Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?

Slides:

Advertisements

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Advertisements

Using the Self Service BMC Helpdesk

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

A Comprehensive Web Application Development and Deployment Platform.

By: E. Susheel Chandar M. Guna Sekaran Intranet Mail Server.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

GrapevineCS-4513, D-Term Introduction to the Grapevine Distributed System CS-4513 Distributed Computing Systems.

03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.

Internet Protocol Security (IPSec)

CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing.

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Introduction 1 Lecture 7 Application Layer (FTP, ) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.

TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

Basics Dayton Metro Library Place photo here August 10, 2015.

Introduction 1-1 Chapter 2 FTP & Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.

2: Application Layer1 Chapter 2 Application Layer These slides derived from Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross.

IDN over EPP (IDNPROV) IETF BOF, Washington DC November 2004.

1 Application Layer Lecture 5 Imran Ahmed University of Management & Technology.

Session 11: Security with ASP.NET

Overview Who is AusRegistry? Why use the existing infrastructure? What this means for you? Questions raised and Important points.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.

IT 424 Networks2 IT 424 Networks2 Ack.: Slides are adapted from the slides of the book: “Computer Networking” – J. Kurose, K. Ross Chapter 2: Application.

Fall 2005 By: H. Veisi Computer networks course Olum-fonoon Babol Chapter 7 The Application Layer.

Student Financial Assistance. Edconnet SFA to the Internet: EDconnect Software Session 16.

FTP (File Transfer Protocol) & Telnet

Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.

Chapter 13 – Network Security

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

PostalOne! / FAST Data Exchange - Vision 02/15/05.

Possible elements of the technical standards Pre-sessional consultations on registries Bonn, 2-3 June 2002 Andrew Howard UNFCCC secretariat

Web Security : Secure Socket Layer Secure Electronic Transaction.

Page 1 Business Banking Certification Training Table of Contents v Proprietary and Confidential TOPIC SECTION Overview1 Setting up the Admin Platform2.

Module 9: Fundamentals of Securing Network Communication.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP Library Encryption - LTO4 Key.

Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.

WebServices, GridServices and Firewalls Matthew J. Dovey Technical Manager Oxford e-Science Centre

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

Integrating and Troubleshooting Citrix Access Gateway.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

CS 3830 Day 9 Introduction 1-1. Announcements r Quiz #2 this Friday r Demo prog1 and prog2 together starting this Wednesday 2: Application Layer 2.

A. Whether dispute options for registrants should be developed and implemented as part of the policy (registrants currently depend on registrars to initiate.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

ACCOUNT ADMINISTRATION. Objectives In this session you will learn how to: –Create Business Units. –Create new users and manage security settings. –Configure.

Extensible Provisioning Protocol Scott Hollenbeck.

 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?

AFS/OSD Project R.Belloni, L.Giammarino, A.Maslennikov, G.Palumbo, H.Reuter, R.Toebbicke.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

CNNIC Chinese Domain Name Registration System Zhang Wenhui CNNIC China Internet Network Information Center.

Current Topic – EPP - TWNIC Jeff Yeh

Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.

1 Overview of the Hub Concept & Prototype for Secure Method of Information Exchange (SMIE) April 2013 Prepared by NZ & USA.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Antonio Fuentes RedIRIS Barcelona, 15 Abril 2008 The GENIUS Grid portal.

How to develop a VoIP softphone in C# by using OZEKI VoIP SIP SDK This presentation demonstrates the first steps concerning to how to develop a fully-functional.

IEEE SISWG (P1619.3)‏ Messaging & Transport. AGENDA Transport Protocols & Channel Protection Messaging Layer Capability Exchange & Authentication Groups.

1 FRED – open source registry system CZ.NIC, z.s.p.o. Jaromír Talíř

Working at a Small-to-Medium Business or ISP – Chapter 7

Working at a Small-to-Medium Business or ISP – Chapter 7

Unit 27: Network Operating Systems

Working at a Small-to-Medium Business or ISP – Chapter 7

Tim Bornholtz Director of Technology Services

Unit 8 Network Security.

Presentation transcript:

Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?

What are the provisioning methods used in the Australian registry systems?

The Key points: Object model Web based interface Socket based interface (EPP)

The Object Model Registrars – Registrar name, address, telephone Contacts – contact name, organisation, address, telephone, fax, Hosts – host name, IP address Domains – domain name, name servers, subordinate hosts, associated contacts

Object State - Status Objects maintain status Available statuses include: client/server – approved, cancelled, deleteProhibited, hold, rejected, renewProhibited, transferProhibited, updateProhibited inactive, linked, ok, pending pending – delete, transfer, verification

Web Based Interface Encrypted and secured using HTTPS(SSL) Good for small volumes Contains most features Limited technical knowledge Standard Web based forms – like objects

Socket Interface IETF EPP Protocol Extensible and Customisable SSL Encryption Full Automation Good for high volumes

EPP in detail An XML based protocol Full W3C compliant XML schema definition Makes use of XML namespaces Extensibility UTF - Internationalisation Manipulate all properties of objects Transport independent

Typical EPP command XML Header EPP Namespace EPP Command Object Specific Namespace Object Specific Information EPP Transaction ID

Typical EPP response XML Header EPP Namespace EPP Response Object Specific Namespace Object Specific Information EPP Transaction IDs EPP Response Code EPP Response Message

EPP Commands Hello and Greeting Login and Logout Check and Info Create, Modify and Delete Transfer (request, cancel and approve) Poll Status

Hello and Greeting Used to establish presence and server capabilities Client says “Hello” Server replies with its capabilities, current time and policies in effect. Sent as soon as transport session established

Login and Logout Used to start and stop session based communications Username and password Objects to be managed in that session Client can request policies to be used during that session Credentials used in the login are assumed for all following transactions in the established session

Check and Info Used to view information on objects in the registry database Check availability of objects e.g. Domains Names Retrieve the properties of objects you sponsor Retrieve information on other objects using the “authinfo”

Create, Modify and Delete Used to manipulate objects in the registry database Create new objects (Domains, Contacts and Hosts) Creating registrar becomes “sponsor” of object Modify details of existing objects that logged in registrar currently “sponsors” Delete objects, objects may fall into a pending delete status depending on policies in effect

Transfer (request, cancel and approve) Transfer of objects (Domains and Contacts) Gaining Registrar requests transfer from another Registrar Losing Registrar can approve or reject the transfer depending on policy Transfers will be server approved after a timeout period

Poll Used to check the server message queue Low balance messages Transfer request messages Expiry messages Used to acknowledge receipt of messages Also used to keep sessions active

Status Commands are atomic i.e. succeed or fail Can look up a command by transaction ID and find out if it succeeded or failed Can get details of previous command

Advantages of using EPP Industry standard - IETF Extensible - will support modifications or fit policy Vast array of toolkits available Well-defined atomic operation Full Automation

Example of Extensibility NAPTR records in domain create command

How are these provisioning systems secured?

Security viewed on three Levels Security of systems Authentication of Registrars (Tier 2) Authentication of Registrants

Security of systems Physical Security Firewalls – Authorised IPs only Security Policies Data

Registrar Authentication 3 Layers Secure Certificate Signed by AusRegistry Access given only to Registrar IP address range EPP Credentials (Username and Password)

Registrar Authentication Certificate Common name must match Username Username must match IP addresses being used Certificate must match IP address range Can’t use someone else’s certificate from your addresses

Registrant Authentication All domains contain “authinfo” field (domain password) “authinfo” is required to perform operations on domain, especially transfers Exactly how this is implemented is based on policy

Questions?

Thank you