dns and security dns and security dns and security dns
play

DNS and Security DNS and Security DNS and Security DNS and - PowerPoint PPT Presentation

Dec 03, 2022 •132 likes •860 views

DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and

  1. DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto RMLL Security Track July 5th, 2016

  2. whois whois whois whois whois whois whois whois whois whois whois whois whois whois whois whois whois Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto • Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu Sysadmin at inuits .eu • From small to large scale orgs From small to large scale orgs From small to large scale orgs From small to large scale orgs From small to large scale orgs From small to large scale orgs From small to large scale orgs From small to large scale orgs From small to large scale orgs From small to large scale orgs From small to large scale orgs From small to large scale orgs From small to large scale orgs From small to large scale orgs From small to large scale orgs From small to large scale orgs From small to large scale orgs • Automation & Monitoring Automation & Monitoring Automation & Monitoring Automation & Monitoring Automation & Monitoring Automation & Monitoring Automation & Monitoring Automation & Monitoring Automation & Monitoring Automation & Monitoring Automation & Monitoring Automation & Monitoring Automation & Monitoring Automation & Monitoring Automation & Monitoring Automation & Monitoring Automation & Monitoring • @roidelapluie @roidelapluie @roidelapluie on irc/twitter/github @roidelapluie on irc/twitter/github on irc/twitter/github @roidelapluie @roidelapluie @roidelapluie @roidelapluie @roidelapluie @roidelapluie @roidelapluie @roidelapluie @roidelapluie @roidelapluie @roidelapluie @roidelapluie @roidelapluie on irc/twitter/github on irc/twitter/github on irc/twitter/github on irc/twitter/github on irc/twitter/github on irc/twitter/github on irc/twitter/github on irc/twitter/github on irc/twitter/github on irc/twitter/github on irc/twitter/github on irc/twitter/github on irc/twitter/github on irc/twitter/github

  3. inuits .eu

  4. DNS DNS DNS DNS DNS DNS DNS DNS DNS DNS DNS DNS DNS DNS DNS DNS DNS

  5. What is DNS? What is DNS? What is DNS? What is DNS? What is DNS? What is DNS? What is DNS? What is DNS? What is DNS? What is DNS? What is DNS? What is DNS? What is DNS? What is DNS? What is DNS? What is DNS? What is DNS? • T T T T T T T T TL;DR Translates domain name to IP T T T T T T T T • I I I I I I In facto, stores much more data than IP I I I I I I I I I I

  6. How it works How it works Licensed under a Creative Commons Attribution-ShareAlike 2.0 License How it works How it works How it works How it works How it works How it works How it works How it works How it works How it works How it works How it works How it works How it works How it works https://www.flickr.com/photos/frans16611/6139595092

  7. Licensed under a Creative Commons Attribution-ShareAlike 2.0 License Inspired by @jpmens - Icons by http://jcartier.net/spip.php?aticle39

  8. Licensed under a Creative Commons Attribution-ShareAlike 2.0 License Inspired by @jpmens - Icons by http://jcartier.net/spip.php?aticle39

  9. Licensed under a Creative Commons Attribution-ShareAlike 2.0 License Inspired by @jpmens - Icons by http://jcartier.net/spip.php?aticle39

  10. Licensed under a Creative Commons Attribution-ShareAlike 2.0 License Inspired by @jpmens - Icons by http://jcartier.net/spip.php?aticle39

  11. Licensed under a Creative Commons Attribution-ShareAlike 2.0 License Inspired by @jpmens - Icons by http://jcartier.net/spip.php?aticle39

  12. DNS is mission-critical DNS is mission-critical DNS is mission-critical DNS is mission-critical DNS is mission-critical DNS is mission-critical DNS is mission-critical DNS is mission-critical DNS is mission-critical DNS is mission-critical DNS is mission-critical DNS is mission-critical DNS is mission-critical DNS is mission-critical DNS is mission-critical DNS is mission-critical DNS is mission-critical • H H H H H H H H H H H H H H H H Holds IP addresses • H H H H H H H H H H H H H H H H Holds service definitions • H H H H H H H H H H H H H H H H Holds hostnames, TXT records

  13. DNS practices DNS practices DNS practices DNS practices DNS practices DNS practices DNS practices DNS practices DNS practices DNS practices DNS practices DNS practices DNS practices DNS practices DNS practices DNS practices DNS practices • D D D D D D D D Do not mix Authoritative and Recursive D D D D D D D D servers • M M M M M M M Mix your DNS server `brand' M M M M M M M M M • H H H H H H Hide your DNS masters H H H H H H H H H H • D D D D D D D D D D D D D D D D Do not invent new TLD

  14. Data stored in DNS Data stored in DNS Data stored in DNS Data stored in DNS Data stored in DNS Data stored in DNS Data stored in DNS Data stored in DNS Data stored in DNS Data stored in DNS Data stored in DNS Data stored in DNS Data stored in DNS Data stored in DNS Data stored in DNS Data stored in DNS Data stored in DNS • A A A A A A A A A A records: IP addresses A A A A A A A • C C C C C C C C C C C C C C C C CNAME: Cannonical names • S S S S S S S S S S S S S S S S SRV: Service record • M M M M M M M M M M MX: Mail servers M M M M M M • T T T T T TXT: Text record T T T T T T T T T T T

  15. 0 5 5222 xmpp.inuits.eu. SRV SRV records SRV records SRV records SRV records SRV records SRV records SRV records SRV records SRV records SRV records SRV records SRV records SRV records SRV records SRV records SRV records SRV records _xmpp − client._tcp.inuits.eu. IN

  16. TXT Records TXT Records TXT Records TXT Records TXT Records TXT Records TXT Records TXT Records TXT Records TXT Records TXT Records TXT Records TXT Records TXT Records TXT Records TXT Records TXT Records • S S S S S S SPF record: Sender Policy Framework S S S S S S S S S S • D D D D D D DKIM D D D D D D D D D D • K K K K K K K K K Keybase.io K K K K K K K • L L L L L L L L L L L L L L L L Let's Encrypt DNS challenge

  17. Not secure by design Not secure by design Not secure by design Not secure by design Not secure by design Not secure by design Not secure by design Not secure by design Not secure by design Not secure by design Not secure by design Not secure by design Not secure by design Not secure by design Not secure by design Not secure by design Not secure by design • 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1983 • D D D D D D D D D D D D D D D D Designed for scale, not security • E E E E E E E E E E E E E E E E Early 2000: birth of DNSSec

  18. DNSSec DNSSec DNSSec DNSSec DNSSec DNSSec DNSSec DNSSec DNSSec DNSSec DNSSec DNSSec DNSSec DNSSec DNSSec DNSSec DNSSec • 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2000's DNSSec RFC • D D D D D D D D D DNSSec hit DNS root in 2010 D D D D D D D • M M M M M M M M M Multiple iteration of RFC M M M M M M M

  19. The Domain Name System Security Extensions (DNSSEC) add data origin authentication and data integrity to the Domain Name System. RFC 4033

  20. What is DNS Sec? What is DNS Sec? What is DNS Sec? What is DNS Sec? What is DNS Sec? What is DNS Sec? What is DNS Sec? What is DNS Sec? What is DNS Sec? What is DNS Sec? What is DNS Sec? What is DNS Sec? What is DNS Sec? What is DNS Sec? What is DNS Sec? What is DNS Sec? What is DNS Sec? • P P P P P P P P P P P P P P P P Proof of origin and integrity • Z Z Z Z Z Z Z Z Z Zones and records signing Z Z Z Z Z Z Z • P P P P P P P P P Proof of non-existence P P P P P P P

  21. Two types of keys Two types of keys Two types of keys Two types of keys Two types of keys Two types of keys Two types of keys Two types of keys Two types of keys Two types of keys Two types of keys Two types of keys Two types of keys Two types of keys Two types of keys Two types of keys Two types of keys • Z Z Z Z Z Z Z Z ZSK: Zone Signing Key Z Z Z Z Z Z Z Z • K K K K K K KSK: Key Signing Key K K K K K K K K K K

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann & Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday & Friday, 9:00 10:30 William Stallings

670 views • 19 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

404 views • 18 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International Security What is security? Freedom from threats to core values? Contestation over referent object: Individual? State? System? How is security achieved?

715 views • 11 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the computing world, and are parallel to even older problems outside computing Required level of security is always related to what you protect

237 views • 23 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
DANE/DNSSEC/TLS Tes-ng in the Go6lab Jan or, ISOC/Go6

DANE/DNSSEC/TLS Tes-ng in the Go6lab Jan or, ISOC/Go6

DANE/DNSSEC/TLS Tes-ng in the Go6lab Jan or, ISOC/Go6 Ins-tute, Slovenia jan@go6.si zorz@isoc.org Acknowledgement I would like to thank Internet

980 views • 28 slides
ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP

ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP

Lehrstuhl fr Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP addresses. Human beings do not memorize IP

779 views • 23 slides
Elliptical Curves in DNSSEC Dmitry Kohmanyuk Hostmaster Ltd #EEDNSUA 2016 Kyiv, Ukraine

Elliptical Curves in DNSSEC Dmitry Kohmanyuk Hostmaster Ltd #EEDNSUA 2016 Kyiv, Ukraine

Elliptical Curves in DNSSEC Dmitry Kohmanyuk Hostmaster Ltd #EEDNSUA 2016 Kyiv, Ukraine Elliptic Curve Cryptography (ECC) y^2 = x^3 + ax + b http://en.wikipedia.org/wiki/Elliptic_curve

151 views • 13 slides
From DNS to DPKI a.k.a. Why secure decentralized namespaces are the future A presentation

From DNS to DPKI a.k.a. Why secure decentralized namespaces are the future A presentation

From DNS to DPKI a.k.a. Why secure decentralized namespaces are the future A presentation by Greg Slepak at Greg Slepak @taoe ff ect DNSChain / DPKI okTurtles GroupIncome Espionage Group Currency Target Audience (You) Most of

959 views • 85 slides
ECE590 Computer and Information Security Fall 2019 Networking Overview Tyler Bletsch Duke

ECE590 Computer and Information Security Fall 2019 Networking Overview Tyler Bletsch Duke

ECE590 Computer and Information Security Fall 2019 Networking Overview Tyler Bletsch Duke University Some slides adapted from Brian Rogers (Duke) Network fundamentals This course isnt a networking course, so well just hit the highlights

1.13k views • 67 slides
Document Object Model Introduction to Web Design Hocument html , head . titl, e ft exc

Document Object Model Introduction to Web Design Hocument html , head . titl, e ft exc

Document Object Model Introduction to Web Design Hocument html , head . titl, e ft exc r-; ext !t ext I ' ! text ! text l 1cxt Document Object Model Introduction to Web Design When a browser loads a web page, it creates a

550 views • 9 slides
7 - Document Object Model (DOM) Andreas Pieris and Wolfgang Fischl, Summer Term 2016 Outline

7 - Document Object Model (DOM) Andreas Pieris and Wolfgang Fischl, Summer Term 2016 Outline

Semi-structured Data 7 - Document Object Model (DOM) Andreas Pieris and Wolfgang Fischl, Summer Term 2016 Outline DOM (Nodes, Node-tree) Load an XML Document The Node Interface Subinterfaces of Node Reading a

735 views • 40 slides
CSE 154 LECTURE 18: THE DOCUMENT OBJECT MODEL (DOM); UNOBTRUSIVE JAVASCRIPT Document Object

CSE 154 LECTURE 18: THE DOCUMENT OBJECT MODEL (DOM); UNOBTRUSIVE JAVASCRIPT Document Object

CSE 154 LECTURE 18: THE DOCUMENT OBJECT MODEL (DOM); UNOBTRUSIVE JAVASCRIPT Document Object Model (DOM) a set of JavaScript objects that represent each element on the page each tag in a page corresponds to a JavaScript DOM object JS code

657 views • 27 slides

More recommend