Date post: | 30-May-2015 |
Category: |
Technology |
Upload: | segughana |
View: | 320 times |
Download: | 2 times |
Global DNS���CERT
Business case for collabora/on in security
Background
• Growing risks to DNS security and resiliency – Emergence of Conficker. – Growing number of domain hijacking cases
• Community calls for systemic DNS security planning and response
• ICANN commitments under Affirma/on of Commitments
• Ini/a/ves called for in ICANN 2010-‐2013 Strategic Plan
Objectives of threats to DNS
• Politically-motivated disruption of DNS • Desire for financial gain • Demonstration of technical superiority • Gratuitous defacement or damage
Source: 2009 Information Technology Sector Baseline Risk Assessment, US Dept of Homeland Security
Potential impacts
• Long lasting damage to “Trust” in system • Significant and lasting economic harm • Is the Internet as we know it at Risk from
malicious behavior?
Lessons learned
• Conficker (’08- ) – DNS played a role in slowing Conficker – Complex interactions with DNS community – Resource-intensive response activity���
• Conficker WG noted need for a dedicated incident response capability
Lessons learned
• Protocol vulnerability (’08) – Fast response, but – Predicated on ability to ���
find “key people”
• A coordination center would have improved situational awareness
Diagram of cache poisoning attack
Lessons learned
• Avalanche (’08- ) – Targets financial sector – Exploits the limited���
resources of registrars – Trend continues upward
• Complex coordination requires dedicated team
hLp://www.icann.org/en/topics/ssr/dns-‐cert-‐business-‐case-‐10feb10-‐
en.pdf
Maybe a DNS-CERT?
Mission of DNS CERT
“Ensure DNS operators and suppor/ng organiza/ons have a security coordina-‐/on center with sufficient exper/se and resources to enable !mely and efficient response to threats to the security, stability and resiliency of the DNS”
Goals
• Validate need for standing collaborative response capability to address systemic threats/risks – Full-time/global; coordinate existing capabilities; serve
all stakeholders especially less resourced operators
• Operational focus determined in engagement with stakeholders and leveraging existing efforts – Fostering situational awareness; incident response
assistance/coordination;
Stakeholders by role
Participation and feedback
• DNS CERT must respond to constituency needs
• Participation by key constituents – Adds capability to CERT – Extends its geographic reach – Helps keep focus on constituency needs
Open questions include:
• Where should it be housed? • What is best model? • How should it be funded? • Etc. etc.
Way Forward
• This is a “proposal” we need feedback! • Seek community feedback – Email [email protected] with comments