Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNSSEC Practices Statement Module 2 CaribNOG 3 12 June 2012, Port of Spain, Trinidad

Published bySabina Singleton Modified over 8 years ago

Similar presentations

Presentation on theme: "DNSSEC Practices Statement Module 2 CaribNOG 3 12 June 2012, Port of Spain, Trinidad"— Presentation transcript:

1 DNSSEC Practices Statement Module 2 CaribNOG 3 12 June 2012, Port of Spain, Trinidad richard.lamb@icann.org

2 References DNSSEC Policy & Practice Statement Framework.SE DPS, Root DPS Credits: Fredrik Ljunggren fredrik@kirei.sefredrik@kirei.se Anne-Marie Eklund-Lowinder amel@iis.seamel@iis.se Tomofumi Okubotomofumi.okubo@icann.orgtomofumi.okubo@icann.org http://tools.ietf.org/html/draft-ietf-dnsop- dnssec-dps-framework-07 http://tools.ietf.org/html/draft-ietf-dnsop- dnssec-dps-framework-07

3 Sample DPS Introduction-Section 1 Publication and Repositories-Section 2 Operational Requirements-Section 3 Management, Operational and Physical Control- Section 4 Technical Security Controls-Section 5 Zone Signing-Section 6 Compliance Audit-Section 7 Legal Matters-Section 8

4 Introduction Describes document and DNSSEC (1.1 – 1.2) – Version control (1.2) Defines roles and responsibilities – Registry (1.3.1) – Registrars (1.3.1) – Registrants (1.3.2 and 1.3.4) – Relying party (1.3.3) Other (1.4)

5 Publication and Repositories Identifies where DPS and KSK are published (2.1 and 2.2) Other (2.3)

6 Operational Requirements Define domain names (3.1) Child zone – DS record requirements (3.2, 3.4) Proof of private key possession (3.5) Removal (3.6) – Manager identification (3.3)

7 Management, Operational and Physical Control Physical Controls – Access Controls – Facilities Site location and construction (4.1.1) Physical access (4.1.2) Environmental concerns (4.1.3 – 4.1.8) Operational and Management Controls – Procedural controls Trusted roles (4.2.1 and 4.2.3) Separation of duties (4.2.2 and 4.2.4) – Personnel controls (4.3)

8 Management, Operational and Physical Control Operational and Management Controls – Audit logging procedures (4.4) – Compromise and disaster recovery Incident management (4.5.1 – 4.5.3) Contingency plan (4.5.4 – 4.5.5)

9 Technical Security Controls Key management – Key pair generation and installation (5.1) – Private key protection and cryptographic modules and engineering controls (5.2) – Other aspects (5.3 and 5.4) Security controls – Computer (5.5) – Network (5.6) – Timestamp (5.7) Lifecycle technical controls (5.8)

10 Zone Signing Key lengths and algorithms (6.1 – 6.3) Key rollover, timing (6.4 – 6.6) Other (6.7 – 6.9)

11 Compliance Audit Frequency of audit (7.1) Auditor choice issues (7.2 – 7.3) Other (7.4 – 7.6)

12 Legal Matters Fees (8.1) Privacy (8.2) Limitation of liability (8.3) Other (8.4)

13 Demo DPS

Download ppt "DNSSEC Practices Statement Module 2 CaribNOG 3 12 June 2012, Port of Spain, Trinidad"

Similar presentations

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
All Rights Reserved, Duke Medicine 2007 IT Security Presented by: Trisha Craig and Don Elsner Principal Auditors – IT Audit Duke University 1.

All Rights Reserved, Duke Medicine 2007 IT Security Presented by: Trisha Craig and Don Elsner Principal Auditors – IT Audit Duke University 1.
Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.

Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.
Securing the Government’s DNS Infrastructure with DNSSEC

Securing the Government’s DNS Infrastructure with DNSSEC
DNSSEC Sample Implementation MENOG 10 Workshop 22 April 2012, Dubai

DNSSEC Sample Implementation MENOG 10 Workshop 22 April 2012, Dubai
David L. Wasley Office of the President University of California A PKI Certificate Policy for Higher Education A Work in Progress Draft 0.010 David L.

David L. Wasley Office of the President University of California A PKI Certificate Policy for Higher Education A Work in Progress Draft David L.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,

Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,
Security Controls – What Works

Security Controls – What Works
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
Environmental Management Systems Refresher

Environmental Management Systems Refresher
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
© Copyright 2003, Binomial International Inc. Phoenix Business Continuity and Disaster Recovery Planning Software Recovery Planning Software Tools Recovery.

© Copyright 2003, Binomial International Inc. Phoenix Business Continuity and Disaster Recovery Planning Software Recovery Planning Software Tools Recovery.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

Similar presentations

Ads by Google