DSSA-WG Progress Update Dakar – October 2011. Charter: Background At their meetings during the ICANN Brussels meeting the At-Large Advisory Committee.

Slides:

Advertisements

Similar presentations

IDN TLD Variants Implementation Guideline draft-yao-dnsop-idntld-implementation-01.txt Yao Jiankang.

Advertisements

CcTLD Agreement Update ICANN Public Forum Melbourne, Australia 12 March, 2001 Andrew McLaughlin ICANN Policy Guy.

ICANN Security and Stability Advisory Committee ICANN Meetings Shanghai October 30, 2002.

Whois Task Force GNSO Public Forum Wellington March 28, 2006.

Internationalizing WHOIS Preliminary Approaches for Discussion Internationalized Registration Data Working Group ICANN Meeting, Brussels, Belgium Jeremy.

ICANN Plan for Enhancing Internet Security, Stability and Resiliency.

DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.

DNS Security and Stability Analysis Working Group (DSSA)

DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.

Update on ccTLD Agreements Montevideo 9 September, 2001 Andrew McLaughlin.

DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input 2.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Internationalized Domain Names Status Report Prepared for: ICANN Meeting, Lisbon 29 March, 2007 Tina Dam IDN Program Director ICANN

ICANN/ccTLD Agreements: Why and How Andrew McLaughlin Monday, January 21, 2002 TWNIC.

Joint SSR-RT/DSSA meeting DSSA Progress Update Dakar – October 2011.

Glen de Saint Géry ICANN GNSO Secretariat for Theresa Swinehart Counsel for International Legal Affairs Domain Day Milan.

ICANN Ben Postman. General Information Structure of ICANN What ICANN does Conflicts Regarding ICANN Alternatives/Modifications.

Predisposing Conditions Security Controls Vulnerabilities A Non- Adversarial Threat Source (with a range of effects) In the context of… (with varying pervasiveness)

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

ICANN and the Internet Ecosystem. 2  A network of interactions among organisms, and between organisms and their environment.  The Internet is an ecosystem.

CcTLD-ICANN Agreement GCC Regional Meeting Dubai, UAE 17 June, 2001 Andrew McLaughlin ICANN.

2011 – 2014 ICANN Strategic Plan Development Stakeholder Review 4 November 2010.

Revised Draft Strategic Plan 4 December 2010.

2012 – 2015 ICANN Strategic Plan Development 6 October 2011.

1 The Impact of IPv6 on Society ～ a Government Perspective ～ Kaori ITO Ministry of Public Management, Home Affairs, Posts and Telecommunications ( MPHPT)

Update report on GNSO- requested Whois studies Liz Gasster Senior Policy Counselor 7–12 March 2010.

PDP Improvements Update & Discussion. | 2 Background  Ten proposed improvements aimed to streamline and enhance the GNSO PDP Ten proposed improvements.

Review, Redress, Empowerment CCWG-ACCT. Mission In accordance with Bylaws, coordinate the global Internet’s systems of unique identifiers by: – Coordinating.

Consumer Trust, Consumer Choice & Competition Presenter: Steve DelBianco Chair: Rosemary Sinclair.

DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input.

CcTLD/ICANN Contract for Services (Draft Agreements) A Comparison.

CcNSO Update for APTLD New Delhi February 2012 Keith Davidson, ccNSO Councillor.

CRISP Requirements Discussion draft-ietf-crisp-requirements-02.txt Andrew Newton 55 th IETF, November 19, 2002 Atlanta, GA.

ICANN COMMUNITY STRATEGIC PLANNING DISCUSSION Brussels, June

Update from ICANN staff on SSR Activities Greg Rattray Tuesday 21 st 2010.

1 ICANN update Save Vocea APSTAR retreat, Taipei, TW 24 February 2008.

Organizations, Institutions, the Domain Name and addressing system, Internet Governance… D-day 2005 Milan, Italy 24 November 2005 Theresa Swinehart GM,

JIG (Joint ccNSO-GNSO IDN Group) Update APTLD | New Delhi Feb 23, 2012.

Multistakeholder Policy- & Decision-making

ccTLD IDN Report ccTLD Meeting, Montreol June 24, 2003 Young-Eum

DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input 2.

DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input 2.

ICANN Root Name Server System Advisory Committee March 2, 1999 SUNTEC Convention Center Singapore.

.LV today and tomorrow Katrīna Sataki, NIC.LV Riga, 19 April 2013.

Working Group #4: Network Security Best Practices September 12, 2012 Presenter: Rod Rasmussen, Internet Identity WG #4 Co-Chair.

1 ICANN... update Pablo Hinojosa Manager, Regional Relations Global and Strategic Partnerships 2007 Caribbean Internet Forum St. Lucia, 5 November 2007.

1 1 The GNSO Role in Internet Governance Presented by: Chuck Gomes Date: 13 May 2010.

Conficker Update John Crain. What is Conficker? An Internet worm  Malicious code that is self-replicating and distributed over a network A blended threat.

DSSA-WG Progress Update Singapore – June Charter: Background At their meetings during the ICANN Brussels meeting the At-Large Advisory Committee.

Security, Stability & Resiliency of the DNS Review Team Wednesday, 8 December 2010.

IDN UPDATE Tina Dam ICANN Chief gTLD Registry Liaison Public Forum, Wellington 30 March 2006.

ICANN Regional Outreach Meeting, Dubai 1–3 April Toward a Global Internet Paul Twomey President and CEO 1 April 2008 ICANN Regional Meeting 1–3.

PDP on Next-Generation ‭gTLD‬ Registration Directory Services to Replace ‭WHOIS‬ - Update Marika Konings – ICANN-54 – 17 October, 2015.

Fostering Multi-Stakeholder Internet Governance Models in the Region Bill Graham, Director, ICANN Board.

DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input.

Update on Consumer Choice, Competition and Innovation (CCI) WG Rosemary Sinclair.

Text #ICANN49 Joint ccNSO-GNSO IDN Working Group (JIG) Update.

GNSO IDN work Dr Bruce Tonkin Chair, GNSO Council IDN Workshop Marrakech, June 25, 2006.

Domain Day ICANN and Reform Tuesday, 5 November 2002 Milan, Italy Theresa Swinehart, Counsel for International Legal Affairs, ICANN.

IANA Stewardship Transition & Enhancing ICANN Accountability Panel and Audience discussion | WSIS Forum | 5 May 2016.

Introduction to the Regional Internet Registries (RIRs)

1 27Apr08 Some thoughts on Internet Governance and expansion of the Domain Name space Paul Twomey President and CEO 9 August 2008 Panel on Internet Governance.

ICANN Multi-Stakeholder Model

Registration Abuse Policies WG

AfICTA CEO Roundtable 2015 ICANN & Business

Cross Community Working Group

ICANN’s Policy Development Activities

Partnership of Governments, Businesses and Civil Society: the ICANN example in coordinating resources and policy making Dr. Olivier MJ Crépin-Leblond

ICANN62 GAC Capacity Building

An Introduction by Dr. Olivier MJ Crépin-Leblond EURALO Chair

Presentation transcript:

DSSA-WG Progress Update Dakar – October 2011

Charter: Background At their meetings during the ICANN Brussels meeting the At-Large Advisory Committee (ALAC), the Country Code Names Supporting Organization (ccNSO), the Generic Names Supporting Organization (GNSO), the Governmental Advisory Committee (GAC), and the Number Resource Organization (NROs) acknowledged the need for a better understanding of the security and stability of the global domain name system (DNS). This is considered to be of common interest to the participating Supporting Organisations (SOs), Advisory Committees (ACs) and others, and should be preferably undertaken in a collaborative effort.

Goals for today Update you on our progress Raise awareness Solicit your input

Approach and status Launch Analyze Threats & Vulnerabilities Analyze Threats & Vulnerabilities Report Identify Threats & Vulnerabilities We are here – about 70% complete with this phase of the work

Activity since Singapore Identify Threats The working group has: – Developed lists of vulnerabilities and threats (with definitions) – Made preliminary choices about which threats are in/out of scope for analysis – Developed preliminary criteria and mechanisms for segregating sensitive information Remaining work in this phase – Solicit additional lists/definitions from other experts and interested parties – Arrive at a final (prioritized) list of threats and vulnerabilities

Brainstorming and refining “I'm sorry this letter is so long, I didn't have time to make it shorter.” ― George Bernard Shaw, Pascal, Goethe, Wilde, Cicero, DSSA

Scope From our charter, “the working group should focus on "The actual level, frequency and severity of threats to the DNS.... The DSSA‐WG should limit its activities to considering issues at the root and top level domains within the framework of ICANN’s coordinating role in managing Internet naming and numbering resources as stated in its Mission and in its Bylaws.” The WG refined this to add “we are not to look at every threat having to do with, or taking place via, the DNS, or that impacts some party using the DNS. We are concerned with “the” DNS, i.e. threats to the system itself, and relevant to ICANN’s role.”

Threats to underlying infrastructure (Draft – for discussion only) In scope – System failure (e.g. hardware/software failures, etc.) – Governmental interventions (e.g. seizure, blocking, etc.) – Physical events (e.g. natural disasters, etc.) – Fragmentation of the root (e.g. alternate roots, root scaling, etc.) Under discussion (your thoughts?) – Business failure Out of scope – Depletion of IPv4 address pool – Rationale: The concerns (routing table growth and route fragmentation) will happen anyway The DNS is not a heavy consumer of IP addresses, thus depletion is unlikely to have a significant impact

Threats – direct attacks (Draft – for discussion only) In scope – DDOS – distributed denial of service – Packet interception – Recursive vs authoritative nameserver attacks (e.g. using vulnerable recursive DNS servers as reflectors to attack TLD DNS servers) – Data poisoning attacks Under discussion (your thoughts?) – IDN attacks (lookalike characters for standard exploitation techniques – awaiting results of the Variants project) – Malicious or unintentional alteration of DNS configuration information Out of scope – Footprinting – Authenticated denial of domain name – Malicious or unintentional alteration of contact information – Rationale: These are behaviors or, in some cases, threat vectors These are focused/limited threats, not likely to cause widespread instability

Threats – indirect attacks (Draft – for discussion only) In scope – server-hopping under IPv6 (causing collateral damage due to load) Out of scope – Registration abuse – front-running – Registration abuse – cybersquatting – Registration directory service abuse – harvesting registration data for spam – Registration directory service abuse – harvesting personal contact information from domain name registration records – Rationale: These are problems at the 2 nd level, not a threat to the DNS In some instances these are policy issues that do not threaten the DNS In some cases the IETF is discussing the issue and we will monitor that discussion (harvesting registration data for spam)

Vulnerabilities (Draft – for discussion only) Operational issues – Infrastructure vulnerabilities (e.g. single point of failure, DNS software vulnerabilities, insufficient SLA’s etc.) – Business and technical process vulnerabilities (e.g. orphaned glue records, lock-outs, TLD redelegation, etc.) Registry failure and continuity Managerial choices/issues – Not following best practices (e.g. measures to detect/prevent unauthorized changes, etc.) – Gaps in continuity planning (e.g. responsibilities, actions, documentation, etc.) – Inadequate funding/resources (for infrastructure, training, staff, etc.) – Lack of visibility/understanding by decision-makers

Questions? This “scoping” work is well along, but not complete. We are interested in your thoughts