Internet Identifier SSR

•

1 gefällt mir•603 views

APNIC

Internet Identifier SSR, by John Crain. A presentation given at the APNIC 40 Policy SIG 1 session on Wed, 9 Sep 2015.

Internet

TextTextText
What do we mean by
Identifier abuse?

TextTextText
Often people think of these…
Systems that are compromised but the identifier
itself has legitimate use:
o  Often compromised machines for purposes of Phishing,
Spam, Pharma etc…
o  These are extremely common and dealing with them is
complex

TextTextText
• Domain Shadowing – Obtaining credentials and
then creating subdomains for abuse
• Domains that are registered for fraud
o  Also very common
• Names created by Domain Generation Algorithms
for C&C
Identifiers used for malicious purposes

TextTextText
Attacks against the system
• DDoS against Registry and DNS resolution
infrastructure
o  Reflective DDoS
• Hacks against registries in order to perform
redirects.
o  Multiple CcTLDs have been successfully attacked over the
last few years.
• Route Injection Attacks

TextTextText
Threat Awareness
& Preparedness
Trust-based
Collaboration
Identifier SSR Analytics Capability Building
Identifier
Systems SSR

TextTextText
Identifier Systems Threat Awareness
• Active (24x7) engagement with
global actors who monitor DNS
health or identify imminent threats
• Exchange of threat intelligence
relating to security events of global
nature involving identifier systems
• Participation in response to threats
or attacks against identifier systems
Threat Awareness
and Response
Threat Intelligence
•  Trust networks
Coordinated
Response
•  Vulnerability
Disclosure
•  Facilitation

TextTextText
Identifier SSR Analytics
• Develop metrics and analytics for
identifier systems, e.g.,
o  Root system measurements, analysis
o  Analysis of DNS or registration abuse
or misuse
o  Creative uses of DNS data
Identifier SSR
Analytics
Metrics
•  Root System
analytics
•  Incidents
•  Abuse/Misuse

TextTextText
Trust-based Collaboration
•  Global Cybersecurity cooperation
o  Coordinate engagement and cybersecurity
through ICANN Global Stakeholder
Engagement
•  Global Security & Operations
o  Daily interaction on DNS abuse/misuse
matters with Public Safety Community
o  Cooperation with DNS research activities
•  Identify policies that have unintended
consequences that create opportunities
for misuse of DNS or registration
services
Trust-based
Collaboration
Global SecOps
•  AntiPhishing
•  Antispam
•  Anticrime
•  Operations
Research
Global CyberSec
•  CCI
•  OECD
•  Many others

TextTextText
Capability Building
• Training
o  Security, operations, and DNSSEC
deployment training for TLD registry
operators
o  Boot camp for ICANN staff
o  Information gathering to identify DNS
abuse/misuse
• Knowledge Transfer
o  Exchange of information gathering or
investigating techniques
Capability Building
DNS Training
•  Security
•  OAM
•  Abuse/Misuse
Knowledge
Transfer

TextTextText
Questions & Answers
• Contact:
o  John.Crain@icann.org

Weitere ähnliche Inhalte

Was ist angesagt?

Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation

Snag

The state of threat intelligence in the information security community is still very immature. Many organizations are still combating threats in a reactive manner, only learning what they're dealing with, well...when they're dealing with it. There is a wealth of information in the community, and many organizations have been gathering data about attackers and trends for years. How can we share that information, and what kinds of intelligence are most valuable? In this presentation, we'll start with a brief overview of AlienVault's Open Threat Exchange™ (OTX), and then we'll discuss attack trends and techniques seen in enterprise networks today, with supporting data from AlienVault OTX. We'll also take a look at some new models for collaboration and improving the state of threat intelligence going forward.

Best Practices for Leveraging Security Threat Intelligence

AlienVault

Cyber Threat Hunting with Phirelight

Hostway|HOSTING

Heartbleed, Shell Shock, POODLE, Drupalgeddon and Ghost. How is it possible to secure my website in the face of the hackzor onslaught? Every bit of software in your stack composes compromisable surface area, so you have to think about security from the OS to the JS, and beyond. When securing your website, you need to think breadth as well as depth; there’s no use in having 3 deadbolts a pit bull and a portcullis on your front door while leaving your porch door unlocked. We’ll start at the 10,000’ level, reviewing the risks and drivers of website security, then zoom in for a birds-eye view of security best practices, and finally deep-dive on a few of the most effective attack mitigation strategies. Topics we will cover: - What security means for your business: compliance and risk management - The security triad: Confidentiality, Integrity, and Availability - OWASP Top 10 - Evaluating hosting options based on security - Securing your operating system - Configuring Nginx and Apache for security - Understanding ‘contrib’ module security - Configuring Drupal for Security - How to address DOS with a CDN (a battle of 3 letter acronyms) - Data encryption - Key Management (Don’t tape your key to the front door) - PII - What is it and why does it matter? - Securing your users: Password security and best practices - Real world scenarios Watch the session video: https://www.youtube.com/watch?v=KtdY5eSEfAk

Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites

Pantheon

Fears and fulfillment with IT security

David Strom

Steven Porter Seville | Ideas about Computer clouding

'Self-Employed'

Malicious Topologies of IPv4

Bob Rudis

Ransomware - Impact, Evolution, Prevention

Mohammad Yahya

View webinar: "Cyber Threat Hunting: Identify and Hunt Down Intruders": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gwfd View companion webinar: "Red Team Operations: Attack and Think Like a Criminal": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gw5q Are you red team, blue team — or both? Get an inside look at the offensive and defensive sides of information security in our webinar series. Senior Security Researcher and InfoSec Instructor Jeremy Martin discusses what it takes to be modern-day threat hunter during our webinar, Cyber Threat Hunting: Identify and Hunt Down Intruders. The webinar covers: - The job duties of a Cyber Threat Hunting professional - Frameworks and strategies for Cyber Threat Hunting - How to get started and progress your defensive security career - And questions from live viewers! Learn about InfoSec Institute's Cyber Threat Hunting couse here: https://www.infosecinstitute.com/courses/cyber-threat-hunting/

Cyber Threat Hunting: Identify and Hunt Down Intruders

Infosec

Hitcon 2014: Surviving in tough Russian Environment

F _

The Lazy Attacker: Defending Against Broad-based Cyber Attacks

AlienVault

Understanding CryptoLocker (Ransomware) with a Case Study

securityxploded

Threat hunting - Every day is hunting season

Ben Boyd

Telesoft Cyber Threat Hunting Infographic

Sarah Chandley

CSF18 - Incident Response in the Cloud - Yuri Diogenes

NCCOMMS

Threat Intelligence has become increasingly important as the number and severity of threats is growing continuously. We live in an era where our prevention technologies are not enough anymore, antivirus products fail to detect new or sophisticated pieces of malware, our firewalls and perimeter defenses are easily bypassed and the attacker’s techniques are growing in complexity. In this new landscape, sharing threat intelligence has become a key component to mitigate cyber-attacks. In this session we will define what Threat Intelligence is and discuss how to collect and integrate threat intelligence from public sources. In addition, we’ll demonstrate how to build your own Threat Intelligence data using Open Source tools such as sandboxes, honeypots, sinkholes and other publicly available tools. The industry’s reticence to share information about attack vectors gives the adversary a huge advantage. Using Threat Intelligence we can reduce this advantage and enable preventative response. We will guide you through the different standards (OpenIOC, STIX, MAEC, OTX, IODEF…) to describe and share cyber intelligence, as well as Open Source Frameworks such as CIF (Collective Intelligence Framework) that allows you to combine different threat sources. One of the biggest problems with Threat Intelligence is finding out how to take advantage of the data you have to actually improve the detection/prevention capabilities in your environment. We will describe how to leverage Threat Intelligence to detect threats and provide defenses, and we will focus on how to use Open Source Tools (Suricata, OSSIM, OSSEC, Bro, Yara…) to get the most of your Threat Intelligence. Presenters: Jaime Blasco and Santiago Bassett Cornerstones of Trust 2014: https://www.cornerstonesoftrust.com

Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014

Santiago Bassett

Ransomware protection

Rohit Srivastwa

Ransomware - a malicious software used by hackers to block access to a computer system until a ransom is paid. Attackers contact the user with ransom demands. Most attackers request payment in Bitcoin (the crypto-currency). Even if you pay the ransom, the attackers may not deliver the key to unencrypt files. As ransomware attacks continue to grow in number and sophistication, individual PC users and organizations should reassess their current security strategy. There is a common misconception that adding layers of automated defence technologies will reduce the risk of falling victim to ransomware attacks. While endpoint security products and secure email gateways can offer some level of protection, sooner or later a phishing email, which is the most widely-used attack vector, will penetrate defences and user will be faced with determining whether or not an email is legitimate or part of an attack.

Ransomware- What you need to know to Safeguard your Data

Inderjeet Singh

Another Side of Hacking

Satria Ady Pradana

BSA2016 - Honeypots for Network Security Monitoring

chrissanders88

Was ist angesagt? (20)

Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation

Best Practices for Leveraging Security Threat Intelligence

Cyber Threat Hunting with Phirelight

Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites

Fears and fulfillment with IT security

Steven Porter Seville | Ideas about Computer clouding

Malicious Topologies of IPv4

Ransomware - Impact, Evolution, Prevention

Cyber Threat Hunting: Identify and Hunt Down Intruders

Hitcon 2014: Surviving in tough Russian Environment

The Lazy Attacker: Defending Against Broad-based Cyber Attacks

Understanding CryptoLocker (Ransomware) with a Case Study

Threat hunting - Every day is hunting season

Telesoft Cyber Threat Hunting Infographic

CSF18 - Incident Response in the Cloud - Yuri Diogenes

Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014

Ransomware protection

Ransomware- What you need to know to Safeguard your Data

Another Side of Hacking

BSA2016 - Honeypots for Network Security Monitoring

Andere mochten auch

YES ACADEMY PROFILE PPT - for Organizations

Hashan Travis Haputhanthri

Check

NikhilP14

Open house

Thehousingconnection1944

Nu Resourcing Information

Imogeng

Increasing returns and long run growth

Ermolina Lera

The presentation will describe the Internet of Everything technology transition, where people, process, data and things are coming together to unleash 14,4 Trillion dollars global economic value. The question is how do we capture this value by connecting the unconnected, while carving out actionable, replicable insights from Big Data ? The speech will include practical cases on how enterprises – including Cisco – and public sector agencies are able today to unleash economic, social and environmental value through data-intensive, new IT consumption models

Big Data Expo 2015 - Cisco Connected Analytics

BigDataExpo

Case Study

Abhijit Das

416 приказ № 416 пр об утверждении положения об отборе инновационных проектов...

The Skolkovo Foundation

Hill Essential Skills and Strategies for New Grantmakers

Adena Hill, JD, MSW

ajay

luffy12364

Lenin medina supletorio

Leito696

Значение инновационного фактора

Ermolina Lera

Portfolio

Andrew Gibby

Part III: Scalar Lunch & Learn Seminar Series: HyperConverged Systems: Cisco HyperFlex Systems. Cisco HyperFlex HX-Series combines compute, storage, and networking into an easy-to-use system that brings new levels of speed and efficiency to IT. HyperFlex represents true hyperconvergence, combining innovative software defined storage and data services software with Cisco UCS, the proven system that unifies servers and networking like no other. Use HyperFlex to unlock the full potential of hyperconverged infrastructure.

Scalar Cisco Hyperflex Presentation, May 13 2016, Part III: Scalar Lunch & Le...

patmisasi

Quality score

AIDA Digital UK

Normal and abnormal genital tract

Tariq Mohammed

Patient Registration in Hospital

sanjit_kumar

Andere mochten auch (17)

YES ACADEMY PROFILE PPT - for Organizations

Check

Open house

Nu Resourcing Information

Increasing returns and long run growth

Big Data Expo 2015 - Cisco Connected Analytics

Case Study

416 приказ № 416 пр об утверждении положения об отборе инновационных проектов...

Hill Essential Skills and Strategies for New Grantmakers

ajay

Lenin medina supletorio

Значение инновационного фактора

Portfolio

Scalar Cisco Hyperflex Presentation, May 13 2016, Part III: Scalar Lunch & Le...

Quality score

Normal and abnormal genital tract

Patient Registration in Hospital

Ähnlich wie Internet Identifier SSR

Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga

MyNOG

10 (IDNOG01) Introduction about ICANN by Champika Wijayatunga

Indonesia Network Operators Group

Role of data mining in cyber security

Khaled Al-Khalili

ICANN Security, Stability and Resiliency Plans & Framework

Bangladesh Network Operators Group

Cloud security From Infrastructure to People-ware

Tzar Umang

Is Anti-Virus Dead?

ESET

Talos Insight: Threat Innovation Emerging from the Noise

Cisco Canada

ICANN 50: ICANN Security Stability and Resiliency Outreach

ICANN

The difference between successfully defending an attack or failing to compromise is your ability to understand what’s happening in your network better than your adversary. Choosing the right network security monitoring (NSM) toolset is crucial to effectively monitor, detect, and respond to any potential threats in an organisation’s network. In this webinar, we’ll uncover the best practices, trends, and challenges in network security monitoring (NSM) and how Elastic is being used as a core component to network security monitoring. Highlights: - What is network security monitoring (NSM)? - Types of network data - Common toolset - Overcoming challenges with network security monitoring - Using Machine Learning for network security monitoring - Demo

Network security monitoring elastic webinar - 16 june 2021

Mouaz Alnouri

Intermediaries such as registries, registrars, DNS providers and hosting providers are responsible for the security of domains. However, it can be hard to hold any one of them directly responsible for any domain. In this presentation, we analyze the interplay between these four actors. We also provide some evidence that the concentrations of maliciously registered and hacked domains are due to some attackers’ profit maximizing behaviors such as abusing free hosting and domain registration services, hacking more easily available targets like shared hosting, and hosting a few resilient name server.

DHPA Techday 2015 - Maciej Korczyński - Reputation Metrics Design to Improve ...

Splend

Network sniffers & injection tools

vishalgohel12195

Threat Hunting by Falgun Rathod - Cyber Octet Private Limited

Falgun Rathod

What's new in CEHv11?

EC-Council

R-CISC Summit 2016 Borderless Threat Intelligence

Jason Trost

Intrusion detection using data mining

balbeerrawat

Threat intelligence is knowledge that allows you to prevent or mitigate cyberattacks. Rooted in data, threat intelligence gives you context that helps you make informed decisions about your security by answering questions like who is attacking you, what their motivations and capabilities are, and what indicators of compromise in your systems to look for. reference:https://www.recordedfuture.com/threat-intelligence-definition/

Threat intelligence in security

Osama Ellahi

Application Threat Modeling

Priyanka Aash

From liability to asset, the role you should be playing in your security arch...

Jisc

NTXISSACSC3 - Evolution of Cyber Threats and Defense Approaches by Antony Abr...

North Texas Chapter of the ISSA

As organizations operationalize diverse network sensors of various types, from passive sensors to DNS sinkholes to honeypots, there are many opportunities to combine this data for increased contextual awareness for network defense and threat intelligence analysis. In this presentation, we discuss our experiences by analyzing data collected from distributed honeypot sensors, p0f, snort/suricata, and botnet sinkholes as well as enrichments from PDNS and malware sandboxing. We talk through how we can answer the following questions in an automated fashion: What is the profile of the attacking system? Is the host scanning/attacking my network an infected workstation, an ephemeral scanning/exploitation box, or a compromised web server? If it is a compromised server, what are some possible vulnerabilities exploited by the attacker? What vulnerabilities (CVEs) has this attacker been seen exploiting in the wild and what tools do they drop? Is this attack part of a distributed campaign or is it limited to my network?

Distributed Sensor Data Contextualization for Threat Intelligence Analysis

Jason Trost

Ähnlich wie Internet Identifier SSR (20)

Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga

10 (IDNOG01) Introduction about ICANN by Champika Wijayatunga

Role of data mining in cyber security

ICANN Security, Stability and Resiliency Plans & Framework

Cloud security From Infrastructure to People-ware

Is Anti-Virus Dead?

Talos Insight: Threat Innovation Emerging from the Noise

ICANN 50: ICANN Security Stability and Resiliency Outreach

Network security monitoring elastic webinar - 16 june 2021

DHPA Techday 2015 - Maciej Korczyński - Reputation Metrics Design to Improve ...

Network sniffers & injection tools

Threat Hunting by Falgun Rathod - Cyber Octet Private Limited

What's new in CEHv11?

R-CISC Summit 2016 Borderless Threat Intelligence

Intrusion detection using data mining

Threat intelligence in security

Application Threat Modeling

From liability to asset, the role you should be playing in your security arch...

NTXISSACSC3 - Evolution of Cyber Threats and Defense Approaches by Antony Abr...

Distributed Sensor Data Contextualization for Threat Intelligence Analysis

Mehr von APNIC

APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...

APNIC

APNIC Updates presented by Paul Wilson at ARIN 53

APNIC

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024

APNIC

'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...

APNIC

On Starlink, presented by Geoff Huston at NZNOG 2024

APNIC

Networking in the Penumbra presented by Geoff Huston at NZNOG

APNIC

IP addressing and IPv6, presented by Paul Wilson at IETF 119

APNIC

draft-harrison-sidrops-manifest-number-01, presented at IETF 119

APNIC

Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119

APNIC

IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119

APNIC

Is DNS ready for IPv6, presented by Geoff Huston at IETF 119

APNIC

Benefits of doing Internet peering and running an Internet Exchange (IX) pres...

APNIC

APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85

APNIC

NANOG 90: 'BGP in 2023' presented by Geoff Huston

APNIC

DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston

APNIC

APAN 57: APNIC Report at APAN 57, Bangkok, Thailand

APNIC

Lao Digital Week 2024: It's time to deploy IPv6

APNIC

AINTEC 2023: Networking in the Penumbra!

APNIC

CNIRC 2023: Global and Regional IPv6 Deployment 2023

APNIC

AFSIG 2023: APNIC Foundation and support for Internet development

APNIC

Mehr von APNIC (20)