worldwide security and resiliency of cyber
play

Worldwide Security and Resiliency of Cyber Infrastructures: the Role - PowerPoint PPT Presentation

Sep 06, 2023 •268 likes •615 views

Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System Dr. Igor Nai Fovino Head of the Research Department Global Cyber Security Center The Global Cyber Security Center, is an International not-for-profit

  1. Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System Dr. Igor Nai Fovino Head of the Research Department Global Cyber Security Center

  2. The Global Cyber Security Center, is an International not-for-profit Foundation entirely dedicated to Cyber Security 1 International Policy and Cooperation Support to the formulation of new policies And support new initiatives On International Cooperation 4 Information Sharing 2 & Awareness Education & Training GCSEC promotes Conduct of highly information Sharing at specialized training GCSEC International Level and Provide high-level Between Governments, Education program Academia and Private Sector 3 Research & Development Applied Research on members’ selected projects 2

  3. Cyber Space The Cyber Space is composed by the global network of computers and by the devices making possible the interconnection Modern Society is becoming more and more dependent on the Cyber-Space Cyber-Space: new virtual world where people work, build social relations and…perpetrate crimes. 3

  4. Cyber Attacks…Trends Malicious Identity Identity Theft Hacktivists Virus Code (Phishing) Thefts STUXNET (Melissa) Organized Crime Advanced Breaking Web attacks DDOS, Data Worms Web Sites thefts (I Love You) 2009-10 1977 1995 2000 2005-06 2007-08 2003-04 4

  5. Cyber Attacks…Trends • Attack Speed • Attack Complexity Vulnerability Discovery Speed • Distributed Denial of Services Firewall permeability • Worms • Increasing number of threats Domain Name System Attacks against ICT Infrastructures Routers Attacks Advanced Persistent Threats 5

  6. The Stuxnet Case “Stuxnet is a very big project, very well planned and very well funded”. Liam O’ Murchu, Supervisor NAM Security Response , Symantec Industrial Espionage Sabotage Cyber War 6

  7. Sony Attack 77 millions PSN User Accounts stolen Vulnerability A known Vulnerability on a Server Detection Slow Intrusion Detection Reaction After the Instrusion Sony nominated a CSO Recover Slow Recovery 7

  8. Cyber attacks…a Look to The Future Sony Attack Operation Aurora Stuxnet Indian/Pakistan Cyber Army Wikileaks New IT Security Model Social Networks Smartphone Cyber Space as a part of our daily life Cloud/distributed computing Smart grids 8

  9. Critical Infrastructures Energy TLC Transport Chemical Plants Economy Public Health Public Services 9

  10. Critical Infrastructures – ICT Dependencies System of System Emergent Services Emergent Disservices 10

  11. Critical Infrastructures – Domain Name System For decades, DNS system has operated in a reliable and robust fashion • Community focus was on performance and availablity • In the last years the Internet scenario changed at incredible speed • Massive use of Internet in Critical Infrastructures DDoS & Cloud/CDN/SOA Security Infrastructures threat Massive increase of Emergent Pervasive Services DNS Centrality of DNS 11

  12. Domain Name System The Domain Name System Root • Created in 1983 by Paul Mockapetris (RFCs 1034 and 1035) .mil .com .edu • What Internet users use to reference anything by name on the Internet ebay google • The mechanism by which Internet software translates names to addresses and vice versa • A lookup mechanism for translating objects into other objects • A globally distributed, loosely coherent, scalable, reliable, dynamic database It is used almost every time when an user is performing some activity requiring an Internet Connection 12

  13. DNS-Elements… 12.122.101.1 Servers Name servers store information about the name space in units called “ zones ” bug.com Horse.org 77.168.120.1 Resolvers Name resolution is the process by which resolvers and name servers cooperate to find data in the name space. • A name server only needs the names and IP addresses of the name servers for the root zone (the “root name servers”) • The root name servers know about the top-level zones and can tell name servers whom to contact for all TLDs 13

  14. DNS-Attacks… • DNS Cache Poisoning DNS is a Lite protocol DNS ID Spoofing • DNS is fairly old • Client Flooding …originally designed without • DNS Dynamic Update taking in consideration security aspects Vulnerabilities • Information Leakage Compromise of DNS • server’s authoritative data • DOS • DNSSEC does not provide DNS-SEC confidentiality of data; • DNSSEC does not protect against DoS DNSSEC signs the records for DNS lookup using public-key attacks directly, cryptography. The correct DNSKEY record is authenticated via a chain of trust, starting with a set of verified public keys for the DNS root zone which is the trusted third party 14

  15. Web Application scenario Auth. Root NS Auth. NS – NS – SP3 Local SP2 NS recursive/c Auth. ache NS SP3 DNS NS – Local SP1 Third party DNS query NS SP2 Service Third DNS responce party service back- back- http req/resp back- end end WA end Service Service front-end Service DNS Naming System SP1 Enterprise network 15

  16. The role of the DNS in the WA scenario The Role of the DNS To grant end-user access to web applications To enable wide area distributed applications (e.g. in a service marketplace scenario) To enable enterprise distributed applications DNS threat and their impact Vulnerability/threat Target Impact Data corruption ( e.g. Cache End user Security and resiliency level perceived poisoning, route injections, by the end user man-in-the-middle, Cache Service provider Capability to guarantee SLA with snooping ) security and resiliency constraints DDoS End user Performance perceived Service provider Capability to guarantee SLA 16

  17. Energy System Scenario (Upper Layer) Local Control Remote Control Public Network Crisis Management, actuation Management of the Energy of contingency plans (e.g. in Market case of blackout) Coordination Among Power Actions at the customers’ Producers/ Transmission premises (billing, metering, 17 Companies energy production)

  18. Energy System Scenario (Lower Layer) Remote operator Specialized Operations Access to Diagnostic Services Delivery of data to second level SCADA Svr. Delivery of control command to second and first level SCADA Svr. Third party remote Maintenance Operations Primary and Secondary Regulation Data Network Primary and Secondary Office Network Regulation 18

  19. …Smart Grids… 19

  20. 20

  21. …Needs… Proceed in the Create Information deployment of DNSSEC Sharing Centers for the security of the DNS Start a discussion at international level on the definition of policies helping in improving the DNS Security and Stability Define a Framework allowing to measure the DNS Health DNS-CERT 21

  22. …DNS Health… Many actors, including ICANN, have already begun a deep discussion about • the concept of DNS SSR & health Coherency Integrity Resiliency DNS Health Speed Availability Need for a Stable and open Framework for Measurements & Benchmarking Identification of proper metrics for measuring the Health properties Definition of a multiperspective interpretations map for different DNS Actors (Root server operators, non root auth., clients) Aggregation and comparison of measurement 22

  23. The Mensa Initiative It will build on and evolve from the strong foundation already established by interested community members in ICANN-sponsored fora To design a multi-perspective framework for the measurement and benchmarking of the DNS SSR level. MENSA To support risk analysis, what-if analysis and impact analysis of changes to the DNS infrastructure as well as DNS policy-making. To refine the current concept of DNS SSR and to enhance the awareness among the "critical" end-users of the DNS 23

  24. Metric categories Vulnerability Main DNS Repository Corruption vulnerabilities System Corruption Denial of Service Protocol issues Data Disclosure Security The ability of the DNS to limit or protect itself from malicious activity Resiliency The ability of the DNS to effectively respond and recover to a known, desired, and safe state when disruption occurs 24

  25. Summary of Vulnerability Metrics Metric categories Example of Measures Repository Vulnerability Data Staleness, NS Parent/Child Data Corruption Coherence, Glue inconsistencies, Zone inconsistencies System NXDOMAIN Redirection, NS Data Corruption Registration Correctness Cache Poisoning (percentage, probability, Protocol Issues rate), cache poisoning rate, DNS Spoofing/Open Recursion, Zone Transfer failure DoS rough effectiveness, Geographical DOS Denial of Service Effectiveness, Zone transfer transaction speed, network performance, server performance, Rate of repeated queries 25

  26. Summary of Security and Resiliency Metrics Metric categories Example of Measures Attack surface, attack deepness, System Immunity level, Security attack escalation speed, Downtime impact, MTTR, Vulnerability density, Loss Expectancy, Adjusted Risk, Mean Time to Incident Discovery, Operational mean time Resiliency between failures, Operational Availability, Operational reliability, Fault Report Rate, Incident rate 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Improving Cyber Resiliency using Intelligence-led Attack Simulations Vincent Yiu Who am I?

Improving Cyber Resiliency using Intelligence-led Attack Simulations Vincent Yiu Who am I?

Improving Cyber Resiliency using Intelligence-led Attack Simulations Vincent Yiu Who am I? @vysecurity Vincent Yiu vincent.yiu@syonsecurity.com Founder of SYON Security Offensive Operations including Adversary Simulaton and Penetration

344 views • 33 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

876 views • 64 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page

481 views • 35 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence Service 05-10-2015 05-10-2015 Who are we? Centre for Cyber Security In respect of the Rule of Law and Privacy Cyber is a priority (Gov.

455 views • 18 slides
Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 Agenda for today Part I Latest security news Security vulnerabilities in Java

2.02k views • 185 slides
Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line DeepSec 2014, Vienna, 21 November 2014 NATO UNCLASSIFIED Cyber Security In NATO NATO in a nutshell: Collective defence Interoperable

666 views • 42 slides
The DNS security mess D. J. Bernstein University of Illinois at Chicago The Domain Name

The DNS security mess D. J. Bernstein University of Illinois at Chicago The Domain Name

The DNS security mess D. J. Bernstein University of Illinois at Chicago The Domain Name System tue.nl wants to see http://www.utwente.nl . Browser at tue.nl The web server www.utwente.nl has IP address

1.46k views • 120 slides
Network Information System Saher Hasan Mohammed Department of Computer Science SIUC

Network Information System Saher Hasan Mohammed Department of Computer Science SIUC

Network Information System Saher Hasan Mohammed Department of Computer Science SIUC smohammed@csmail.cs.siu.edu Outline Introduction Getting Acquainted with NIS Configuration Details Configuring NIS Server NIS Server

706 views • 27 slides
Applications Remember this? Application Transport Network Link Physical CSE 461 University

Applications Remember this? Application Transport Network Link Physical CSE 461 University

Applications Remember this? Application Transport Network Link Physical CSE 461 University of Washington 2 Application Communication Needs Vary widely; build on Transport services; some use multiple transport protocols (e.g., Zoom)

687 views • 49 slides
Networking: Application Layer Summer 2011 Cornell University 1 Today DNS End-to-End

Networking: Application Layer Summer 2011 Cornell University 1 Today DNS End-to-End

CS 4410 Operating Systems Networking: Application Layer Summer 2011 Cornell University 1 Today DNS End-to-End Argument 2 DNS When a user wants to communicate with a remote node, is it easier to remember 69.63.176.13 or

303 views • 8 slides
A Deep Dive into DNS Query Failures Donghui Yang 1,2 , Zhenyu Li 1 , Gareth Tyson 3 1 Institute of

A Deep Dive into DNS Query Failures Donghui Yang 1,2 , Zhenyu Li 1 , Gareth Tyson 3 1 Institute of

A Deep Dive into DNS Query Failures Donghui Yang 1,2 , Zhenyu Li 1 , Gareth Tyson 3 1 Institute of Computing Technology, Chinese Academy of Sciences 2 University of Chinese Academy of Sciences 3 Queen Mary University of London Why to study DNS

595 views • 34 slides
CS101 Lecture 9: Internetworking Internet Protocol IP Addresses Routing Domain Name Services

CS101 Lecture 9: Internetworking Internet Protocol IP Addresses Routing Domain Name Services

10/2/12 CS101 Lecture 9: Internetworking Internet Protocol IP Addresses Routing Domain Name Services Aaron Stevens (azs@bu.edu) 2 October 2012 Computer Science What Youll Learn Today Computer Science What is the Internet? What

546 views • 13 slides
Domain Name System (DNS) Recap DNS is a distributed database Resolver asks Cache for

Domain Name System (DNS) Recap DNS is a distributed database Resolver asks Cache for

Domain Name System (DNS) Recap DNS is a distributed database Resolver asks Cache for information Session-3: Configuration of Authoritative Nameservers Cache traverses the DNS delegation tree to find Authoritative name server which

579 views • 9 slides
Application Layer in the Internet

Application Layer in the Internet

Application Layer in the Internet 15 February, 2001

512 views • 11 slides

More recommend