ICANN 51: DNS Risk Framework

ICANN
ICANNICANN
Text 
DNS Risk Framework 
Update 
#ICANN51 
14 October 2014 
John Crain & Jacks Khawaja 
Chief SSR Officer; Enterprise Risk Director
Agenda 
Text 
• History 
• Moving Forward 
#ICANN51
Text 
History 
#ICANN51
Defined Resiliency Model 
Text 
ASSETS
Text
23 Risks Defined 
Text
Text 
Moving Forward 
#ICANN51
Numbers 
Text 
• Examining Risk 
o Typically, step 1 = identify assets 
o Impractical to identify all individual elements of DNS 
• Our Approach 
Categorize assets by sphere of influence 
#ICANN51
WTexth ere can ICANN: 
Implement 
Directly Influence 
Indirectly Influence 
?
Text 
Assets directly controlled by ICANN 
• Assets that ICANN directly manages or contracts 
to third parties (Example: XXX, XXX) 
• ICANN’s own corporate infrastructure 
• External-facing services such as websites and 
request management systems 
• DNS infrastructure of L.root-servers.net 
• Others? 
#ICANN51
Text 
Assets directly influenced by ICANN 
• Assets that ICANN can influence through 
contractual agreements (Example: Service Level 
Agreements, etc.) 
• Registries or registrars are guided by contracts that 
include Service Level Agreements 
• It is their remit as the asset owners to decide how 
they meet those SLAs and how to implement 
mitigation of their risks 
#ICANN51
Text 
• The Internet is a “network of networks” and each 
operator of a network or service is ultimately 
responsible for their own risk management 
• ICANN and the community can indirectly influence 
these through outreach and awareness efforts 
• ISOC’s Deploy360 is an excellent example of this 
#ICANN51 
Assets outside ICANN’s realm
Text 
SSR-001 DDOS (Example) 
#ICANN51
SSR001 Description (abridged) 
Text 
• User or organization deprived of service(s) or 
resource(s) they would normally have 
• Distributed denial-of-service (DDoS) attack: 
o Multitude of systems (compromised or otherwise) are 
used to attack a single target 
o Flood of incoming messages to the target system 
essentially forces it to shut down. This can take two forms: 
§ Resource Depletion 
§ Resource Disruption 
#ICANN51
What is the Risk? 
Text 
• This risk discusses the probability that parts of the 
DNS could be disabled for a sustained period 
• To ascertain the likelihood or the effect of such an 
attack, it’s important to first define the assets that 
are affected. This is also critical to understanding 
who owns the risk and who is able to best mitigate 
such risks 
#ICANN51
Look at DNS Assets from Both Sides 
Text 
• Publish the data on the authoritative servers (root 
servers, TLD servers, and registrants servers) 
• Query the data on the recursive servers (ISP’s, 
corporations, and DNS service providers) 
#ICANN51
Text 
Assets directly controlled by ICANN 
Authoritative 
• ICANN: 
o Operates L.root-servers.netICANN runs some infrastructure for TLDs (ARPA, int.) 
o Runs its own network DNS infrastructure 
Recursive 
• ICANN runs its own recursive servers for staff 
• Risks to these are covered in ICANN’s ERM 
#ICANN51
Text 
Assets directly influenced by ICANN 
Authoritative 
• ICANN has an advisory committee (RSSAC) that 
provides Service Level Recommendations for root 
servers 
• (Upcoming RSSAC002) 
• ICANN has contracts in place with many, but not all 
TLDs. Those contracts contain SLAs 
Recursive 
• ?? 
#ICANN51
Text 
Authoritative 
• Registrants’ DNS services 
Recursive 
• ISPs, corporations, homes and DNS service providers 
• Should the community work together to influence these? 
• We have SSAC and RSSAC that provide advice 
#ICANN51 
Assets outside ICANN’s realm
Can We Tackle the Root Causes? 
Text 
There are many efforts underway to reduce the 
severity of DDoS attacks 
o Source Address Validation (BCP38) 
o Open Resolver project 
o Botnet dismantling 
o Others 
Should ICANN staff and community 
members play a more active role? 
#ICANN51
Going Forward 
Text 
• For each of the 23 risks, we will: 
o Document assets 
o Identify existing mitigation strategies that are in place 
o Suggest areas where new or improved mitigation plans 
may be considered 
• How do we involve community expertise? 
o Dedicated workshops? 
o Working Groups? 
o Other suggestions? 
#ICANN51
GDD + Related Sessions 
Text 
Wednesday, 15 October 
o GDD Service Delivery, Customer Service & 
#ICANN51 
Service Level Agreements 
o Universal Acceptance 
Thursday, 16 October 
o DNSSEC Key Rollover Workshop 
o Thick WHOIS Implementation (Working 
Session) 
o Deploying the IETF’s WHOIS Replacement
Text Engage with ICANN on Web & Social Media 
twitter.com/icann 
facebook.com/icannorg 
linkedin.com/company/icann 
gplus.to/icann 
weibo.com/icannorg 
flickr.com/photos/icann 
youtube.com/user/ICANNnews icann.org
1 de 23

Recomendados

What is ICANN? (Russian) por
What is ICANN? (Russian)What is ICANN? (Russian)
What is ICANN? (Russian)ICANN
676 visualizações9 slides
Guide to dark web por
Guide to dark webGuide to dark web
Guide to dark webJspider - Noida
711 visualizações11 slides
E-COMMERCE: The Dark Web por
E-COMMERCE: The Dark Web E-COMMERCE: The Dark Web
E-COMMERCE: The Dark Web rardthebeast
632 visualizações5 slides
I2P (Invisible Internet Project) por
I2P (Invisible Internet Project)I2P (Invisible Internet Project)
I2P (Invisible Internet Project)Shail Shah
1.5K visualizações16 slides
Making domain name and IP address policy at ICANN por
Making domain name and IP address policy at ICANNMaking domain name and IP address policy at ICANN
Making domain name and IP address policy at ICANNStephane Van Gelder
2K visualizações48 slides
The Dark Side of Content Marketing por
The Dark Side of Content MarketingThe Dark Side of Content Marketing
The Dark Side of Content MarketingScripted.com
1.5K visualizações51 slides

Mais conteúdo relacionado

Destaque

Dark web by Claudine Impas por
Dark web by Claudine ImpasDark web by Claudine Impas
Dark web by Claudine ImpasClaudine Impas
768 visualizações6 slides
How Much is My Information Worth on the Dark Web? por
How Much is My Information Worth on the Dark Web?How Much is My Information Worth on the Dark Web?
How Much is My Information Worth on the Dark Web?Mark Fisher
1.8K visualizações20 slides
The Dark Net por
The Dark NetThe Dark Net
The Dark NetPaige Rasid
2.6K visualizações10 slides
I2P and the Dark Web por
I2P and the Dark WebI2P and the Dark Web
I2P and the Dark WebJohn Liu
1.4K visualizações33 slides
The Dark side of the Web por
The Dark side of the WebThe Dark side of the Web
The Dark side of the WebPaula Ripoll Cacho
3.3K visualizações12 slides
The Dark Web por
The Dark WebThe Dark Web
The Dark WebConnor Willer
3.2K visualizações31 slides

Destaque(9)

Dark web by Claudine Impas por Claudine Impas
Dark web by Claudine ImpasDark web by Claudine Impas
Dark web by Claudine Impas
Claudine Impas768 visualizações
How Much is My Information Worth on the Dark Web? por Mark Fisher
How Much is My Information Worth on the Dark Web?How Much is My Information Worth on the Dark Web?
How Much is My Information Worth on the Dark Web?
Mark Fisher1.8K visualizações
The Dark Net por Paige Rasid
The Dark NetThe Dark Net
The Dark Net
Paige Rasid2.6K visualizações
I2P and the Dark Web por John Liu
I2P and the Dark WebI2P and the Dark Web
I2P and the Dark Web
John Liu1.4K visualizações
The Dark side of the Web por Paula Ripoll Cacho
The Dark side of the WebThe Dark side of the Web
The Dark side of the Web
Paula Ripoll Cacho3.3K visualizações
The Dark Web por Connor Willer
The Dark WebThe Dark Web
The Dark Web
Connor Willer3.2K visualizações
Dark web markets: from the silk road to alphabay, trends and developments por Andres Baravalle
Dark web markets: from the silk road to alphabay, trends and developmentsDark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developments
Andres Baravalle2.4K visualizações
The Dark web - Why the hidden part of the web is even more dangerous? por Pierluigi Paganini
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?
Pierluigi Paganini22.1K visualizações
Dark Web and Privacy por Brian Pichman
Dark Web and PrivacyDark Web and Privacy
Dark Web and Privacy
Brian Pichman4.1K visualizações

Similar a ICANN 51: DNS Risk Framework

ICANN 51: Name Collision por
ICANN 51: Name CollisionICANN 51: Name Collision
ICANN 51: Name CollisionICANN
1.2K visualizações36 slides
DNS Openness por
DNS OpennessDNS Openness
DNS OpennessAPNIC
2.1K visualizações41 slides
Name Collision Mitigation Update from ICANN 49 por
Name Collision Mitigation Update from ICANN 49Name Collision Mitigation Update from ICANN 49
Name Collision Mitigation Update from ICANN 49ICANN
1.6K visualizações26 slides
NANOG 84: DNS Openness por
NANOG 84: DNS OpennessNANOG 84: DNS Openness
NANOG 84: DNS OpennessAPNIC
397 visualizações60 slides
Introduction DNSSec por
Introduction DNSSecIntroduction DNSSec
Introduction DNSSecAFRINIC
353 visualizações70 slides
Biznet Gio Presentation - Database Security por
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityYusuf Hadiwinata Sutandar
1.1K visualizações28 slides

Similar a ICANN 51: DNS Risk Framework(20)

ICANN 51: Name Collision por ICANN
ICANN 51: Name CollisionICANN 51: Name Collision
ICANN 51: Name Collision
ICANN1.2K visualizações
DNS Openness por APNIC
DNS OpennessDNS Openness
DNS Openness
APNIC2.1K visualizações
Name Collision Mitigation Update from ICANN 49 por ICANN
Name Collision Mitigation Update from ICANN 49Name Collision Mitigation Update from ICANN 49
Name Collision Mitigation Update from ICANN 49
ICANN1.6K visualizações
NANOG 84: DNS Openness por APNIC
NANOG 84: DNS OpennessNANOG 84: DNS Openness
NANOG 84: DNS Openness
APNIC397 visualizações
Introduction DNSSec por AFRINIC
Introduction DNSSecIntroduction DNSSec
Introduction DNSSec
AFRINIC353 visualizações
Biznet Gio Presentation - Database Security por Yusuf Hadiwinata Sutandar
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database Security
Yusuf Hadiwinata Sutandar1.1K visualizações
ICANN Presentation - iWeek2017 por dotZADNA
ICANN Presentation - iWeek2017ICANN Presentation - iWeek2017
ICANN Presentation - iWeek2017
dotZADNA283 visualizações
Fundamentals por Prasenjit Saha
FundamentalsFundamentals
Fundamentals
Prasenjit Saha585 visualizações
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation por Scott Sutherland
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
Scott Sutherland606 visualizações
Monitoring for DNS Security por ThousandEyes
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS Security
ThousandEyes958 visualizações
Revisiting the Root por APNIC
Revisiting the RootRevisiting the Root
Revisiting the Root
APNIC78 visualizações
ICANN 51: Universal Acceptance por ICANN
ICANN 51: Universal AcceptanceICANN 51: Universal Acceptance
ICANN 51: Universal Acceptance
ICANN548 visualizações
Fundamentals por vamsi1986
FundamentalsFundamentals
Fundamentals
vamsi1986232 visualizações
What Is DNS ? por GTCSYS
What Is DNS ?What Is DNS ?
What Is DNS ?
GTCSYS2 visualizações
DNS Security WebTitan Web Filter - Stop Malware por Dryden Geary
DNS Security WebTitan Web Filter - Stop Malware DNS Security WebTitan Web Filter - Stop Malware
DNS Security WebTitan Web Filter - Stop Malware
Dryden Geary134 visualizações
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015] por APNIC
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
APNIC3.1K visualizações
Active Directory Fundamentals por Angie Miller
Active Directory FundamentalsActive Directory Fundamentals
Active Directory Fundamentals
Angie Miller4 visualizações
DNS Over HTTPS by Michael Casadevall por Glenn McKnight
DNS Over HTTPS by Michael CasadevallDNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael Casadevall
Glenn McKnight200 visualizações
Demystifying SharePoint Infrastructure – for NON-IT People por SPC Adriatics
 Demystifying SharePoint Infrastructure – for NON-IT People  Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People
SPC Adriatics576 visualizações

Mais de ICANN

Call for Volunteers: Accountability & Transparency Review Team_PT por
Call for Volunteers: Accountability & Transparency Review Team_PTCall for Volunteers: Accountability & Transparency Review Team_PT
Call for Volunteers: Accountability & Transparency Review Team_PTICANN
2.7K visualizações24 slides
Call for Volunteers: Accountability & Transparency Review Team_ZH por
Call for Volunteers: Accountability & Transparency Review Team_ZHCall for Volunteers: Accountability & Transparency Review Team_ZH
Call for Volunteers: Accountability & Transparency Review Team_ZHICANN
612 visualizações24 slides
Call for Volunteers: Accountability & Transparency Review Team_ES por
Call for Volunteers: Accountability & Transparency Review Team_ESCall for Volunteers: Accountability & Transparency Review Team_ES
Call for Volunteers: Accountability & Transparency Review Team_ESICANN
582 visualizações24 slides
Call for Volunteers: Accountability & Transparency Review Team_AR por
Call for Volunteers: Accountability & Transparency Review Team_ARCall for Volunteers: Accountability & Transparency Review Team_AR
Call for Volunteers: Accountability & Transparency Review Team_ARICANN
533 visualizações24 slides
Call for Volunteers: Accountability & Transparency Review Team_FR por
Call for Volunteers: Accountability & Transparency Review Team_FRCall for Volunteers: Accountability & Transparency Review Team_FR
Call for Volunteers: Accountability & Transparency Review Team_FRICANN
336 visualizações24 slides
Call for Volunteers: Accountability & Transparency Review Team_RU por
Call for Volunteers: Accountability & Transparency Review Team_RUCall for Volunteers: Accountability & Transparency Review Team_RU
Call for Volunteers: Accountability & Transparency Review Team_RUICANN
371 visualizações24 slides

Mais de ICANN(20)

Call for Volunteers: Accountability & Transparency Review Team_PT por ICANN
Call for Volunteers: Accountability & Transparency Review Team_PTCall for Volunteers: Accountability & Transparency Review Team_PT
Call for Volunteers: Accountability & Transparency Review Team_PT
ICANN2.7K visualizações
Call for Volunteers: Accountability & Transparency Review Team_ZH por ICANN
Call for Volunteers: Accountability & Transparency Review Team_ZHCall for Volunteers: Accountability & Transparency Review Team_ZH
Call for Volunteers: Accountability & Transparency Review Team_ZH
ICANN612 visualizações
Call for Volunteers: Accountability & Transparency Review Team_ES por ICANN
Call for Volunteers: Accountability & Transparency Review Team_ESCall for Volunteers: Accountability & Transparency Review Team_ES
Call for Volunteers: Accountability & Transparency Review Team_ES
ICANN582 visualizações
Call for Volunteers: Accountability & Transparency Review Team_AR por ICANN
Call for Volunteers: Accountability & Transparency Review Team_ARCall for Volunteers: Accountability & Transparency Review Team_AR
Call for Volunteers: Accountability & Transparency Review Team_AR
ICANN533 visualizações
Call for Volunteers: Accountability & Transparency Review Team_FR por ICANN
Call for Volunteers: Accountability & Transparency Review Team_FRCall for Volunteers: Accountability & Transparency Review Team_FR
Call for Volunteers: Accountability & Transparency Review Team_FR
ICANN336 visualizações
Call for Volunteers: Accountability & Transparency Review Team_RU por ICANN
Call for Volunteers: Accountability & Transparency Review Team_RUCall for Volunteers: Accountability & Transparency Review Team_RU
Call for Volunteers: Accountability & Transparency Review Team_RU
ICANN371 visualizações
Call for Volunteers: Accountability & Transparency Review Team por ICANN
Call for Volunteers: Accountability & Transparency Review TeamCall for Volunteers: Accountability & Transparency Review Team
Call for Volunteers: Accountability & Transparency Review Team
ICANN3.9K visualizações
ICANN Expected Standards of Behavior | French por ICANN
ICANN Expected Standards of Behavior | FrenchICANN Expected Standards of Behavior | French
ICANN Expected Standards of Behavior | French
ICANN688 visualizações
ICANN Expected Standards of Behavior por ICANN
ICANN Expected Standards of BehaviorICANN Expected Standards of Behavior
ICANN Expected Standards of Behavior
ICANN449 visualizações
ICANN Expected Standards of Behavior | Russian por ICANN
ICANN Expected Standards of Behavior | RussianICANN Expected Standards of Behavior | Russian
ICANN Expected Standards of Behavior | Russian
ICANN280 visualizações
ICANN Expected Standards of Behavior | Arabic por ICANN
ICANN Expected Standards of Behavior | ArabicICANN Expected Standards of Behavior | Arabic
ICANN Expected Standards of Behavior | Arabic
ICANN311 visualizações
ICANN Expected Standards of Behavior | Chinese por ICANN
ICANN Expected Standards of Behavior | ChineseICANN Expected Standards of Behavior | Chinese
ICANN Expected Standards of Behavior | Chinese
ICANN294 visualizações
ICANN Expected Standards of Behavior | Spanish por ICANN
ICANN Expected Standards of Behavior | SpanishICANN Expected Standards of Behavior | Spanish
ICANN Expected Standards of Behavior | Spanish
ICANN244 visualizações
Policy Development Process Infographic Turkish por ICANN
Policy Development Process Infographic TurkishPolicy Development Process Infographic Turkish
Policy Development Process Infographic Turkish
ICANN515 visualizações
Policy Development Process Infographic Russian por ICANN
Policy Development Process Infographic RussianPolicy Development Process Infographic Russian
Policy Development Process Infographic Russian
ICANN415 visualizações
Policy Development Process Infographic Portuguese por ICANN
Policy Development Process Infographic PortuguesePolicy Development Process Infographic Portuguese
Policy Development Process Infographic Portuguese
ICANN327 visualizações
Policy Development Process Infographic Spanish por ICANN
Policy Development Process Infographic SpanishPolicy Development Process Infographic Spanish
Policy Development Process Infographic Spanish
ICANN320 visualizações
Policy Development Process Infographic French por ICANN
Policy Development Process Infographic FrenchPolicy Development Process Infographic French
Policy Development Process Infographic French
ICANN299 visualizações
Policy Development Process Infographic English por ICANN
Policy Development Process Infographic EnglishPolicy Development Process Infographic English
Policy Development Process Infographic English
ICANN2K visualizações
Policy Development Process Infographic Chinese por ICANN
Policy Development Process Infographic ChinesePolicy Development Process Infographic Chinese
Policy Development Process Infographic Chinese
ICANN223 visualizações

Último

Building trust in our information ecosystem: who do we trust in an emergency por
Building trust in our information ecosystem: who do we trust in an emergencyBuilding trust in our information ecosystem: who do we trust in an emergency
Building trust in our information ecosystem: who do we trust in an emergencyTina Purnat
85 visualizações18 slides
Serverless cloud architecture patterns por
Serverless cloud architecture patternsServerless cloud architecture patterns
Serverless cloud architecture patternsJimmy Dahlqvist
17 visualizações52 slides
zotabet.pdf por
zotabet.pdfzotabet.pdf
zotabet.pdfzotabetcasino
6 visualizações1 slide
Audience profile.pptx por
Audience profile.pptxAudience profile.pptx
Audience profile.pptxMollyBrown86
12 visualizações2 slides
childcare.pdf por
childcare.pdfchildcare.pdf
childcare.pdffatma alnaqbi
14 visualizações4 slides
Sustainable Marketing por
Sustainable MarketingSustainable Marketing
Sustainable MarketingTheo van der Zee
9 visualizações50 slides

Último(20)

Building trust in our information ecosystem: who do we trust in an emergency por Tina Purnat
Building trust in our information ecosystem: who do we trust in an emergencyBuilding trust in our information ecosystem: who do we trust in an emergency
Building trust in our information ecosystem: who do we trust in an emergency
Tina Purnat85 visualizações
Serverless cloud architecture patterns por Jimmy Dahlqvist
Serverless cloud architecture patternsServerless cloud architecture patterns
Serverless cloud architecture patterns
Jimmy Dahlqvist17 visualizações
zotabet.pdf por zotabetcasino
zotabet.pdfzotabet.pdf
zotabet.pdf
zotabetcasino6 visualizações
Audience profile.pptx por MollyBrown86
Audience profile.pptxAudience profile.pptx
Audience profile.pptx
MollyBrown8612 visualizações
childcare.pdf por fatma alnaqbi
childcare.pdfchildcare.pdf
childcare.pdf
fatma alnaqbi14 visualizações
Sustainable Marketing por Theo van der Zee
Sustainable MarketingSustainable Marketing
Sustainable Marketing
Theo van der Zee9 visualizações
AI Powered event-driven translation bot por Jimmy Dahlqvist
AI Powered event-driven translation botAI Powered event-driven translation bot
AI Powered event-driven translation bot
Jimmy Dahlqvist16 visualizações
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf por RIPE NCC
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
RIPE NCC15 visualizações
informing ideas.docx por MollyBrown86
informing ideas.docxinforming ideas.docx
informing ideas.docx
MollyBrown8612 visualizações
Existing documentaries (1).docx por MollyBrown86
Existing documentaries (1).docxExisting documentaries (1).docx
Existing documentaries (1).docx
MollyBrown8613 visualizações
information por khelgishekhar
informationinformation
information
khelgishekhar7 visualizações
UiPath Document Understanding_Day 3.pptx por UiPathCommunity
UiPath Document Understanding_Day 3.pptxUiPath Document Understanding_Day 3.pptx
UiPath Document Understanding_Day 3.pptx
UiPathCommunity95 visualizações
google forms survey (1).pptx por MollyBrown86
google forms survey (1).pptxgoogle forms survey (1).pptx
google forms survey (1).pptx
MollyBrown8614 visualizações
IETF 118: Starlink Protocol Performance por APNIC
IETF 118: Starlink Protocol PerformanceIETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol Performance
APNIC124 visualizações
Is Entireweb better than Google por sebastianthomasbejan
Is Entireweb better than GoogleIs Entireweb better than Google
Is Entireweb better than Google
sebastianthomasbejan10 visualizações
UiPath Document Understanding_Day 2.pptx por RohitRadhakrishnan8
UiPath Document Understanding_Day 2.pptxUiPath Document Understanding_Day 2.pptx
UiPath Document Understanding_Day 2.pptx
RohitRadhakrishnan8282 visualizações
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf por RIPE NCC
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
RIPE NCC9 visualizações
PORTFOLIO 1 (Bret Michael Pepito).pdf por brejess0410
PORTFOLIO 1 (Bret Michael Pepito).pdfPORTFOLIO 1 (Bret Michael Pepito).pdf
PORTFOLIO 1 (Bret Michael Pepito).pdf
brejess04107 visualizações
𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲 por Infosec train
𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲
𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲
Infosec train7 visualizações
OMS: Diretrizes para um controle da promoção comercial dos ditos substitutos ... por Prof. Marcus Renato de Carvalho
OMS: Diretrizes para um controle da promoção comercial dos ditos substitutos ...OMS: Diretrizes para um controle da promoção comercial dos ditos substitutos ...
OMS: Diretrizes para um controle da promoção comercial dos ditos substitutos ...
Prof. Marcus Renato de Carvalho88 visualizações

ICANN 51: DNS Risk Framework

  • 1. Text DNS Risk Framework Update #ICANN51 14 October 2014 John Crain & Jacks Khawaja Chief SSR Officer; Enterprise Risk Director
  • 2. Agenda Text • History • Moving Forward #ICANN51
  • 8. Numbers Text • Examining Risk o Typically, step 1 = identify assets o Impractical to identify all individual elements of DNS • Our Approach Categorize assets by sphere of influence #ICANN51
  • 9. WTexth ere can ICANN: Implement Directly Influence Indirectly Influence ?
  • 10. Text Assets directly controlled by ICANN • Assets that ICANN directly manages or contracts to third parties (Example: XXX, XXX) • ICANN’s own corporate infrastructure • External-facing services such as websites and request management systems • DNS infrastructure of L.root-servers.net • Others? #ICANN51
  • 11. Text Assets directly influenced by ICANN • Assets that ICANN can influence through contractual agreements (Example: Service Level Agreements, etc.) • Registries or registrars are guided by contracts that include Service Level Agreements • It is their remit as the asset owners to decide how they meet those SLAs and how to implement mitigation of their risks #ICANN51
  • 12. Text • The Internet is a “network of networks” and each operator of a network or service is ultimately responsible for their own risk management • ICANN and the community can indirectly influence these through outreach and awareness efforts • ISOC’s Deploy360 is an excellent example of this #ICANN51 Assets outside ICANN’s realm
  • 13. Text SSR-001 DDOS (Example) #ICANN51
  • 14. SSR001 Description (abridged) Text • User or organization deprived of service(s) or resource(s) they would normally have • Distributed denial-of-service (DDoS) attack: o Multitude of systems (compromised or otherwise) are used to attack a single target o Flood of incoming messages to the target system essentially forces it to shut down. This can take two forms: § Resource Depletion § Resource Disruption #ICANN51
  • 15. What is the Risk? Text • This risk discusses the probability that parts of the DNS could be disabled for a sustained period • To ascertain the likelihood or the effect of such an attack, it’s important to first define the assets that are affected. This is also critical to understanding who owns the risk and who is able to best mitigate such risks #ICANN51
  • 16. Look at DNS Assets from Both Sides Text • Publish the data on the authoritative servers (root servers, TLD servers, and registrants servers) • Query the data on the recursive servers (ISP’s, corporations, and DNS service providers) #ICANN51
  • 17. Text Assets directly controlled by ICANN Authoritative • ICANN: o Operates L.root-servers.netICANN runs some infrastructure for TLDs (ARPA, int.) o Runs its own network DNS infrastructure Recursive • ICANN runs its own recursive servers for staff • Risks to these are covered in ICANN’s ERM #ICANN51
  • 18. Text Assets directly influenced by ICANN Authoritative • ICANN has an advisory committee (RSSAC) that provides Service Level Recommendations for root servers • (Upcoming RSSAC002) • ICANN has contracts in place with many, but not all TLDs. Those contracts contain SLAs Recursive • ?? #ICANN51
  • 19. Text Authoritative • Registrants’ DNS services Recursive • ISPs, corporations, homes and DNS service providers • Should the community work together to influence these? • We have SSAC and RSSAC that provide advice #ICANN51 Assets outside ICANN’s realm
  • 20. Can We Tackle the Root Causes? Text There are many efforts underway to reduce the severity of DDoS attacks o Source Address Validation (BCP38) o Open Resolver project o Botnet dismantling o Others Should ICANN staff and community members play a more active role? #ICANN51
  • 21. Going Forward Text • For each of the 23 risks, we will: o Document assets o Identify existing mitigation strategies that are in place o Suggest areas where new or improved mitigation plans may be considered • How do we involve community expertise? o Dedicated workshops? o Working Groups? o Other suggestions? #ICANN51
  • 22. GDD + Related Sessions Text Wednesday, 15 October o GDD Service Delivery, Customer Service & #ICANN51 Service Level Agreements o Universal Acceptance Thursday, 16 October o DNSSEC Key Rollover Workshop o Thick WHOIS Implementation (Working Session) o Deploying the IETF’s WHOIS Replacement
  • 23. Text Engage with ICANN on Web & Social Media twitter.com/icann facebook.com/icannorg linkedin.com/company/icann gplus.to/icann weibo.com/icannorg flickr.com/photos/icann youtube.com/user/ICANNnews icann.org