+ All Categories
Home > Documents > Top Level Domain Security Checklist · Focus of Presentation • This presentation is focusing on...

Top Level Domain Security Checklist · Focus of Presentation • This presentation is focusing on...

Date post: 20-May-2020
Category:

Documents
Upload: others
View: 4 times
Download: 0 times
Download Report this document
Share this document with a friend
12
CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 The CERT Coordination Center is part of the Software Engineering Institute. The Software Engineering Institute is sponsored by the U.S. Department of Defense. © 2001 by Carnegie Mellon University some images copyright www.arttoday.com and www.clipartcity.com Top Level Domain Security Checklist Presented by Martin Lindner
Transcript
Page 1: Top Level Domain Security Checklist · Focus of Presentation • This presentation is focusing on proper configuration and deployment of TLD name servers. • This presentation does

CERT® Coordination CenterSoftware Engineering InstituteCarnegie Mellon UniversityPittsburgh, PA 15213-3890The CERT Coordination Center is part of the Software EngineeringInstitute. The Software Engineering Institute is sponsored by theU.S. Department of Defense.© 2001 by Carnegie Mellon Universitysome images copyright www.arttoday.com and www.clipartcity.com

Top Level Domain Security ChecklistPresented by Martin Lindner

Page 2: Top Level Domain Security Checklist · Focus of Presentation • This presentation is focusing on proper configuration and deployment of TLD name servers. • This presentation does

© 2001 by Carnegie Mellon University 2

Focus of Presentation

• This presentation is focusing on proper configuration and deployment of TLD name servers.

• This presentation does not address physical security, hardening of operating systems or data integrity between registrars and registries.

Page 3: Top Level Domain Security Checklist · Focus of Presentation • This presentation is focusing on proper configuration and deployment of TLD name servers. • This presentation does

© 2001 by Carnegie Mellon University 3

Security Checklist for Top Level Domains

üSoftware version

üRecursion

üSOA records

üConsistent NS records

üAuthoritative answers

üRestricted zone transfers

üName servers on multiple networks

Page 4: Top Level Domain Security Checklist · Focus of Presentation • This presentation is focusing on proper configuration and deployment of TLD name servers. • This presentation does

© 2001 by Carnegie Mellon University 4

Software version

üDoes the name server software have known vulnerabilities?

ü Is someone monitoring for new threats and vulnerabilities?• CERT/CC Advisories• Vendor Advisories• Public news groups and mailing lists

Page 5: Top Level Domain Security Checklist · Focus of Presentation • This presentation is focusing on proper configuration and deployment of TLD name servers. • This presentation does

© 2001 by Carnegie Mellon University 5

Recursion

üDo the name servers use recursion?• Recursion leaves name servers vulnerable to

cache poisoning.

Page 6: Top Level Domain Security Checklist · Focus of Presentation • This presentation is focusing on proper configuration and deployment of TLD name servers. • This presentation does

© 2001 by Carnegie Mellon University 6

SOA records

üDo the name servers have a Start of Authority (SOA) record for the TLD?

Page 7: Top Level Domain Security Checklist · Focus of Presentation • This presentation is focusing on proper configuration and deployment of TLD name servers. • This presentation does

© 2001 by Carnegie Mellon University 7

Consistence NS records

üDo all the name servers listed in the root answer authoritative for the TLD?• Lame Delegations

üDo the name servers’ NS records match the NS records offered by the root?

Page 8: Top Level Domain Security Checklist · Focus of Presentation • This presentation is focusing on proper configuration and deployment of TLD name servers. • This presentation does

© 2001 by Carnegie Mellon University 8

Authoritative answers

üDo the name servers give authoritative answers?

Page 9: Top Level Domain Security Checklist · Focus of Presentation • This presentation is focusing on proper configuration and deployment of TLD name servers. • This presentation does

© 2001 by Carnegie Mellon University 9

Restricted Zone Transfers

üDo the name servers restrict zone transfers to authorized parties?

Page 10: Top Level Domain Security Checklist · Focus of Presentation • This presentation is focusing on proper configuration and deployment of TLD name servers. • This presentation does

© 2001 by Carnegie Mellon University 10

DNS on multiple networks

üAre name servers distributed across multiple networks?• Different networks

• Multiple upstream providers

Page 11: Top Level Domain Security Checklist · Focus of Presentation • This presentation is focusing on proper configuration and deployment of TLD name servers. • This presentation does

© 2001 by Carnegie Mellon University 11

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

One or more servers non-compliant Unknown status All servers compliant

Software Version - 27

Recursion Disabled - 47

Restricted Zone Transfers - 97

Consistent NS Records - 106

Authoritative Answers - 171

Name Servers on multiple networks - 242

SOA Records - 183

50

12

71

83

148

157

207

177

Page 12: Top Level Domain Security Checklist · Focus of Presentation • This presentation is focusing on proper configuration and deployment of TLD name servers. • This presentation does

© 2001 by Carnegie Mellon University 12

CERT® Contact Information

CERT Coordination CenterSoftware Engineering InstituteCarnegie Mellon University4500 Fifth AvenuePittsburgh PA 15213-3890USA

Hotline: +1 412 268 7090 CERT personnel answer 8:00 a.m. —5:00 p.m. EST(GMT-5) / EDT(GMT-4),and are on call for emergenciesduring other hours.

Fax: +1 412 268 6989

Web: http://www.cert.org/

Email: [email protected]


Recommended
What is a TLD?

What is a TLD?

Marketing

IDN Program Update - ICANN Public Meetings · | 5 Overview of Presentation IDNs at Top Level o IDN TLD Program • Label Generation Rules (LGR) • LGR Toolset • IDN Variant TLD

IDN Program Update - ICANN Public Meetings · | 5 Overview of Presentation IDNs at Top Level o IDN TLD Program • Label Generation Rules (LGR) • LGR Toolset • IDN Variant TLD

Documents

Use of TLD at CERN

Use of TLD at CERN

Documents

Tld Full Form In Radiology

Tld Full Form In Radiology

Documents

Fast Flux Service Networks• El DNS es una base de datos distribuída Raíz DNS Top Level Domain (TLD) Top Level Domain (TLD) Top Level Domain (TLD) Top Level Domain (TLD) Domino

Fast Flux Service Networks• El DNS es una base de datos distribuída Raíz DNS Top Level Domain (TLD) Top Level Domain (TLD) Top Level Domain (TLD) Top Level Domain (TLD) Domino

Documents

TLD CONCEPT STORE CASUAL & ACCESSORIES

TLD CONCEPT STORE CASUAL & ACCESSORIES

Documents

Brand TLD Designation Application - dabur

Brand TLD Designation Application - dabur

Documents

ORS Root TLD Evaluation ※ ORS : OID Resolution System ※ TLD : Top Level Domain

ORS Root TLD Evaluation ※ ORS : OID Resolution System ※ TLD : Top Level Domain

Documents

Tld ppt version2012

Tld ppt version2012

Technology

Focusing Lighting Instruments THE107. Focusing Lights This presentation will walk you through the basic steps of focusing a theatrical lighting instrument.

Focusing Lighting Instruments THE107. Focusing Lights This presentation will walk you through the basic steps of focusing a theatrical lighting instrument.

Documents

[Delmonte] TLD Order

[Delmonte] TLD Order

Documents

Casques TLD 2013

Casques TLD 2013

Documents

TLD MOTOCROSS CATALOG

TLD MOTOCROSS CATALOG

Documents

Saturn TLD Ring - Landauer · The Saturn Thermoluminescent Dosimetry (TLD) Ring measures exposure due to x, beta, and gamma radiation with thermoluminescent technology. The TLD is

Saturn TLD Ring - Landauer · The Saturn Thermoluminescent Dosimetry (TLD) Ring measures exposure due to x, beta, and gamma radiation with thermoluminescent technology. The TLD is

Documents

Verisign DNSSEC Practice Statement for TLD/GTLD Zone · The TLD/GTLD Zone Key Signing Key Operator is Verisign performing the function of generating the TLD/GTLD Zone's Key Signing

Verisign DNSSEC Practice Statement for TLD/GTLD Zone · The TLD/GTLD Zone Key Signing Key Operator is Verisign performing the function of generating the TLD/GTLD Zone's Key Signing

Documents

 · 2020-05-01 · BSD-150 TLD-160 TLD-200 TLD-240 TLD-320 TLD-400 Output Power / Watt 50 60 75 96 96 120 120 150 200 ... *Contact sales for non-programmable models . ... Delta and

 · 2020-05-01 · BSD-150 TLD-160 TLD-200 TLD-240 TLD-320 TLD-400 Output Power / Watt 50 60 75 96 96 120 120 150 200 ... *Contact sales for non-programmable models . ... Delta and

Documents

.Brand TLD Designation Application

.Brand TLD Designation Application

Documents

NCRP Review of NASA Space Radiation Operations€¦ · 06/12/1999 · TLD-Methods. Method/Technique Material. TLD-100,600,700 TLD-300 Annealing 400 °C for 1 hr followed by slow cool

NCRP Review of NASA Space Radiation Operations€¦ · 06/12/1999 · TLD-Methods. Method/Technique Material. TLD-100,600,700 TLD-300 Annealing 400 °C for 1 hr followed by slow cool

Documents