ICANN’s Identifier Systems Security, Stability and ... · The Internet Corporation for Assigned...
Transcript of ICANN’s Identifier Systems Security, Stability and ... · The Internet Corporation for Assigned...
![Page 1: ICANN’s Identifier Systems Security, Stability and ... · The Internet Corporation for Assigned Names and Numbers (ICANN) is a global multistakeholder, ... The IS SSR Team •Provides](https://reader034.fdocuments.in/reader034/viewer/2022042812/5faef45f5f096062ee165e46/html5/thumbnails/1.jpg)
ICANN’s Identifier SystemsSecurity, Stability and Resiliency Team
ITU Workshop on Child Online Safety –Lilongwe: July /20 /2016
![Page 2: ICANN’s Identifier Systems Security, Stability and ... · The Internet Corporation for Assigned Names and Numbers (ICANN) is a global multistakeholder, ... The IS SSR Team •Provides](https://reader034.fdocuments.in/reader034/viewer/2022042812/5faef45f5f096062ee165e46/html5/thumbnails/2.jpg)
| 2
What is ICANN?
The Internet Corporation for Assigned Names and
Numbers (ICANN) is a global multistakeholder, private
sector-led organization that manages Internet
resources for the public benefit
ICANN coordinates the top-level of the Internet's system of unique identifiers via global, multistakeholder, bottom-up consensus policy processes, with the outcome of those processes implemented via the IANA Functions.
![Page 3: ICANN’s Identifier Systems Security, Stability and ... · The Internet Corporation for Assigned Names and Numbers (ICANN) is a global multistakeholder, ... The IS SSR Team •Provides](https://reader034.fdocuments.in/reader034/viewer/2022042812/5faef45f5f096062ee165e46/html5/thumbnails/3.jpg)
| 3
ISSSR Team: Areas of Operation
Threat Awareness
andPreparedness
Analytics
Trust-based
Collaboration
CapabilityBuilding
![Page 4: ICANN’s Identifier Systems Security, Stability and ... · The Internet Corporation for Assigned Names and Numbers (ICANN) is a global multistakeholder, ... The IS SSR Team •Provides](https://reader034.fdocuments.in/reader034/viewer/2022042812/5faef45f5f096062ee165e46/html5/thumbnails/4.jpg)
| 4
![Page 5: ICANN’s Identifier Systems Security, Stability and ... · The Internet Corporation for Assigned Names and Numbers (ICANN) is a global multistakeholder, ... The IS SSR Team •Provides](https://reader034.fdocuments.in/reader034/viewer/2022042812/5faef45f5f096062ee165e46/html5/thumbnails/5.jpg)
| 5
Threat Awareness
ICANN’s ISSSR Team exchanges or acts on threat intelligence or incidents involving global Internet identifiers to mitigate threats• DNS Coordinated
Vulnerability Disclosure• Tactical response to attacks• Collaborative incident
response
https://www.flickr.com/photos/opacity/
![Page 6: ICANN’s Identifier Systems Security, Stability and ... · The Internet Corporation for Assigned Names and Numbers (ICANN) is a global multistakeholder, ... The IS SSR Team •Provides](https://reader034.fdocuments.in/reader034/viewer/2022042812/5faef45f5f096062ee165e46/html5/thumbnails/6.jpg)
| 6
Capability Building
The IS SSR Team • Provides technical training to ccTLD
operators or public safety communities– Registry operations
– DNSSEC
– Investigating identifier systems abuse
• Collaborates on cybersecurity matterswith security communities – APWG, MAAWG, DNS OARC…
• Shares cybersecurity subject matter expertise with legislation or policy makers or government agencies
![Page 7: ICANN’s Identifier Systems Security, Stability and ... · The Internet Corporation for Assigned Names and Numbers (ICANN) is a global multistakeholder, ... The IS SSR Team •Provides](https://reader034.fdocuments.in/reader034/viewer/2022042812/5faef45f5f096062ee165e46/html5/thumbnails/7.jpg)
| 7
Analytics
ICANN’s ISSSR Team studies identifier system abuse or performance using event or reputation data
• Security threats e.g., spam, phishing, C2, malware…
• Whois accuracy
• DNS security, stability, resiliency
![Page 8: ICANN’s Identifier Systems Security, Stability and ... · The Internet Corporation for Assigned Names and Numbers (ICANN) is a global multistakeholder, ... The IS SSR Team •Provides](https://reader034.fdocuments.in/reader034/viewer/2022042812/5faef45f5f096062ee165e46/html5/thumbnails/8.jpg)
| 8
Trust-based Collaboration
ICANN’s ISSSR team engages with cybersecurity and public safety communities• To identify or mitigate
identifier system abuse• Share information related to
identifier system misuseTeam also acts as a trusted introducer between DNS and information security communities
https://www.flickr.com/photos/slagheap/
![Page 9: ICANN’s Identifier Systems Security, Stability and ... · The Internet Corporation for Assigned Names and Numbers (ICANN) is a global multistakeholder, ... The IS SSR Team •Provides](https://reader034.fdocuments.in/reader034/viewer/2022042812/5faef45f5f096062ee165e46/html5/thumbnails/9.jpg)
| 9
How Does Trust-based Collaboration Work?
Most harm occurs in first hours of attack
Motive distinguishes the nature and objectives of attacks
3
Technology is motive agnostic: criminals, investigators, admins use the same tools
• Private- and public sector investigators cooperate
24x7 using trusted communications channels
• Information sharing• Malware, phishing, spam samples
• Host names, URLs, addresses, geo-location
• Activities of persons of interest (e.g., social media posts)
• Points of contact (targets, victims, operators, investigators)
• Coordination or hand off• Mitigating DDoS by squelching sources
• Providing evidence of AUP violation to operator for action
![Page 10: ICANN’s Identifier Systems Security, Stability and ... · The Internet Corporation for Assigned Names and Numbers (ICANN) is a global multistakeholder, ... The IS SSR Team •Provides](https://reader034.fdocuments.in/reader034/viewer/2022042812/5faef45f5f096062ee165e46/html5/thumbnails/10.jpg)
| 10
Trust is Earned
Most harm occurs in first hours of attack
Motive distinguishes the nature and objectives of attacks
3
Technology is motive agnostic: criminals, investigators, admins use the same tools
• New participants earn nominations from existing
members and are vetted prior to admission
• Personal references,
• Prior collaboration and
• Reputation
• Individuals put own reputation and membership at
risk when they nominate
• Strict codes of conduct
• Self-policing model
![Page 11: ICANN’s Identifier Systems Security, Stability and ... · The Internet Corporation for Assigned Names and Numbers (ICANN) is a global multistakeholder, ... The IS SSR Team •Provides](https://reader034.fdocuments.in/reader034/viewer/2022042812/5faef45f5f096062ee165e46/html5/thumbnails/11.jpg)
| 11
Is trust-based collaboration effective?
Most harm occurs in first hours of attack
Motive distinguishes the nature and objectives of attacks
3
Technology is motive agnostic: criminals, investigators, admins use the same tools
Yes. It reduces the attack surface in several ways:
• Sharing “data feeds” forms the bases for action
• Sharing malware samples expedites remediation
• Sharing intelligence improves dossiers on suspected
criminal actors
• Reduces time from threat identification to
containment or mitigation
• Gives participating law enforcement agents insights
other than direct complaints
![Page 12: ICANN’s Identifier Systems Security, Stability and ... · The Internet Corporation for Assigned Names and Numbers (ICANN) is a global multistakeholder, ... The IS SSR Team •Provides](https://reader034.fdocuments.in/reader034/viewer/2022042812/5faef45f5f096062ee165e46/html5/thumbnails/12.jpg)
| 12
Thank you