy) presented by: Marius Marian.

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.

DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

The Darknet and the Future of Content Distribution by Shruthi B Krishnan.

RASD Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007.

1 Database indices Database Systems manage very large amounts of data. –Examples: student database for NWU Social Security database To facilitate queries,

© Afilias Limitedwww.afilias.info SM Challenges of Deploying DNSSEC: Prepare your ccTLD with Secondary DNS services LACNIC Meeting May 2010 Presented by:

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

1 DNS Name Service based on Secure Multicast DNS for IPv6 Mobile Ad-hoc Network Jaehoon Jeong, ETRI ICACT.

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.

1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.

Domain Name System Security Extensions (DNSSEC) Hackers 2.

Basavaraj Patil IETF 78.  Implementation details: Implemented on Nokia N900 and Ubuntu 10, and Debian 5 linux variants TLS connection is established.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Tony Kombol ITIS Who knows this? Who controls this? DNS!

5 September 2015 Culrur-exp project CULTURe EXchange Platform (CULTUR-EXP) project kick-off meeting, August 2013, Tbilisi, Georgia Joint Operational.

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

Distributed Systems. Outline  Services: DNSSEC  Architecture Models: Grid  Network Protocols: IPv6  Design Issues: Security  The Future: World Community.

IIT Indore © Neminath Hubballi

Olaf M. Kolkman. Domain Pulse, February 2005, Vienna. DNSSEC Basics, Risks and Benefits Olaf M. Kolkman

INSERT GRAPHIC SQUARE HERE World Wide Web EPC Network DNS Authoritative system that routes requests for Web sites and ONS Authoritative record of.

Enabling Embedded Systems to access Internet Resources.

DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.

Olaf M. Kolkman. Apricot 2005, February 2005, Kyoto. DNSSEC An Update Olaf M. Kolkman

DYNAMIC VALIDITY PERIOD CALCULATION OF DIGITAL CERTIFICATES BASED ON AGGREGATED SECURITY ASSESSMENT By Alexander Beck Jens Graupmann Frank Ortmeier.

Packet Filtering & Firewalls. Stateless Packet Filtering Assume We can classify a “good” packet and/or a “bad packet” Each rule can examine that single.

TODAY & TOMORROW DAY 2 - GROUP 5 PRESENTED BY: JAMES SPEIRS CHARLES HIGBY BRADY REDFEARN Domain Name System (DNS)

Phil Regnauld Hervey Allen 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Bibliography.

DNS Dynamic Update Performance Study The Purpose Dynamic update and XFR is key approach to perform zone data replication and synchronization,

Naming March 8, Networks What is naming?  Associations between some elements in a set of names and some elements in a set of values  Binding.

Initial Tiger Team Briefing New Dells with TPM Peter Leight Richard Hammer May 2006.

Tony Kombol ITIS DNS! overview history features architecture records name server resolver dnssec.

CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure.

2.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 2: Examining.

* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.

DNS Session 5 Additional Topics Joe Abley AfNOG 2006, Nairobi, Kenya.

Zeus Web Server and HP Secure Linux Andy Pearce

Heartbeat Is a daemon that provides cluster infrastructure. It must be combined with a cluster resource manager. The CRM takes care of stopping and starting.

Enhance Security of IP Network using New Architecture of Address Validation Xiaodong Duan China Mobile.

DNS Security Extension 1. Implication of Kaminsky Attack Dramatically reduces the complexity and increases the effectiveness of DNS cache poisoning –No.

Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.

By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.

Computer and Network Infrastructure for the LHCb RTTC Artur Barczyk CERN/PH-LBC RTTC meeting,

A centre of expertise in digital information managementwww.ukoln.ac.uk Search Facilities For Web Sites A Discussion Group Session Brian Kelly UKOLN University.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

(Domain Name System) Ismael Ali Technology Context Chi.

By Harshal Ghule Guided by Mrs. Anita Mahajan G.H.Raisoni Institute Of Engineering And Technology.

Using Rhythmic Nonces for Puzzle-Based DoS Resistance Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, and Daniel Rebolledo University of.

Infrastructure Deployment Services Dell Networking Deployment Services.

Factors for Decision Making

EdgeX System Management Nov 6th 2017

COMP 430 Intro. to Database Systems

Title Introduction: Discussion & Conclusion: Methods & Results:

Presentation transcript:

DNS and DNSSec Eustace Asanghanwa Andrew Bates Shane Jahnke Brian Wilke

Introduction Standard DNS Security Concerns DNSSEC Management Implications Impact to Embedded Systems Conclusions

Standard DNS

Security Concerns UDP Query ID only 16 bits Small search space Well known ports

DNSSEC Public Key Infrastructure, e.g. SSL Chain of Authority Validation of DNS records

Management Implications Who manages keys? Root keys Key rotation Clock synchronization Requires wide spread adoption Few production implementations

Impact to Embedded Systems Embedding Challenges Limited memory & storage Limited CPU resources Limited power Expensive secure storage Linux and BIND9 installed, and DNS configured. Currently configuring for DNSSEC

Conclusions DNS has security concerns DNSSEC offers solutions Solutions introduce new problems