Andrzej Bartosiewicz, profile picture
Uploaded byAndrzej Bartosiewicz
PDF, PPTX1,803 views

DNS Cybersecurity in 2012-2015

The document discusses the evolving cybersecurity landscape from 2012 to 2015, highlighting the challenges faced by registries and registrars in light of increasing cyber threats such as cybercrime, cyber-terrorism, and cyber-warfare. It details types of attacks, motivations behind them, and various tools used by attackers, emphasizing the necessity for robust security measures within the domain registration ecosystem. Additionally, it suggests that cybersecurity can represent both a cost and a business opportunity, particularly for registrars and registries that can offer enhanced security services to domain holders.

Download as PDF, PPTX
Cybersecurity in 2012-2015: The new challenges to be faced by Registries and Registrars. How to profit from cyber security? Dr. Andrzej Bartosiewicz Yonita Inc., CEO
Are YOU prepared for Cyber Attack?
Recent examples of cyber-attacks
Cyber crime, cyber terrorism and cyber warfare Types of the cybersecurity threats CYBERSECURITY THREATS
Hacking is a “pure” criminal activity only? Cyber- Cyber- Cyber- Cyber- security crime warfare terrorism threats criminal activity: most common activity today, in most cases concealed; cyberwarfare: probably already in place; some countries already prepared to launch cyberattack on enemy’s infrastructure cyberterrorism: already in place, developing fast and become more and more dangerous in upcoming years
Cyber-crime Cyber-crime • Cybercrime is any criminal act committed by a person with knowledge of computers who uses this information to accomplish acts of identity theft, intellectual property theft, terrorism, vandalism, credit and debt card fraud, and other forms of computer-related crimes. • Hacking is defined as intentionally accessing a computer without authorization or exceeding authorization in order to access restricted information.
Cyber-terrorism Cyber-terrorism • Cyber-terrorism is a criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. FEDERAL GOVERNMENT, THE FBI
Cyber-warfare Cyber-warfare • Cyberwarfare - Actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption RICHARD A. CLARKE • Cyberwarfare refers to politically motivated (and sponsored) hacking to conduct sabotage and espionage.
Cyber-warfare example: Stuxnet, Iran • Highly specialized malware payload; designed to target only Siemens SCADA systems that are configured to control and monitor specific industrial processes. • Stuxnet appears to be designed to sabotage the uranium enrichment facility at Natanz by destroying centrifuges (device performing isotope separation). Stuxnet may have physically destroyed up to 1000 centrifuges (10 percent) • "serious nuclear accident" occurred at the site in the first half of 2009 • "They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts.“ MAHMOUD AHMADINEJAD
Cyber-attacks: evolution Tomorrow – political or Past – position/ religious status in the motivation; society cyber-terrorism Today – cyber- After tomorrow crime; financial – cyber warfare gain Slide partially based on Dr. Paul Wagner’s presentation
Demons- Theft tration Damage SOURCES, OBJECTIVES, MOTIVATION AND TOOLS
Threat sources • Hackers and Crackers (individuals who illegally break into other computer systems to damage the system or data, steal information, or cause disruption of networks for personal motivations - monetary gain or status) • Criminals (individuals or gangs who illegally break into other computer systems primarily for financial gain) • Terrorist activity (unlawful destruction, disruption, or disinformation of digital property to intimidate or coerce governments or societies in the pursuit of goals that are political, religious or ideological) • Governments • Industrial espionage (discover proprietary information on financial or contractual issues, or to acquire classified information on sensitive research and development efforts) • Insiders (disgruntled employees working alone to use their access to compromise the system)
Objectives of Cyber Attack • Loss of Integrity (corrupted data, lost data) • Loss of Availability (loss of system functionality and operational effectiveness) • Loss of Confidentiality (unauthorized, unanticipated, or unintentional disclosure could result in loss of public confidence, embarrassment, or legal action against the organization) • Theft (information stolen especially financial or personal data, R&D documents) • Physical Destruction (ability to create actual physical harm or destruction through the use of IT systems; i.e. SCADA systems)
Motivation Motivation • Financial • Challenge, ego, “fame” • Non-financial • Illegal information disclosure, blackmail • Monetary gain • Unauthorized data alteration • Destruction of information, exploitation and revenge • Sabotage (to gain competitive advantage) • Industrial or corporate espionage • Government led intelligence and economic espionage
Tools of Cyber Attacks • Infrastructure is targeted: • Service flooding - Distributed Denial of Service Attack (DDoS) • Vulnerabilities detection + system intrusion / break-ins • Backdoors • Trojan horses and viruses • Botnets • 3rd party infrastructure is targeted (example: domain hijacking, DNS hijacking) • Humans are targeted: • Social engineering: Phishing & E-mail Spoofing • Blackmail or physical assault on an employee
Tools of Cyber Attacks example: Phishing • using social methods to infect users with non-vulnerability based malware (such as Trojans and keyloggers) or to steal user privileged information by requesting the user to provide it and making the user believe they are surfing a genuine site.
Tools of Cyber Attacks example: domain hijacking Domain hijacking or domain theft is the process by which registration of a currently registered domain name is transferred without the permission of its original registrant, generally by exploiting a vulnerability in the domain name registration system.
http://imgs.xkcd.com/comics/security.png Are you using TWO-MAN RULE in your infrastructure? The two-man rule is a control mechanism designed to achieve a high level of security for especially critical material or operations. Under this rule all access and actions requires the presence of two authorized people at all times.
Critical Infrastructure Roles of the Registry Roles of the Registrars CHALLENGES FOR REGISTRIES AND REGISTRARS
Expectations from Registrars and Registries Security Availability Integrity Registrars/ Registries
Roles of the Registry • from DDoS attacks on the whole Protect zone DNS • from DNS spoofing of individual zones (domains) Protect • from loss of internal integrity of data data (users, • from attacks targeted to steal data domains, financial) • from domain hijacking Protects • from natural disasters and industrial from catastrophes outages
Roles of the Registrars Protects • from loss of internal integrity of data data (users, • from attacks targeted to steal data domains, financial) • from domain hijacking Protects • from natural disasters and industrial from catastrophes outages
Necessary costs of Cybersecurity Registrars ISPs Registries DNS robustness, $ $$$$ stability and ANYCAST Monitoring (data $$ $$$$ integrity + service availability) DNSSEC $ $ $$$$ Data protection: $ $$ $$$$ Infrastructure & software Availability: protection $ $$ $$$$ from outages
Challenges to be faced by both Registries and Registrars Intensified Hacker attacks to: • Steal personal data • Take control of domain names to disrupt business or use hijacked domains for unlawful purposes • Disrupt services (locally) Cybererrorism: • Cyberterrorism should be perceived as threat by Registries. Attack on the country’s infrastructure can be combined with attack on the TLD Registry.
SECURITY - COST OR OPPORTUNITY?
Are YOU prepared for… making money on security?
Cybersecurity in upcoming years – just the cost or business opportunity? • For most domain registrants (doman holders), cybersecurity of their domains, on-line applications and web-pages, technical infrastructure is only the necessary cost. • For Registrar and Registries cybersecurity can be both cost and the business opportunity. Today, most Registries and Registrars miss the opportunity to make revenue on the additional security for domain name holders.
Business opportunities in upcoming years for… Registrars Registries WHOIS Privacy Protection YES NO Domain Lock Services YES Maybe DNSSEC support YES Maybe SSL Certificates YES Maybe Domains/URL Security YES YES Scanning - On-line application vulnerabilities Domains/URL Security YES YES Scanning - Malware detection
Domains/URL Security Scanning - On-line application vulnerabilities • Web Scanner is aimed at detecting security vulnerabilities in web sites and online applications. • example: Yonita Web Scanner performs dynamic verification of web applications based on automated tests generated by the Smart Test Generator and Randomized Data Generator. Provided by Provided by Registry Registrar Free service – whole zone Pay per scan scan Paid service through Registrars
Domains/URL Security Scanning - On-line application vulnerabilities Defects in Defects in session Cross-site Scripting Cross-site Request authentication and management (XSS) Forgery authorization Defects in forward and redirect Content spoofing Buffer overflow Script injection mechanisms OS command Direct object SQL injection CRLF injection injection references
Domains/URL Security Scanning CRITICAL VULNERABILITIES (TYPES) / DOMAIN* August 2011 .LV .BA .UA .CZ .BG .RU .RS 0 0.2 0.4 0.6 0.8 1 .RS .RU .BG .CZ .UA .BA .LV CRITICAL 1 0.80 0.56 0.50 0.40 0.33 0.12 *) based on Alexa list, ccTLD domains only Full report will be available @ end of September
Domains/URL Security Scanning Detected Vulnerabilities, August 2011 3% 1% 16% 12% 59% 9% SQL Injection Integer Overflow Attack Shell Injection HTTP PUT Accepted Backend XML Injection Other
Domains/URL Security Scanning – Malware detection • to help prevent websites from infecting other websites. – automatic malware scanning service with every domain name registration • examples: McAfee agreement with .XXX ($8 million deal); VERISIGN MalDetector Provided by Provided by Registry Registrar Free service – whole zone Pay per scan scan Paid service through Registrar
WHOIS Privacy Protection • A user buys privacy from the company, who in turn replaces the user's info in the WHOIS with the info of a forwarding service (for email and sometimes postal mail, done by a proxy server). • Pricing: $4-$10/yr + processing fees (i.a. disputes) • Providers: “Domain by Proxy” (GoDaddy), eNOM, WhoisGuard and many more • Some TLDs (including XXX, US, CA, AG, CO.NZ, SE, TC, TK, TW, IT, JOBS, JP) do not allow WHOIS Privacy Protection
Domain Lock • Domain Lock is a status code that can be set on an Internet domain name by the sponsoring registrar of the domain name to prevent unauthorized, unwanted or accidental changes to the domain name. – The Extensible Provisioning Protocol (EPP) specifies both client (registrar) and server (registry) status codes that can be used to prevent unintended registry changes: Delete, Transfer and/or Update • Types: – Registrar Lock: usually free of charge; protects against accidental transfers/deletions; no real protection; high volume/low value • all gTLDs, many ccTLDs – Registry Lock: more secure, required additional secure, authenticated process (i.a. manual); low volume/high value • examples: .COM, .AF, .CX, .GS, .GY, .KI, .NF, .NL., .PR, .US and .TL
DNSSEC support • DNSSEC is an addition to the Domain Name System (DNS) protocols; it is designed to add security to the DNS to protect it from certain attacks, such as any data modification attack (e.g. cache poisoning). It is a set of extensions to DNS, which provide origin authentication of DNS data, data integrity and authenticated denial of existence. • Registry – provides the free of charge service through EPP • Registrar: – Registrars can either pass Delegation Signer (DS) (the only correct approach from security point of view) only or complete the whole process of keys generation and signing (less secure but easier to sell) Free Paid – Can be offered for free or as a part of the • Registrant signs • Registrar zone; Registrar responsible for paid service (like GoDaddy’s “Premium uploads DS everything DNS Account”) • Registrar responsible for everything
Dr. Andrzej Bartosiewicz, CEO of Yonita Inc. Ph.D. in Informatics, Warsaw University of Technology. Expert in domain names, security and trademarks protection, telecommunication. Author of more than 200 publications and presentations. Over 15 years of experience in the information and communication technology business, including 12 years of experience in senior managerial positions. • Director and Chairman of CENTR (2006- 2010). • Rapporteur and Chairman of ITU-T in the field of “Internationalized Domain Names” (2005-2008) • Head of .PL Registry (2001-2010)

More Related Content

PPT
Cyberterrorism
byVarshil Patel
 
PDF
Practical approach to combating cyber crimes
byChinatu Uzuegbu
 
PPT
Hackers
byMohamed Boudchiche
 
PDF
Lecture5
byMajid Taghiloo
 
PPT
S nandakumar
byIPPAI
 
PPTX
Securing Your Digital Files from Legal Threats
byAbbie Hosta
 
PPTX
One of 2 protect your business
byManagement Insights LLC
 
PDF
3 f6 security
byop205
 
Cyberterrorism
byVarshil Patel
 
Practical approach to combating cyber crimes
byChinatu Uzuegbu
 
Hackers
byMohamed Boudchiche
 
Lecture5
byMajid Taghiloo
 
S nandakumar
byIPPAI
 
Securing Your Digital Files from Legal Threats
byAbbie Hosta
 
One of 2 protect your business
byManagement Insights LLC
 
3 f6 security
byop205
 

What's hot

PPTX
Network security
byhajra azam
 
PDF
Dell Technologies Cyber Security playbook
byMargarete McGrath
 
PPT
How to become Hackers .
byGreater Noida Institute Of Technology
 
PPT
Hackers Cracker Network Intruder
byErdo Deshiant Garnaby
 
PDF
Cyber Security in 2018
byChiranjit Adhikary
 
PPTX
CCIAOR Cyber Security Forum
byCCIAOR
 
PDF
Cyber Security: The Strategic View
byCisco Canada
 
PDF
Internet of things, New Challenges in Cyber Crime
byMurray Security Services
 
PDF
Cyber Security and the National Central Banks
byCommunity Protection Forum
 
PDF
Understanding and preventing cyber crime and its impact on your organisation
byJacqueline Fick
 
PDF
Understanding Identity Management and Security.
byChinatu Uzuegbu
 
PDF
Combating cyber crimes chinatu
byChinatu Uzuegbu
 
PDF
The IBM X-Force 2016 Cyber Security Intelligence Index
byKanishka Ramyar
 
PDF
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
byAndrea Rossetti
 
PPTX
7 mike-steenberg-carlos-lopera-us-bank
byshreemala1
 
PDF
Cybercrime: Radically Rethinking the Global Threat
byNTT Innovation Institute Inc.
 
PPTX
Cyber Security
byfrcarlson
 
PDF
Cyber of things 2.0
byDeepak Kumar (D3)
 
PDF
Creating cyber forensic readiness in your organisation
byJacqueline Fick
 
PPTX
Need for Improved Critical Industrial Infrastructure Protection
byWilliam McBorrough
 
Network security
byhajra azam
 
Dell Technologies Cyber Security playbook
byMargarete McGrath
 
How to become Hackers .
byGreater Noida Institute Of Technology
 
Hackers Cracker Network Intruder
byErdo Deshiant Garnaby
 
Cyber Security in 2018
byChiranjit Adhikary
 
CCIAOR Cyber Security Forum
byCCIAOR
 
Cyber Security: The Strategic View
byCisco Canada
 
Internet of things, New Challenges in Cyber Crime
byMurray Security Services
 
Cyber Security and the National Central Banks
byCommunity Protection Forum
 
Understanding and preventing cyber crime and its impact on your organisation
byJacqueline Fick
 
Understanding Identity Management and Security.
byChinatu Uzuegbu
 
Combating cyber crimes chinatu
byChinatu Uzuegbu
 
The IBM X-Force 2016 Cyber Security Intelligence Index
byKanishka Ramyar
 
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
byAndrea Rossetti
 
7 mike-steenberg-carlos-lopera-us-bank
byshreemala1
 
Cybercrime: Radically Rethinking the Global Threat
byNTT Innovation Institute Inc.
 
Cyber Security
byfrcarlson
 
Cyber of things 2.0
byDeepak Kumar (D3)
 
Creating cyber forensic readiness in your organisation
byJacqueline Fick
 
Need for Improved Critical Industrial Infrastructure Protection
byWilliam McBorrough
 

Similar to DNS Cybersecurity in 2012-2015

PPTX
cyber security
byNiharikaVoleti
 
PPTX
Lec 1- Intro to cyber security and recommendations
byBilalMehmood44
 
PPTX
What is Cyber & information security.pptx
byamnamahfooz615
 
PPTX
U-1.pptx..........................................
by322103310075
 
PDF
Cyber Ethics Notes.pdf
byAnupmaMunshi
 
PPTX
Training on Cyber Security & Awareness for employees
bysoumyapaul29
 
PDF
Types-of-Cybercrime-Protecting-Our-Digital-World (1).pptx.pdf
byShark61
 
PPTX
Module 1_ Introduction to Cyber Security.pptx
byFiroza10
 
PPT
cyber terrorism
byAccenture
 
PPTX
Cyber security by Gaurav Singh
byGaurav Singh
 
PPT
Citi NCR-Gurgaon 2010 -Presentation2.ppt
byluckysingh25898
 
PPTX
Cyber security # Lec 1
byKabul Education University
 
PDF
A Cyber Security Review
bySimon Moffatt
 
PDF
Francesca Bosco, Le nuove sfide della cyber security
byAndrea Rossetti
 
PPT
cyber terrorism
byAccenture
 
KEY
Echo p.410 422 ch 10, irina
bymisecho
 
KEY
Chapter 10, part 2
bymisecho
 
PPTX
9 - Security
byRaymond Gao
 
PDF
The Evolving Landscape on Information Security
bySimoun Ung
 
PDF
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
byPhil Agcaoili
 
cyber security
byNiharikaVoleti
 
Lec 1- Intro to cyber security and recommendations
byBilalMehmood44
 
What is Cyber & information security.pptx
byamnamahfooz615
 
U-1.pptx..........................................
by322103310075
 
Cyber Ethics Notes.pdf
byAnupmaMunshi
 
Training on Cyber Security & Awareness for employees
bysoumyapaul29
 
Types-of-Cybercrime-Protecting-Our-Digital-World (1).pptx.pdf
byShark61
 
Module 1_ Introduction to Cyber Security.pptx
byFiroza10
 
cyber terrorism
byAccenture
 
Cyber security by Gaurav Singh
byGaurav Singh
 
Citi NCR-Gurgaon 2010 -Presentation2.ppt
byluckysingh25898
 
Cyber security # Lec 1
byKabul Education University
 
A Cyber Security Review
bySimon Moffatt
 
Francesca Bosco, Le nuove sfide della cyber security
byAndrea Rossetti
 
cyber terrorism
byAccenture
 
Echo p.410 422 ch 10, irina
bymisecho
 
Chapter 10, part 2
bymisecho
 
9 - Security
byRaymond Gao
 
The Evolving Landscape on Information Security
bySimoun Ung
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
byPhil Agcaoili
 

Recently uploaded

PDF
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
PDF
GDG Cloud Southlake #47: Bala Desikan: Build Autonomous Agentic AI Apps on GCP
byJames Anderson
 
PDF
MicroPython presentation - PyConFr Lyon 2025 - Amine Bendahmane
byAmine Bendahmane
 
PDF
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
PPTX
2025 - AI terms & Meanings for Marketers
byashishav29
 
PDF
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
PDF
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
PDF
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
PDF
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
PDF
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
PDF
WPE Android 🤖 State of the Bot (2025)
byIgalia
 
PDF
MathML Core in WebKit
byIgalia
 
DOCX
The Rise of AI-Powered Software Development
byordersoftwarekeys
 
PDF
Exclusive Hands-On Workshop: Agentic Automation with UiPath (First Edition)
byanabulhac
 
PPTX
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
PDF
Preserving Meaning in the Age of Drift — The Semantic Fidelity Glossary (SFL-...
bySemantic Fidelity Lab
 
PDF
OpenObserve as a replacement for Elasticsearch
byAlireza Kamrani
 
PDF
PromptShelf.ai Is Live: Discover, Create, and Manage AI Prompts That Actually...
byTalavera Solutions
 
PDF
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
GDG Cloud Southlake #47: Bala Desikan: Build Autonomous Agentic AI Apps on GCP
byJames Anderson
 
MicroPython presentation - PyConFr Lyon 2025 - Amine Bendahmane
byAmine Bendahmane
 
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
2025 - AI terms & Meanings for Marketers
byashishav29
 
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
WPE Android 🤖 State of the Bot (2025)
byIgalia
 
MathML Core in WebKit
byIgalia
 
The Rise of AI-Powered Software Development
byordersoftwarekeys
 
Exclusive Hands-On Workshop: Agentic Automation with UiPath (First Edition)
byanabulhac
 
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
Preserving Meaning in the Age of Drift — The Semantic Fidelity Glossary (SFL-...
bySemantic Fidelity Lab
 
OpenObserve as a replacement for Elasticsearch
byAlireza Kamrani
 
PromptShelf.ai Is Live: Discover, Create, and Manage AI Prompts That Actually...
byTalavera Solutions
 
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 

DNS Cybersecurity in 2012-2015

  • 1.
    Cybersecurity in 2012-2015: Thenew challenges to be faced by Registries and Registrars. How to profit from cyber security? Dr. Andrzej Bartosiewicz Yonita Inc., CEO
  • 2.
    Are YOU prepared forCyber Attack?
  • 3.
    Recent examples ofcyber-attacks
  • 4.
    Cyber crime, cyberterrorism and cyber warfare Types of the cybersecurity threats CYBERSECURITY THREATS
  • 5.
    Hacking is a“pure” criminal activity only? Cyber- Cyber- Cyber- Cyber- security crime warfare terrorism threats criminal activity: most common activity today, in most cases concealed; cyberwarfare: probably already in place; some countries already prepared to launch cyberattack on enemy’s infrastructure cyberterrorism: already in place, developing fast and become more and more dangerous in upcoming years
  • 6.
    Cyber-crime Cyber-crime • Cybercrime is any criminal act committed by a person with knowledge of computers who uses this information to accomplish acts of identity theft, intellectual property theft, terrorism, vandalism, credit and debt card fraud, and other forms of computer-related crimes. • Hacking is defined as intentionally accessing a computer without authorization or exceeding authorization in order to access restricted information.
  • 7.
    Cyber-terrorism Cyber-terrorism • Cyber-terrorism is a criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. FEDERAL GOVERNMENT, THE FBI
  • 8.
    Cyber-warfare Cyber-warfare • Cyberwarfare - Actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption RICHARD A. CLARKE • Cyberwarfare refers to politically motivated (and sponsored) hacking to conduct sabotage and espionage.
  • 9.
    Cyber-warfare example: Stuxnet,Iran • Highly specialized malware payload; designed to target only Siemens SCADA systems that are configured to control and monitor specific industrial processes. • Stuxnet appears to be designed to sabotage the uranium enrichment facility at Natanz by destroying centrifuges (device performing isotope separation). Stuxnet may have physically destroyed up to 1000 centrifuges (10 percent) • "serious nuclear accident" occurred at the site in the first half of 2009 • "They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts.“ MAHMOUD AHMADINEJAD
  • 10.
    Cyber-attacks: evolution Tomorrow – political or Past – position/ religious status in the motivation; society cyber-terrorism Today – cyber- After tomorrow crime; financial – cyber warfare gain Slide partially based on Dr. Paul Wagner’s presentation
  • 11.
    Demons- Theft tration Damage SOURCES, OBJECTIVES, MOTIVATION AND TOOLS
  • 12.
    Threat sources • Hackersand Crackers (individuals who illegally break into other computer systems to damage the system or data, steal information, or cause disruption of networks for personal motivations - monetary gain or status) • Criminals (individuals or gangs who illegally break into other computer systems primarily for financial gain) • Terrorist activity (unlawful destruction, disruption, or disinformation of digital property to intimidate or coerce governments or societies in the pursuit of goals that are political, religious or ideological) • Governments • Industrial espionage (discover proprietary information on financial or contractual issues, or to acquire classified information on sensitive research and development efforts) • Insiders (disgruntled employees working alone to use their access to compromise the system)
  • 13.
    Objectives of CyberAttack • Loss of Integrity (corrupted data, lost data) • Loss of Availability (loss of system functionality and operational effectiveness) • Loss of Confidentiality (unauthorized, unanticipated, or unintentional disclosure could result in loss of public confidence, embarrassment, or legal action against the organization) • Theft (information stolen especially financial or personal data, R&D documents) • Physical Destruction (ability to create actual physical harm or destruction through the use of IT systems; i.e. SCADA systems)
  • 14.
    Motivation Motivation • Financial • Challenge, ego, “fame” • Non-financial • Illegal information disclosure, blackmail • Monetary gain • Unauthorized data alteration • Destruction of information, exploitation and revenge • Sabotage (to gain competitive advantage) • Industrial or corporate espionage • Government led intelligence and economic espionage
  • 15.
    Tools of CyberAttacks • Infrastructure is targeted: • Service flooding - Distributed Denial of Service Attack (DDoS) • Vulnerabilities detection + system intrusion / break-ins • Backdoors • Trojan horses and viruses • Botnets • 3rd party infrastructure is targeted (example: domain hijacking, DNS hijacking) • Humans are targeted: • Social engineering: Phishing & E-mail Spoofing • Blackmail or physical assault on an employee
  • 16.
    Tools of CyberAttacks example: Phishing • using social methods to infect users with non-vulnerability based malware (such as Trojans and keyloggers) or to steal user privileged information by requesting the user to provide it and making the user believe they are surfing a genuine site.
  • 17.
    Tools of CyberAttacks example: domain hijacking Domain hijacking or domain theft is the process by which registration of a currently registered domain name is transferred without the permission of its original registrant, generally by exploiting a vulnerability in the domain name registration system.
  • 18.
    http://imgs.xkcd.com/comics/security.png Are you usingTWO-MAN RULE in your infrastructure? The two-man rule is a control mechanism designed to achieve a high level of security for especially critical material or operations. Under this rule all access and actions requires the presence of two authorized people at all times.
  • 19.
    Critical Infrastructure Roles ofthe Registry Roles of the Registrars CHALLENGES FOR REGISTRIES AND REGISTRARS
  • 20.
    Expectations from Registrarsand Registries Security Availability Integrity Registrars/ Registries
  • 21.
    Roles of theRegistry • from DDoS attacks on the whole Protect zone DNS • from DNS spoofing of individual zones (domains) Protect • from loss of internal integrity of data data (users, • from attacks targeted to steal data domains, financial) • from domain hijacking Protects • from natural disasters and industrial from catastrophes outages
  • 22.
    Roles of theRegistrars Protects • from loss of internal integrity of data data (users, • from attacks targeted to steal data domains, financial) • from domain hijacking Protects • from natural disasters and industrial from catastrophes outages
  • 23.
    Necessary costs ofCybersecurity Registrars ISPs Registries DNS robustness, $ $$$$ stability and ANYCAST Monitoring (data $$ $$$$ integrity + service availability) DNSSEC $ $ $$$$ Data protection: $ $$ $$$$ Infrastructure & software Availability: protection $ $$ $$$$ from outages
  • 24.
    Challenges to befaced by both Registries and Registrars Intensified Hacker attacks to: • Steal personal data • Take control of domain names to disrupt business or use hijacked domains for unlawful purposes • Disrupt services (locally) Cybererrorism: • Cyberterrorism should be perceived as threat by Registries. Attack on the country’s infrastructure can be combined with attack on the TLD Registry.
  • 25.
    SECURITY - COSTOR OPPORTUNITY?
  • 26.
    Are YOU preparedfor… making money on security?
  • 27.
    Cybersecurity in upcomingyears – just the cost or business opportunity? • For most domain registrants (doman holders), cybersecurity of their domains, on-line applications and web-pages, technical infrastructure is only the necessary cost. • For Registrar and Registries cybersecurity can be both cost and the business opportunity. Today, most Registries and Registrars miss the opportunity to make revenue on the additional security for domain name holders.
  • 28.
    Business opportunities inupcoming years for… Registrars Registries WHOIS Privacy Protection YES NO Domain Lock Services YES Maybe DNSSEC support YES Maybe SSL Certificates YES Maybe Domains/URL Security YES YES Scanning - On-line application vulnerabilities Domains/URL Security YES YES Scanning - Malware detection
  • 29.
    Domains/URL Security Scanning- On-line application vulnerabilities • Web Scanner is aimed at detecting security vulnerabilities in web sites and online applications. • example: Yonita Web Scanner performs dynamic verification of web applications based on automated tests generated by the Smart Test Generator and Randomized Data Generator. Provided by Provided by Registry Registrar Free service – whole zone Pay per scan scan Paid service through Registrars
  • 30.
    Domains/URL Security Scanning- On-line application vulnerabilities Defects in Defects in session Cross-site Scripting Cross-site Request authentication and management (XSS) Forgery authorization Defects in forward and redirect Content spoofing Buffer overflow Script injection mechanisms OS command Direct object SQL injection CRLF injection injection references
  • 31.
    Domains/URL Security Scanning CRITICAL VULNERABILITIES (TYPES) / DOMAIN* August 2011 .LV .BA .UA .CZ .BG .RU .RS 0 0.2 0.4 0.6 0.8 1 .RS .RU .BG .CZ .UA .BA .LV CRITICAL 1 0.80 0.56 0.50 0.40 0.33 0.12 *) based on Alexa list, ccTLD domains only Full report will be available @ end of September
  • 32.
    Domains/URL Security Scanning Detected Vulnerabilities, August 2011 3% 1% 16% 12% 59% 9% SQL Injection Integer Overflow Attack Shell Injection HTTP PUT Accepted Backend XML Injection Other
  • 33.
    Domains/URL Security Scanning– Malware detection • to help prevent websites from infecting other websites. – automatic malware scanning service with every domain name registration • examples: McAfee agreement with .XXX ($8 million deal); VERISIGN MalDetector Provided by Provided by Registry Registrar Free service – whole zone Pay per scan scan Paid service through Registrar
  • 34.
    WHOIS Privacy Protection •A user buys privacy from the company, who in turn replaces the user's info in the WHOIS with the info of a forwarding service (for email and sometimes postal mail, done by a proxy server). • Pricing: $4-$10/yr + processing fees (i.a. disputes) • Providers: “Domain by Proxy” (GoDaddy), eNOM, WhoisGuard and many more • Some TLDs (including XXX, US, CA, AG, CO.NZ, SE, TC, TK, TW, IT, JOBS, JP) do not allow WHOIS Privacy Protection
  • 35.
    Domain Lock • DomainLock is a status code that can be set on an Internet domain name by the sponsoring registrar of the domain name to prevent unauthorized, unwanted or accidental changes to the domain name. – The Extensible Provisioning Protocol (EPP) specifies both client (registrar) and server (registry) status codes that can be used to prevent unintended registry changes: Delete, Transfer and/or Update • Types: – Registrar Lock: usually free of charge; protects against accidental transfers/deletions; no real protection; high volume/low value • all gTLDs, many ccTLDs – Registry Lock: more secure, required additional secure, authenticated process (i.a. manual); low volume/high value • examples: .COM, .AF, .CX, .GS, .GY, .KI, .NF, .NL., .PR, .US and .TL
  • 36.
    DNSSEC support • DNSSECis an addition to the Domain Name System (DNS) protocols; it is designed to add security to the DNS to protect it from certain attacks, such as any data modification attack (e.g. cache poisoning). It is a set of extensions to DNS, which provide origin authentication of DNS data, data integrity and authenticated denial of existence. • Registry – provides the free of charge service through EPP • Registrar: – Registrars can either pass Delegation Signer (DS) (the only correct approach from security point of view) only or complete the whole process of keys generation and signing (less secure but easier to sell) Free Paid – Can be offered for free or as a part of the • Registrant signs • Registrar zone; Registrar responsible for paid service (like GoDaddy’s “Premium uploads DS everything DNS Account”) • Registrar responsible for everything
  • 37.
    Dr. Andrzej Bartosiewicz, CEO of Yonita Inc. Ph.D. in Informatics, Warsaw University of Technology. Expert in domain names, security and trademarks protection, telecommunication. Author of more than 200 publications and presentations. Over 15 years of experience in the information and communication technology business, including 12 years of experience in senior managerial positions. • Director and Chairman of CENTR (2006- 2010). • Rapporteur and Chairman of ITU-T in the field of “Internationalized Domain Names” (2005-2008) • Head of .PL Registry (2001-2010)