Upload File

tld-ops update...tld-ops standing committee outreach: tld-ops workshop, march 12 • goal: explore...

  • Home
  • Documents
  • TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:
15
ccNSO Members Day March 14, 2017 ICANN58, Copenhagen Cristian Hesselman, .nl (TLD-OPS Standing Committee Chair) TLD-OPS Update ccTLD Security and Stability Together

Upload: others

Post on 09-Jun-2020

24 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

ccNSOMembersDayMarch14,2017

ICANN58,Copenhagen

CristianHesselman,.nl(TLD-OPSStandingCommitteeChair)

TLD-OPSUpdateccTLDSecurityandStabilityTogether

Page 2: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

TLD-OPSStandingCommittee

TLD-OPS

•  GlobaltechnicalincidentresponsecommunityforandbyccTLDs,opentoallccTLDs

•  Bringstogether~330peoplewhoareresponsiblefortheoperationalsecurityandstabilityof187differentccTLDs

•  Goal:enableccTLDoperatorstocollaborativelydetectandmitigateincidentsthatmayaffecttheoperationalsecurityandstabilityofccTLDservicesandofthewiderInternet

•  Furtherextendsmembers’existingincidentresponsestructures,

processes,andtoolsanddoesnotreplacethem

•  GuidancebyTLD-OPSStandingCommittee–  ccTLDrepsandLiaisons(SSAC,IANA,ICANN’ssecurityteam)

Page 3: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

TLD-OPSStandingCommittee

ContactRepositoryEmail

Stats:328subscribersfrom186ccTLDs

“JohnDoe,#1,.nl,+31123456789”[email protected]“JaneDoe,#1,.vn,+84123456789”[email protected]

Page 4: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

TLD-OPSStandingCommittee

SecurityAlertsandQueries

# Descrip*on Month

10 Registryfront-endcompromizedueto0-dayvulnerability Mar-17

9 QueriesonlatencyproblemswithDNSanycastoperator Dec-16

8 SecuritywarningregardinglargevolumesofCutwailTraffic Nov-16

7 Alert:severalmembersreporJnglargeDNStrafficspikes Nov-16

6 SecuritywarningforaccTLDthatwashacked Aug-16

5 HelpedccTLDwithproblemswiththeirDNSanycastservice Jul-16

4 SecuritywarningonDDoSaQackonDNSroot Jun-16

3 Alert:spear-phishingaQacksagainstccTLDoperators Apr-16

2 LargemalverJsingcampaigntargeJngpopularccTLDwebsites Apr-16

1 AransomwarethatuseddomainnamesofvariousccTLDs Feb-16

Page 5: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

TLD-OPSStandingCommittee

All Members % Missing % TotalTotal 187 64% 104 36% 291

ASCII Members % Missing % TotalTotal 158 64% 87 36% 245AF 23 45% 28 55% 51AP 49 60% 33 40% 82EU 65 100% 0 0% 65LAC 17 40% 25 60% 42NA 4 80% 1 20% 5

IDN Members % Missing % TotalTotal 29 63% 17 37% 46

TLD-OPSMembershipStats

Lastupdate:February27,2017

Page 6: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

TLD-OPSStandingCommittee

ProgressSinceICANN57

•  Securityalerts–  Registryfront-endcompromizedueto0-dayvulnerability(Mar)–  QueriesonlatencyproblemswithDNSanycastoperators(Dec)–  SecuritywarningregardinglargevolumesofCutwailTraffic(Nov)–  LargetrafficspikesatthreeccTLDs,likelyareflectionattack(Nov)

•  Membershipupdates–  Joined:.as(AmericanSamoa),.ir(IslamicRepublicOfIran)–  Contactupdates:5(new/removal)–  PuttwoccTLDsbackonthelistafterexcessbounces

Page 7: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

TLD-OPSStandingCommittee

Outreach:TLD-OPSWorkshop,March12

•  Goal:explorehowTLD-OPSmemberscancollaboratetodetectandmitigateDDoSattacks

•  Motivation:–  Recentlarge-scale(IoT)attacksontheDNS(suchasDyn,root)–  NeedtomobilizethecollectiveexperienceoftheTLD-OPScommunity

•  Approach–  Facilitatedialog:sharingofexperiences,discussion,generationofideas–  Consideringperspectivessuchastechnical,operational,andstrategic–  ClosedworkshopformemberccTLDsonly

•  Targetedresults–  SharedunderstandingofroleofTLD-OPSinhandlingDDoSevents–  GuidelinesandtoolstointegrateTLD-OPSintoccTLDoperations–  Itemsforfurtherdiscussion

Page 8: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

TLD-OPSStandingCommittee

WorkshopStats

A1endees 55(61registra*ons)ASCIIccTLDs 35IDNccTLDs 11ccTLDreps 52(4alsoontheSSAC,butccTLDrepstoday)Proxies 9SSACmembers 2RSSACmembers 1Regions AF,AP,EUR,LAC,NAExperJse operaJonal,technical,strategicSCmembers 6(Fred,Jacques,Erwin,CrisJan,Jay,Warren)

Lastupdate:March12,2017

Page 9: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

TLD-OPSStandingCommittee

BreakoutGroupsandLotsofInteraction!

Page 10: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

TLD-OPSStandingCommittee

WorkshopResults(FirstSelection)

•  Initialfeedback:increasedtrustamongTLD-OPSmembers

•  Excellentparticipationandattendance

•  Workshopformatworkedwell

•  Secondaryemailaddressforeveryincidentresponsecontact

•  Livecommunicationfacilitiesduringanattack(chat,bridge)

•  Sharebestpracticesandenablepeerstolearn

•  Longerterm:sharedservices(sinkhole,threatanalysis,monitoring)

•  Nextstep:lookintoflipchartsinmoredetailandputintoaction

Page 11: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

TLD-OPSStandingCommittee

WasItUseful?

Page 12: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

TLD-OPSStandingCommittee

Outreach:TLD-OPSPostcard(January2017)

Page 13: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

TLD-OPSStandingCommittee

ObjectivesICANN58

•  IncreasethenumberofASCIIccTLDsmembersby5%to194throughwebinarsforLACandAFandpossiblyAPregions

•  OrganizeaTLD-OPSworkshopatICANN58todiscusshowccTLDscollaborativelydetectandmitigateDDoSattacks

Page 14: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

TLD-OPSStandingCommittee

ObjectivesICANN59

•  Potentiallyorganize2ndTLD-OPSworkshop(focusonAFregion)

•  PutoutcomesSunday’sworkshopandsurveyintoaction

•  FinalizeTLD-OPSmembershipupdateprocedure

•  Increasemembershipby3to190

Page 15: TLD-OPS Update...TLD-OPS Standing Committee Outreach: TLD-OPS Workshop, March 12 • Goal: explore how TLD-OPS members can collaborate to detect and mitigate DDoS attacks • Motivation:

TLD-OPSStandingCommittee

TLD-OPSStandingCommitteeFredericoNeves,.brJacquesLatour,.caErwinLansing,.dkAliHadjiMmadi,.kmCristianHesselman,.nl(chair)JayDaley,.nzAbibuNtahigiye,.tzWarrenKumari(SSACliaison)JohnCrain(ICANN’ssecurityteamliaison)KimDavies(IANAliaison)ICANNStaffKimCarlson

Q&A

TLD-OPSHomehttp://ccnso.icann.org/resources/tld-ops-secure-communication.htmTLD-OPSLeaflethttps://ccnso.icann.org/workinggroups/tld-ops-enhanced-incident-response-capabilities-cctlds-14apr16-en.pdfArabic,Chinese,English,French,Russian,Spanish,RussianContactCristianHesselmanStandingCommitteeChair+31625078733cristian.hesselman@sidn.nl@hesselma


Casques TLD 2013

04 TLD Bike Catalog

protections tld 2013

Datasheet: DDoS Protection - Grayhats Datasheet DDoS...or OpenBSD vulnerabilities ... Datasheet: DDoS Protection DNS DDoS Protection ... DNS server. This protects your

New g tld implementation

Verisign DNSSEC Practice Statement for TLD/GTLD Zone€¦ · TLD/GTLD Zone's Key Signing Key (KSK) and signing the TLD/GTLD keyset using the KSK. The TLD/GTLD Zone Key Signing Key

Physics Characterization of TLD-600 and TLD-700 and

(D)DOS DEMYSTIFIED - OARnet...DDoS Attack Customers DDoS Attack Volumetric Protection Cloud ISPa ISPb L3-4 DDoS mitigation DDoS Platform DDoS Platform L7 DDoS mitigation SSL Termination

Attachment 2 .Brand TLD Designation Application · for the TLD to be qualified as a .Brand TLD, as described in the .Brand TLD Application Process and Specification 13 attached thereto,

Bernhard and Company Tld

DDoS Saldırı Analizi - DDoS Forensics

2012 TLD Helmets

DDoS Protection Place For DDoS Attacks

Thermoluminescent dosimetry (tld)

TLD Troops Colour

ORS Root TLD Evaluation ※ ORS : OID Resolution System ※ TLD : Top Level Domain

Saturn TLD Ring - Landauer · The Saturn Thermoluminescent Dosimetry (TLD) Ring measures exposure due to x, beta, and gamma radiation with thermoluminescent technology. The TLD is

TLD Highlights 2009-2010

Teori dasar tld

Brand TLD Designation Application

Fast Flux Service Networks• El DNS es una base de datos distribuída Raíz DNS Top Level Domain (TLD) Top Level Domain (TLD) Top Level Domain (TLD) Top Level Domain (TLD) Domino

What is a TLD?

SPORTSWEAR TLD 2013

2012 TLD Protection

DDoS Attacks 101 - Vistnet DDoS Protection & Mitigation ...€¦ · DDoS Protection Company V DDoS Attacks 101 eserved. 7 In the meantime the quality of DDoS attack software is improving;

Linearity Test for Harshaw TLD (Type: TLD-100H) Base on ...article.nuclearjournal.org/pdf/10.11648.j.ns.20190401.11.pdfluminescence dosimeter (TLD) as their personal dosimeter. TLD

ccNSO SECIR TLD-OPS Overview V1.2 Clean · 2016. 12. 9. · ! 2! Document(History! Version( Date( Author( Changes(V0.1! Jan!19,!2015! Cristian!Hesselman! First!initial!draft! V0.2!

TLD-OPS Update DR/BCP Workshop Update ccNSO Meeting...DR/BCP Workshop Update ccNSO Meeting. TLD-OPS Standing Committee TLD-OPS introduction • Global technical incident response community

Scalable DDoS mitigation · •Scalable DDoS Mitigation –BGP FlowSpec •Cloud DDoS Protection –F5 Silverline. DDoS Overview • Distributed denial-of‐service (DDoS) attacks

New - phdtest.ir · 340F I (Action Level) , (A , (r CR-39 , x , TLD , , , X TLD NTA (r TSEE L RPL , x , OSL TLD x , OSL TLD 'MeV X (r « Ambient does Equivalent ...'L Ambient does

The aim of this report is to describe selected dosimetric ... · thermoluminescence detectors (TLD). In 2004 Radcard/TLD Poland developed the new TLD European Card (TLD-EC), with

TLD MOTOCROSS CATALOG

Tld e safety

Kverneland TLC & TLD Product information 2015. Kverneland TLC & TLD S-tine harrow for seedbed preparation

 · 2020-05-01 · BSD-150 TLD-160 TLD-200 TLD-240 TLD-320 TLD-400 Output Power / Watt 50 60 75 96 96 120 120 150 200 ... *Contact sales for non-programmable models . ... Delta and