.R .RS security measures Zarko Kecic, CTO ICANN-62 / June 2018, - - PowerPoint PPT Presentation

▶

May 02, 2023 255 likes •374 views

Registry systems security .R .RS security measures Zarko Kecic, CTO ICANN-62 / June 2018, Panama City New registry software Introduced July 2016 Two ways of access Web application (responsive design) Extended EPP (minor changes)

SLIDE 1

Registry systems security

.R .RS security measures

Zarko Kecic, CTO

ICANN-62 / June 2018, Panama City

SLIDE 2

TechDay at ICANN62 / June 2018, Panama City Registry systems security / Zarko Kecic

New registry software

Introduced July 2016

▪ Two ways of access

▪ Web application (responsive design) ▪ Extended EPP (minor changes)

▪ Reliable HA system ▪ Modular design solution (easy to maintain) ▪ Plenty of new features

SLIDE 3

TechDay at ICANN62 / June 2018, Panama City Registry systems security / Zarko Kecic

Security by design

Static code testing Aggressive stress and penetration tests Automated testing tools (Web and EPP)

System Security

▪ Application and Data security ▪ Access control (Edge security) ▪ Reliability (HA - 100% uptime so far)

SLIDE 4

TechDay at ICANN62 / June 2018, Panama City Registry systems security / Zarko Kecic

HA Registry System

SLIDE 5

TechDay at ICANN62 / June 2018, Panama City Registry systems security / Zarko Kecic

Data security

Three-tier data processing

▪ Requests processing (Web and EPP) ▪ Registry logic ▪ Data processing/DB access

* All network communication is encrypted.

SLIDE 6

TechDay at ICANN62 / June 2018, Panama City Registry systems security / Zarko Kecic

Application security

Secured by multiple firewal instances. No direct access from the Internet.

Web ▪ IP filtering ▪ SSL/TLS EPP ▪ IP filtering ▪ PSK SSL/TLS

SLIDE 7

TechDay at ICANN62 / June 2018, Panama City Registry systems security / Zarko Kecic

Access control

Known system users ▪ IP filtering ▪ SSL/TLS (PSK for EPP access) ▪ Two factor authentication (Web)

SLIDE 8

TechDay at ICANN62 / June 2018, Panama City Registry systems security / Zarko Kecic

Are we really secure?

What about Registrar systems?

▪ SSL/TLS communication (some) ▪ 2F authentication (none) ▪ Firewall (some) ▪ Strong password requirements (some) ▪ Separate appliance for customer portal and Registry operations (some)

SLIDE 9

TechDay at ICANN62 / June 2018, Panama City Registry systems security / Zarko Kecic

Additional protection

▪ Registry Lock ▪ Client (Registrar) Lock

(Only some registrars have implemented this correctly.)

▪ Secure Mode

Any critical operation requires confirmation from a registrant or an admin contact.

SLIDE 10

TechDay at ICANN62 / June 2018, Panama City Registry systems security / Zarko Kecic

.R .RS security measures Zarko Kecic, CTO ICANN-62 / June 2018, - - PowerPoint PPT Presentation

Registry systems security

.R .RS security measures

Zarko Kecic, CTO

New registry software

Introduced July 2016

▪ Two ways of access

▪ Web application (responsive design) ▪ Extended EPP (minor changes)

▪ Reliable HA system ▪ Modular design solution (easy to maintain) ▪ Plenty of new features

Security by design

Static code testing Aggressive stress and penetration tests Automated testing tools (Web and EPP)

System Security

▪ Application and Data security ▪ Access control (Edge security) ▪ Reliability (HA - 100% uptime so far)

HA Registry System

Data security

Three-tier data processing

▪ Requests processing (Web and EPP) ▪ Registry logic ▪ Data processing/DB access

* All network communication is encrypted.

Application security

Secured by multiple firewal instances. No direct access from the Internet.

Web ▪ IP filtering ▪ SSL/TLS EPP ▪ IP filtering ▪ PSK SSL/TLS

Access control

Known system users ▪ IP filtering ▪ SSL/TLS (PSK for EPP access) ▪ Two factor authentication (Web)

Are we really secure?

What about Registrar systems?

▪ SSL/TLS communication (some) ▪ 2F authentication (none) ▪ Firewall (some) ▪ Strong password requirements (some) ▪ Separate appliance for customer portal and Registry operations (some)

Additional protection

▪ Registry Lock ▪ Client (Registrar) Lock

(Only some registrars have implemented this correctly.)

▪ Secure Mode

Any critical operation requires confirmation from a registrant or an admin contact.

Questions?

Thank you!

www.rnids.rs рнидс.срб www.domen.rs домен.срб