![Page 1: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/1.jpg)
Strengthening our Ecosystem through
Stakeholder CollaborationJia-Rong Low, Sr Director, Asia | 20 August 2015
![Page 2: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/2.jpg)
| 2
About ICANN and the Domain Name
System (DNS)
DNS attacks and their impact
DNS Security
1 2 3
Agenda
![Page 3: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/3.jpg)
| 3
What does ICANN do?
• IP address(192.0.32.7)(2607:f0d0:1002:51::4)
• Domain Names .com .org .net;.my .sg .cn .in .bd;.संगठन , .游戏, . شبكة
![Page 4: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/4.jpg)
| 4
The Internet Architecture
![Page 5: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/5.jpg)
| 5
Domain Name Resolution Process
Caching DNS Server
End-user
www.cmu.edu A?
www.cmu.edu A 128.2.42.52
Root DNS Server
edu DNS Server
cmu.edu DNS Server
![Page 6: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/6.jpg)
DNS attacks and their impact
![Page 7: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/7.jpg)
| 7
Have an online presence or online service?
• mycompany.com
• Mybank.com
• eGov.xx
• Ministry-of-jiarong.gov.xx
• myorganisation.org
![Page 8: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/8.jpg)
| 8
DNS attacks can affect you
![Page 9: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/9.jpg)
| 9
Domain Name Resolution Process
![Page 10: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/10.jpg)
| 10
DNS Data Flow
![Page 11: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/11.jpg)
| 11
DNS Vulnerabilities
master Caching forwarder
Zone administrator
Zone file
Dynamicupdates
1
2
slaves
3
4
5
resolver
Server protection Data protection
Corrupting data Impersonating master
Unauthorized updates
Cache impersonation
Cache pollution byData spoofing
DNS Data Flow
![Page 12: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/12.jpg)
DNS Security
![Page 13: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/13.jpg)
| 13
DNS Security
• There are two aspects when considering DNS Security– Server protection– Data protection
• Server protection– Protecting servers
• Make sure your DNS servers are protected (i.e. physical security, latest DNS server software, proper security policies, Server redundancies etc.)
– Protecting server transactions• Deployment of TSIG, ACLs etc. (To secure transactions against server
impersonations, secure zone transfers, unauthorized updates etc.)
• Data protection– Authenticity and Integrity of Data
• Deployment of DNSSEC (Protect DNS data against cache poisoning, cache impersonations, spoofing etc.)
![Page 14: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/14.jpg)
| 14
Cybersecurity challenges – Common Themes
Source: mmCERT
![Page 15: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/15.jpg)
| 15
Cybersecurity – People and Technology
People• Awareness • Security requirements • Knowledge and skills• Sharing Security
Incident Information
Technology• DNS Security
Extensions (DNSSEC)• Root servers
![Page 16: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/16.jpg)
| 16
People – Capacity Building
• Partners/Recipients- TLD Registry Operators on Security, DNSSEC etc
- Law Enforcement Agencies on DNS Basics, Mitigating DNS abuse/misuse
- Network Operators; CERTs
• Knowledge exchange- Europol, Interpol
![Page 17: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/17.jpg)
| 17
People – Information sharing• Exchange of threat/incident intelligence
• Attacks against ccTLDs, registrars
• Coordinated response to threats
• Vulnerability disclosure
• Collaborate to look at specific issues
• Phishing - Research, target bad domains (Anti-Phishing Working Group)
• Spam - Work with Governments; Regional Internet Registries; ISOC
• Crime- DNS abuse/misuse; DDoS attack- Work with Law Enforcement Agencies
• Global Cybersecurity Cybercrime Initiative- OECD, other academic institutions
![Page 18: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/18.jpg)
| 18
Client Resolver(ISP)
www.example.net. ? www.example.net. ?
a.server.net.
Tech – DNSSEC: Protect users from being redirected to malicious sites
18
10.1.2.3
.netnameserver
RootServer
example.netnameserver
![Page 19: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/19.jpg)
| 19
DNSSEC: So what’s the problem?
• Not enough IT departments know about it or are too busy putting out other security fires.
• When they do look into it they hear old stories of FUD and lack of turnkey solutions.
• Registrars*/DNS providers see no demand leading to “chicken-and-egg” problems.
*but required by new ICANN registrar agreement
![Page 20: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/20.jpg)
| 20
What you can do
• For Companies:– Sign your corporate domain names– Just turn on validation on corporate DNS resolvers
• For Users:– Ask ISP to turn on validation on their DNS resolvers
• For All:– Take advantage of DNSSEC education and training
![Page 21: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/21.jpg)
| 21
Tech ‐ Root Servers: Internet Stability and Resiliency
• Root nodes keep Internet traffic local and resolve queries faster
• Make it easier to isolate attacks• Reduce congestion on
international bandwidth
- Ongoing project to expand distribution of L-Root globally- Over 150 L-root instances worldwide- 11 installed in APAC
![Page 22: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/22.jpg)
| 22
Root Servers: Host an L‐Root
• Contact ICANN Asia Pacific Hub– [email protected]
• What you’ll need:– L-Root Node host provides hardware– ICANN runs systems on it– Zero-dollar contract
![Page 23: Strengthening our Ecosystem through Stakeholder Collaboration · Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia | 20 August 2015 | 2](https://reader034.vdocument.in/reader034/viewer/2022042307/5ed3af92e22b2e4cd501683f/html5/thumbnails/23.jpg)
| 23
Thank You and QuestionsEmail: [email protected]: icann.org
gplus.to/icann
weibo.com/ICANNorg
flickr.com/photos/icann
slideshare.net/icannpresentations
twitter.com/icanntwitter.com/icann4biz
facebook.com/icannorg
linkedin.com/company/icann
youtube.com/user/icannnews
Thank you and Questions