Threats
1 Vulnerabilities
1.1 Operational errors
1.1.1 Informality of some processes
1.2 Managerial choices/issues
1.2.1 Lack of visibility and understanding by decision-makers
1.2.2 Inadequate funding (for infrastructure, training, etc.)
1.3 Implementation errors (hardware and software)
1.4 Bugs
1.5 Single point of failure
1.5.1 Topology
1.5.2 Service providers
1.5.3 Software
1.5.4 Hardware
1.5.5 Geo location
1.5.6 Infrastructure (electricity, fiber, etc.)
1.6 Supporting infrastructure (insufficient SLA's, support, etc)
1.6.1 Rapid change
1.7 Homogeneity (software, hardware, etc) -- small gene pool, one vulnerability could have broad impact
1.8 Poor design (hardware and software)
1.9 Vulnerability of DNS software, OS, etc.
1.10 Scalability issues
1.11 Content provisioning exposure -- eg Akemi -- if credentials leak, there's broad exposure -- registrar account credentials
1.12 Split DNS
1.13 DNSSEC private key exposure
1.14 Bad players
1.14.1 Organized crime
1.14.2 Geo-political groups
1.14.3 Rogue elements
1.14.4 Nation states
2 Possible hierarchies
2.1 Layers
2.1.1 Threats that leverage the DNS
2.1.2 Threats against the underlying infrastructure
2.2 Temporal
2.2.1 Attacks on the protocol layer below the DNS
2.3 Direct vs indirect
2.4 Needs to border DNS
2.4.1 so the several recent papers by eff, zhang and others on isp monitizing synthetic return/content modification
2.4.2 No single authoritative DNS (eg alternate root-servers) , lack of DNS response integrity
2.4.3 alternate root, strings appearing in other configurations not supported in the global root
2.4.4 Possible extensions of carrier-grade NAT
2.5 Question from the group: "What is the perspective of threat description?"
2.5.1 RFC - 3833 -- user, app, OS, ISP, DNS, registrar, registrant, registry -- threat analysis to the domain name system
2.5.2 Picture
2.5.2.1
2.5.3 Registrant <--> Registrar) Compromised credentials (Phishing, Key logger, social engineering, a.o.)
2.5.4 Registrar <--> Regisrty) Compromised credentials, DDOS
2.5.5 Registry <--> DNS) DDOS
2.5.6 DNS <--> End user) Spoofing, poisoning
2.5.7 ALL) MIM (Man in the middle)
3 Threats
3.1 Threats on the underlying infrastructure. May include:
3.1.1 TLD and registrar failure
3.1.2 Disasters
3.1.2.1 Natural disasters
3.1.3 Authority or authentication compromise
3.1.4 Government interventions
3.1.5 Physical
3.1.5.1 Terrorism
3.1.5.2 Facility security
3.1.6 External events (non Internet protocol events?)
3.1.6.1 Acts of war/terror
3.1.6.2 Natural disaster
3.1.6.3 Physical disasters
3.1.7 (FY12)
3.2 Direct Attacks
3.2.1 Cache poisoning attacks
3.2.1.1 Kaminsky
3.2.1.2 Kaspureff
3.2.2 Recursive vs authoritative nameserver attacks
3.2.3 DDOS attacks
3.2.3.1 Botnets
3.2.4 Fast Flux
3.2.5 DOS
3.2.6 Hackers
3.2.7 Man in the middle
3.2.8 IDN attacks (lookalike characters etc. for standard exploitation techniques)
3.2.9 Targeted attack
3.2.9.1 DDOS
3.2.9.2 Hacking/penetration
3.2.9.3 Data poisoning (MITM, Cache)
3.2.10 Reflection attacks
3.3 Indirect attacks
3.3.1 Email/spam
3.3.1.1 IPv6 -- Spammers hopping from IP to IP -- causing huge numbers of lookups -- volume related threats (perhaps unintentional) -- also may break normal DNS caching (whicha assumes repeated requests for the same thing)
3.3.1.2 Issues around reverse DNS for SMTP servers
3.3.1.3 Botnets
3.3.1.4 Collateral damage
3.3.1.5 Load
3.4 Societal threats?
3.4.1 Spoofing
3.4.2 Alternate DNS roots
3.4.3 DNS blocking
3.4.4 Political
3.4.4.1 State-sponsored
3.4.4.2 Hacktivism
3.5 Background materials on threats
3.5.1 SSAC Reports
3.5.1.1 http://www.icann.org/en/committees/security/sac040.pdf and http://www.icann.org/en/committees/security/sac044.pdf
3.5.2 RFC - 3833 -- user, app, OS, ISP, DNS, registrar, registrant, registry -- threat analysis to the domain name system - http://www.ietf.org/rfc/rfc3833.txt
4 Action-items
4.1 Clarifications
4.1.1 Mark
4.1.1.1 Leverage the DNS and unique identifiers (such as botnets, denial of service attacks, social engineering attacks) for fraud, malicious conduct or route-hijacking attacks
4.2 Impacts
4.3 Mitgation
5 Main Topic