DUKE UNIVERSITY WWW.OIT.DUKE.EDU DNSSEC 101 Kevin Miller.

Slides:



Advertisements
Similar presentations
Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
Advertisements

Review iClickers. Ch 1: The Importance of DNS Security.
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
DNS Security A.Lioy, F.Maino, M. Marian, D.Mazzocchi Computer and Network Security Group Politecnico di Torino (Italy) presented by: Marius Marian.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Attacks and Malicious Code Chapter 3. Learning Objectives Explain denial-of-service (DoS) attacks Explain and discuss ping-of-death attacks Identify major.
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.
Lecture 15 Denial of Service Attacks
Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete server protection –Spam Blocking (95+ percent) Extremely.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Quiz Review.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Attacks and Malicious Code Chapter 3. Learning Objectives Explain denial-of-service (DoS) attacks Explain and discuss ping-of-death attacks Identify major.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.
October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.
Chapter 3.  Help you understand different types of servers commonly found on a network including: ◦ File Server ◦ Application Server ◦ Mail Server ◦
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Hosted Security: Complete Protection With A Peace Of Mind Leonard Sim Client Services Manager – South Asia Symantec Hosted Services 1.
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
Michael McDonnell GIAC Certified Intrusion Analyst Creative Commons License: You are free to share and remix but you must provide.
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
Security at NCAR David Mitchell February 20th, 2007.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Peer to Peer Networks November 28, 2007 Jenni Aaker David Mize.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
DNS Hijack Demonstration (Diverting User Application via DNS) Giovanni Marzot, Ólafur Guðmundsson,
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.
DNS Session 5 Additional Topics Joe Abley AfNOG 2006, Nairobi, Kenya.
Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.
Security fundamentals Topic 9 Securing internet messaging.
Secure  Message interception (confidentiality)  Message interception (blocked delivery)  Message interception and subsequent replay  Message.
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
Lesson 20. E-commerce Software Intershop Enfinity WebSphere Commerce Professional Edition Microsoft Commerce Server 2002.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 6 Firewall Design Strategies.
DNS Cache Poisoning (pretending to be the authoritative zone) ns.example.co m Webserver ( ) DNS Caching Server Client I want to access
MIS323 – Business Telecommunications Chapter 10 Security.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
E-Commerce & Bank Security By: Mark Reed COSC 480.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
© 2013 Infoblox Inc. All Rights Reserved. Paul UKNOF 26 – 13 Sep 2013, London Paul Ebersman.
TMG Client Protection 6NPS – Session 7.
DNS Security Issues SeongHo Cho DPNM Lab., POSTECH
Chapter 17 Risks, Security and Disaster Recovery
DNS Session 5 Additional Topics
Implementing Client Security on Windows 2000 and Windows XP Level 150
Wireless Spoofing Attacks on Mobile Devices
Presentation transcript:

DUKE UNIVERSITY DNSSEC 101 Kevin Miller

DUKE UNIVERSITY DNS Underpins Everything Web Enterprise Systems VoIP IM CMS

DUKE UNIVERSITY DNS Underpins Everything Web Enterprise Systems VoIP IM CMS Inbound Volume Received Spam, virus filtering using DNS Received Spam, virus filtering using DNS 10+ DNS Queries Per Message 10+ DNS Queries Per Message

DUKE UNIVERSITY Risks from DNS Attacks Impersonate your web site Redirect your phone calls Man-in-the-middle (password theft) Reroute or block your Disrupt your network, application services Attack vectors for malware (data theft) Denial of service Diagram source: Internet Storm Center

DUKE UNIVERSITY DNS Attack: Cache Poisoning Where is website.com? Answer: Also, – Answer: Also, –

DUKE UNIVERSITY DNS Attack: Forgery Where is educause.edu? Answer: Answer:

DUKE UNIVERSITY DNS Attack: Indirection Where is educause.edu? Answer:

DUKE UNIVERSITY DNS Attack: Amplification 60 byte request 4000 byte response 4000 byte response

DUKE UNIVERSITY Software Defects Buffer overflow Other vectors Buffer overflow Other vectors

DUKE UNIVERSITY Risk Reduction To Date Improving weaknesses in DNS software – Patching software defects – Limiting cache poisoning opportunities Improve operational best practices – Restrict access to DNS recursers – Install anti-IP spoofing filters Improve host security – Anti-virus, anti-malware defenses Photo source: BCP38

DUKE UNIVERSITY DNSSEC Cryptographically sign DNS records – Also the absence of records Maintains DNS architecture – Hierarchical, distributed signatures Significant risk reduction, if used widely – Protects you ( – Protects your users (

DUKE UNIVERSITY What Can Be Done Now? Discover local implications – How do you manage DNS? What tools are used? – What impact would DNSSEC have? – Do your vendors support it? – Can you servers handle DNSSEC overhead? Begin building expertise, experience – Sign a test zone – Deploy a test DNSSEC recurser Deployment – Sign your zones – Utilize DNSSEC-enabled recurser with DLV

DUKE UNIVERSITY Additional Resources wars.pdf 53wars.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.