dns security and stability analysis working group (dssa) dssa update prague – june, 2012
TRANSCRIPT
![Page 1: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/1.jpg)
DNS Security and Stability Analysis Working Group (DSSA)
DSSA UpdatePrague – June, 2012
![Page 2: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/2.jpg)
The DSSA has:• Established a cross-constituency
working group • Clarified the scope of the effort• Developed a protocol to handle
confidential information• Built a risk-assessment
framework• Developed risk scenarios
2
![Page 3: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/3.jpg)
The DSSA will:• Complete risk assessment• Refine methodology• Introduce framework to a
broader audience
3
![Page 4: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/4.jpg)
4
Scope: DSSA & DNRMF
The Board DNS Risk Management Framework working group
![Page 5: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/5.jpg)
5
Scope: DSSA & DNRMF
The DSSA is focusing on a subset of that framework
![Page 6: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/6.jpg)
6
Scope: DSSA in a broader contextDSSA is a part of a much larger SSR ecosystem that includes:
![Page 7: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/7.jpg)
7
“Compound Sentence” Risk Assessment FrameworkBased on NIST 800-30 standard
Tailored to meet unique ICANN requirements
![Page 8: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/8.jpg)
8
“Compound Sentence” Risk Assessment FrameworkAn adversarial threat-source (with capability, intent and targeting),
OR…
![Page 9: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/9.jpg)
9
“Compound Sentence” Risk Assessment FrameworkA non-adversarial threat-source (with a range of effects)…
![Page 10: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/10.jpg)
10
“Compound Sentence” Risk Assessment FrameworkIn the context of:
Predisposing conditions (with varying pervasiveness)…
![Page 11: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/11.jpg)
11
“Compound Sentence” Risk Assessment Framework… Security controls (both planned and implemented),
and…
![Page 12: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/12.jpg)
12
“Compound Sentence” Risk Assessment Framework… Vulnerabilities (that range in severity)…
![Page 13: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/13.jpg)
13
“Compound Sentence” Risk Assessment Framework… Could initiate (with varying likelihood of initiation)
a Threat Event which (with varying likelihood of impact) could result in…
![Page 14: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/14.jpg)
14
“Compound Sentence” Risk Assessment FrameworkAdverse impacts (with varying severity and range)...
![Page 15: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/15.jpg)
15
“Compound Sentence” Risk Assessment FrameworkAll of which combined create risk to users and providers of the DNS – a combination of the nature of the impact and the likelihood that its effects will be felt.
![Page 16: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/16.jpg)
16
Findings: 5 Broad Risk Scenarios
![Page 17: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/17.jpg)
17
Findings: 5 Broad Risk ScenariosGaps in policy, management or leadership splits the root
![Page 18: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/18.jpg)
18
Findings: 5 Broad Risk Scenarios“Reductive” forces (security, risk-mitigation, control through rules, etc.) splits the root
![Page 19: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/19.jpg)
19
Findings: 5 Broad Risk ScenariosWidespread natural disaster brings down the root or a major TLD
![Page 20: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/20.jpg)
20
Findings: 5 Broad Risk ScenariosAttacks exploiting technical vulnerabilities of the DNS bring down the root or a major TLD
![Page 21: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/21.jpg)
21
Findings: 5 Broad Risk ScenariosInadvertent technical mishap brings down the root or a major TLD
![Page 22: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/22.jpg)
22
Findings: 5 Broad Risk ScenariosQuestion: Have we missed an important topic?
NOTE: If you want to share embarrassing ideas, contact Paul Vixie ([email protected])
![Page 23: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/23.jpg)
23
Next phase“Go deep” into the five risk topics
![Page 24: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/24.jpg)
24
Next phase“Go deep” into the five risk topics
Refine by doing
![Page 25: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/25.jpg)
25
Next phase“Go deep” into the five risk topics
Refine by doing
Finish assessment
![Page 26: DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012](https://reader034.vdocuments.us/reader034/viewer/2022051613/5514c145550346b0478b47d0/html5/thumbnails/26.jpg)
26
Questions?Are we on the right track?
Have we missed something important?