SlideShare a Scribd company logo

DNS Cybersecurity in 2012-2015

Andrzej Bartosiewicz
Andrzej Bartosiewicz

The new challenges to be faced by Registries and Registrars. How to profit from cyber security, business opportunities for domain Registrars? Presentation from Novi Sad, Serbia, September 14, 2011

Technology
1 of 37
Download to read offline
Cybersecurity in 2012-2015: The new challenges to be faced by Registries and Registrars. How to profit from cyber security? Dr. Andrzej Bartosiewicz Yonita Inc., CEO
Are YOU prepared for Cyber Attack?
Recent examples of cyber-attacks
Cyber crime, cyber terrorism and cyber warfare Types of the cybersecurity threats CYBERSECURITY THREATS
Hacking is a “pure” criminal activity only? Cyber- Cyber- Cyber- Cyber- security crime warfare terrorism threats criminal activity: most common activity today, in most cases concealed; cyberwarfare: probably already in place; some countries already prepared to launch cyberattack on enemy’s infrastructure cyberterrorism: already in place, developing fast and become more and more dangerous in upcoming years
Cyber-crime Cyber-crime • Cybercrime is any criminal act committed by a person with knowledge of computers who uses this information to accomplish acts of identity theft, intellectual property theft, terrorism, vandalism, credit and debt card fraud, and other forms of computer-related crimes. • Hacking is defined as intentionally accessing a computer without authorization or exceeding authorization in order to access restricted information.
Cyber-terrorism Cyber-terrorism • Cyber-terrorism is a criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. FEDERAL GOVERNMENT, THE FBI
Cyber-warfare Cyber-warfare • Cyberwarfare - Actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption RICHARD A. CLARKE • Cyberwarfare refers to politically motivated (and sponsored) hacking to conduct sabotage and espionage.
Cyber-warfare example: Stuxnet, Iran • Highly specialized malware payload; designed to target only Siemens SCADA systems that are configured to control and monitor specific industrial processes. • Stuxnet appears to be designed to sabotage the uranium enrichment facility at Natanz by destroying centrifuges (device performing isotope separation). Stuxnet may have physically destroyed up to 1000 centrifuges (10 percent) • "serious nuclear accident" occurred at the site in the first half of 2009 • "They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts.“ MAHMOUD AHMADINEJAD
Cyber-attacks: evolution Tomorrow – political or Past – position/ religious status in the motivation; society cyber-terrorism Today – cyber- After tomorrow crime; financial – cyber warfare gain Slide partially based on Dr. Paul Wagner’s presentation
Demons- Theft tration Damage SOURCES, OBJECTIVES, MOTIVATION AND TOOLS
Threat sources • Hackers and Crackers (individuals who illegally break into other computer systems to damage the system or data, steal information, or cause disruption of networks for personal motivations - monetary gain or status) • Criminals (individuals or gangs who illegally break into other computer systems primarily for financial gain) • Terrorist activity (unlawful destruction, disruption, or disinformation of digital property to intimidate or coerce governments or societies in the pursuit of goals that are political, religious or ideological) • Governments • Industrial espionage (discover proprietary information on financial or contractual issues, or to acquire classified information on sensitive research and development efforts) • Insiders (disgruntled employees working alone to use their access to compromise the system)
Objectives of Cyber Attack • Loss of Integrity (corrupted data, lost data) • Loss of Availability (loss of system functionality and operational effectiveness) • Loss of Confidentiality (unauthorized, unanticipated, or unintentional disclosure could result in loss of public confidence, embarrassment, or legal action against the organization) • Theft (information stolen especially financial or personal data, R&D documents) • Physical Destruction (ability to create actual physical harm or destruction through the use of IT systems; i.e. SCADA systems)
Motivation Motivation • Financial • Challenge, ego, “fame” • Non-financial • Illegal information disclosure, blackmail • Monetary gain • Unauthorized data alteration • Destruction of information, exploitation and revenge • Sabotage (to gain competitive advantage) • Industrial or corporate espionage • Government led intelligence and economic espionage
Tools of Cyber Attacks • Infrastructure is targeted: • Service flooding - Distributed Denial of Service Attack (DDoS) • Vulnerabilities detection + system intrusion / break-ins • Backdoors • Trojan horses and viruses • Botnets • 3rd party infrastructure is targeted (example: domain hijacking, DNS hijacking) • Humans are targeted: • Social engineering: Phishing & E-mail Spoofing • Blackmail or physical assault on an employee
Tools of Cyber Attacks example: Phishing • using social methods to infect users with non-vulnerability based malware (such as Trojans and keyloggers) or to steal user privileged information by requesting the user to provide it and making the user believe they are surfing a genuine site.
Tools of Cyber Attacks example: domain hijacking Domain hijacking or domain theft is the process by which registration of a currently registered domain name is transferred without the permission of its original registrant, generally by exploiting a vulnerability in the domain name registration system.
http://imgs.xkcd.com/comics/security.png Are you using TWO-MAN RULE in your infrastructure? The two-man rule is a control mechanism designed to achieve a high level of security for especially critical material or operations. Under this rule all access and actions requires the presence of two authorized people at all times.
Critical Infrastructure Roles of the Registry Roles of the Registrars CHALLENGES FOR REGISTRIES AND REGISTRARS
Expectations from Registrars and Registries Security Availability Integrity Registrars/ Registries
Roles of the Registry • from DDoS attacks on the whole Protect zone DNS • from DNS spoofing of individual zones (domains) Protect • from loss of internal integrity of data data (users, • from attacks targeted to steal data domains, financial) • from domain hijacking Protects • from natural disasters and industrial from catastrophes outages
Roles of the Registrars Protects • from loss of internal integrity of data data (users, • from attacks targeted to steal data domains, financial) • from domain hijacking Protects • from natural disasters and industrial from catastrophes outages
Necessary costs of Cybersecurity Registrars ISPs Registries DNS robustness, $ $$$$ stability and ANYCAST Monitoring (data $$ $$$$ integrity + service availability) DNSSEC $ $ $$$$ Data protection: $ $$ $$$$ Infrastructure & software Availability: protection $ $$ $$$$ from outages
Challenges to be faced by both Registries and Registrars Intensified Hacker attacks to: • Steal personal data • Take control of domain names to disrupt business or use hijacked domains for unlawful purposes • Disrupt services (locally) Cybererrorism: • Cyberterrorism should be perceived as threat by Registries. Attack on the country’s infrastructure can be combined with attack on the TLD Registry.
SECURITY - COST OR OPPORTUNITY?
Are YOU prepared for… making money on security?
Cybersecurity in upcoming years – just the cost or business opportunity? • For most domain registrants (doman holders), cybersecurity of their domains, on-line applications and web-pages, technical infrastructure is only the necessary cost. • For Registrar and Registries cybersecurity can be both cost and the business opportunity. Today, most Registries and Registrars miss the opportunity to make revenue on the additional security for domain name holders.
Business opportunities in upcoming years for… Registrars Registries WHOIS Privacy Protection YES NO Domain Lock Services YES Maybe DNSSEC support YES Maybe SSL Certificates YES Maybe Domains/URL Security YES YES Scanning - On-line application vulnerabilities Domains/URL Security YES YES Scanning - Malware detection
Domains/URL Security Scanning - On-line application vulnerabilities • Web Scanner is aimed at detecting security vulnerabilities in web sites and online applications. • example: Yonita Web Scanner performs dynamic verification of web applications based on automated tests generated by the Smart Test Generator and Randomized Data Generator. Provided by Provided by Registry Registrar Free service – whole zone Pay per scan scan Paid service through Registrars
Domains/URL Security Scanning - On-line application vulnerabilities Defects in Defects in session Cross-site Scripting Cross-site Request authentication and management (XSS) Forgery authorization Defects in forward and redirect Content spoofing Buffer overflow Script injection mechanisms OS command Direct object SQL injection CRLF injection injection references
Domains/URL Security Scanning CRITICAL VULNERABILITIES (TYPES) / DOMAIN* August 2011 .LV .BA .UA .CZ .BG .RU .RS 0 0.2 0.4 0.6 0.8 1 .RS .RU .BG .CZ .UA .BA .LV CRITICAL 1 0.80 0.56 0.50 0.40 0.33 0.12 *) based on Alexa list, ccTLD domains only Full report will be available @ end of September
Domains/URL Security Scanning Detected Vulnerabilities, August 2011 3% 1% 16% 12% 59% 9% SQL Injection Integer Overflow Attack Shell Injection HTTP PUT Accepted Backend XML Injection Other
Domains/URL Security Scanning – Malware detection • to help prevent websites from infecting other websites. – automatic malware scanning service with every domain name registration • examples: McAfee agreement with .XXX ($8 million deal); VERISIGN MalDetector Provided by Provided by Registry Registrar Free service – whole zone Pay per scan scan Paid service through Registrar
WHOIS Privacy Protection • A user buys privacy from the company, who in turn replaces the user's info in the WHOIS with the info of a forwarding service (for email and sometimes postal mail, done by a proxy server). • Pricing: $4-$10/yr + processing fees (i.a. disputes) • Providers: “Domain by Proxy” (GoDaddy), eNOM, WhoisGuard and many more • Some TLDs (including XXX, US, CA, AG, CO.NZ, SE, TC, TK, TW, IT, JOBS, JP) do not allow WHOIS Privacy Protection
Domain Lock • Domain Lock is a status code that can be set on an Internet domain name by the sponsoring registrar of the domain name to prevent unauthorized, unwanted or accidental changes to the domain name. – The Extensible Provisioning Protocol (EPP) specifies both client (registrar) and server (registry) status codes that can be used to prevent unintended registry changes: Delete, Transfer and/or Update • Types: – Registrar Lock: usually free of charge; protects against accidental transfers/deletions; no real protection; high volume/low value • all gTLDs, many ccTLDs – Registry Lock: more secure, required additional secure, authenticated process (i.a. manual); low volume/high value • examples: .COM, .AF, .CX, .GS, .GY, .KI, .NF, .NL., .PR, .US and .TL
DNSSEC support • DNSSEC is an addition to the Domain Name System (DNS) protocols; it is designed to add security to the DNS to protect it from certain attacks, such as any data modification attack (e.g. cache poisoning). It is a set of extensions to DNS, which provide origin authentication of DNS data, data integrity and authenticated denial of existence. • Registry – provides the free of charge service through EPP • Registrar: – Registrars can either pass Delegation Signer (DS) (the only correct approach from security point of view) only or complete the whole process of keys generation and signing (less secure but easier to sell) Free Paid – Can be offered for free or as a part of the • Registrant signs • Registrar zone; Registrar responsible for paid service (like GoDaddy’s “Premium uploads DS everything DNS Account”) • Registrar responsible for everything
Dr. Andrzej Bartosiewicz, CEO of Yonita Inc. Ph.D. in Informatics, Warsaw University of Technology. Expert in domain names, security and trademarks protection, telecommunication. Author of more than 200 publications and presentations. Over 15 years of experience in the information and communication technology business, including 12 years of experience in senior managerial positions. • Director and Chairman of CENTR (2006- 2010). • Rapporteur and Chairman of ITU-T in the field of “Internationalized Domain Names” (2005-2008) • Head of .PL Registry (2001-2010)

Recommended

Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsAbbie Hosta
 
Hackers
HackersHackers
HackersMohamed Boudchiche
 
Cyberterrorism
CyberterrorismCyberterrorism
CyberterrorismVarshil Patel
 
Lecture5
Lecture5Lecture5
Lecture5Majid Taghiloo
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimesChinatu Uzuegbu
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your businessManagement Insights LLC
 
3 f6 security
3 f6 security3 f6 security
3 f6 securityop205
 

Recommended

Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsAbbie Hosta
 
Hackers
HackersHackers
HackersMohamed Boudchiche
 
Cyberterrorism
CyberterrorismCyberterrorism
CyberterrorismVarshil Patel
 
Lecture5
Lecture5Lecture5
Lecture5Majid Taghiloo
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimesChinatu Uzuegbu
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your businessManagement Insights LLC
 
3 f6 security
3 f6 security3 f6 security
3 f6 securityop205
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bankshreemala1
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central BanksCommunity Protection Forum
 
How to become Hackers .
How to become Hackers .How to become Hackers .
How to become Hackers .Greater Noida Institute Of Technology
 
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Andrea Rossetti
 
Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationJacqueline Fick
 
Hackers Cracker Network Intruder
Hackers Cracker Network IntruderHackers Cracker Network Intruder
Hackers Cracker Network IntruderErdo Deshiant Garnaby
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeMurray Security Services
 
Cyber Security in 2018
Cyber Security in 2018Cyber Security in 2018
Cyber Security in 2018Chiranjit Adhikary
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
Cyber Security: The Strategic View
Cyber Security: The Strategic ViewCyber Security: The Strategic View
Cyber Security: The Strategic ViewCisco Canada
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatNTT Innovation Institute Inc.
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationJacqueline Fick
 
Network security
Network securityNetwork security
Network securityhajra azam
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0Deepak Kumar (D3)
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookMargarete McGrath
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx56ushodayareddy
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 

More Related Content

What's hot

Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bankshreemala1
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Andrea Rossetti
 
Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationJacqueline Fick
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeMurray Security Services
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
Cyber Security: The Strategic View
Cyber Security: The Strategic ViewCyber Security: The Strategic View
Cyber Security: The Strategic ViewCisco Canada
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationJacqueline Fick
 
Network security
Network securityNetwork security
Network securityhajra azam
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookMargarete McGrath
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 

What's hot (20)

Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
 
How to become Hackers .
How to become Hackers .How to become Hackers .
How to become Hackers .
 
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
 
Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisation
 
Hackers Cracker Network Intruder
Hackers Cracker Network IntruderHackers Cracker Network Intruder
Hackers Cracker Network Intruder
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
Cyber Security in 2018
Cyber Security in 2018Cyber Security in 2018
Cyber Security in 2018
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
Cyber Security: The Strategic View
Cyber Security: The Strategic ViewCyber Security: The Strategic View
Cyber Security: The Strategic View
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global Threat
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisation
 
Network security
Network securityNetwork security
Network security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence Index
 

Similar to DNS Cybersecurity in 2012-2015

Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptxRishabhDwivedi70
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptxjondon17
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxMBRoman1
 
Cyber Security - ICCT Colleges
Cyber Security - ICCT CollegesCyber Security - ICCT Colleges
Cyber Security - ICCT CollegesPotato
 
Types of Cyber Threats By Dr.S.Jagadeesh Kumar
Types of Cyber Threats By Dr.S.Jagadeesh KumarTypes of Cyber Threats By Dr.S.Jagadeesh Kumar
Types of Cyber Threats By Dr.S.Jagadeesh KumarDr.S.Jagadeesh Kumar
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptxPradeeshSAI
 
Cyber security ppt final
Cyber security ppt finalCyber security ppt final
Cyber security ppt finalSanishShrestha2
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 

Similar to DNS Cybersecurity in 2012-2015 (20)

Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptx
 
Brooks18
Brooks18Brooks18
Brooks18
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cyber Security - ICCT Colleges
Cyber Security - ICCT CollegesCyber Security - ICCT Colleges
Cyber Security - ICCT Colleges
 
cscnapd.ppt
cscnapd.pptcscnapd.ppt
cscnapd.ppt
 
Types of Cyber Threats By Dr.S.Jagadeesh Kumar
Types of Cyber Threats By Dr.S.Jagadeesh KumarTypes of Cyber Threats By Dr.S.Jagadeesh Kumar
Types of Cyber Threats By Dr.S.Jagadeesh Kumar
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber crime & law
Cyber crime & lawCyber crime & law
Cyber crime & law
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
ABP 23.pptx
ABP 23.pptxABP 23.pptx
ABP 23.pptx
 
Zero Trust.pptx
Zero Trust.pptxZero Trust.pptx
Zero Trust.pptx
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
 
Cyber security ppt final
Cyber security ppt finalCyber security ppt final
Cyber security ppt final
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 

Recently uploaded

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 

Recently uploaded (20)

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 

DNS Cybersecurity in 2012-2015

  • 1. Cybersecurity in 2012-2015: The new challenges to be faced by Registries and Registrars. How to profit from cyber security? Dr. Andrzej Bartosiewicz Yonita Inc., CEO
  • 2. Are YOU prepared for Cyber Attack?
  • 3. Recent examples of cyber-attacks
  • 4. Cyber crime, cyber terrorism and cyber warfare Types of the cybersecurity threats CYBERSECURITY THREATS
  • 5. Hacking is a “pure” criminal activity only? Cyber- Cyber- Cyber- Cyber- security crime warfare terrorism threats criminal activity: most common activity today, in most cases concealed; cyberwarfare: probably already in place; some countries already prepared to launch cyberattack on enemy’s infrastructure cyberterrorism: already in place, developing fast and become more and more dangerous in upcoming years
  • 6. Cyber-crime Cyber-crime • Cybercrime is any criminal act committed by a person with knowledge of computers who uses this information to accomplish acts of identity theft, intellectual property theft, terrorism, vandalism, credit and debt card fraud, and other forms of computer-related crimes. • Hacking is defined as intentionally accessing a computer without authorization or exceeding authorization in order to access restricted information.
  • 7. Cyber-terrorism Cyber-terrorism • Cyber-terrorism is a criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. FEDERAL GOVERNMENT, THE FBI
  • 8. Cyber-warfare Cyber-warfare • Cyberwarfare - Actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption RICHARD A. CLARKE • Cyberwarfare refers to politically motivated (and sponsored) hacking to conduct sabotage and espionage.
  • 9. Cyber-warfare example: Stuxnet, Iran • Highly specialized malware payload; designed to target only Siemens SCADA systems that are configured to control and monitor specific industrial processes. • Stuxnet appears to be designed to sabotage the uranium enrichment facility at Natanz by destroying centrifuges (device performing isotope separation). Stuxnet may have physically destroyed up to 1000 centrifuges (10 percent) • "serious nuclear accident" occurred at the site in the first half of 2009 • "They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts.“ MAHMOUD AHMADINEJAD
  • 10. Cyber-attacks: evolution Tomorrow – political or Past – position/ religious status in the motivation; society cyber-terrorism Today – cyber- After tomorrow crime; financial – cyber warfare gain Slide partially based on Dr. Paul Wagner’s presentation
  • 11. Demons- Theft tration Damage SOURCES, OBJECTIVES, MOTIVATION AND TOOLS
  • 12. Threat sources • Hackers and Crackers (individuals who illegally break into other computer systems to damage the system or data, steal information, or cause disruption of networks for personal motivations - monetary gain or status) • Criminals (individuals or gangs who illegally break into other computer systems primarily for financial gain) • Terrorist activity (unlawful destruction, disruption, or disinformation of digital property to intimidate or coerce governments or societies in the pursuit of goals that are political, religious or ideological) • Governments • Industrial espionage (discover proprietary information on financial or contractual issues, or to acquire classified information on sensitive research and development efforts) • Insiders (disgruntled employees working alone to use their access to compromise the system)
  • 13. Objectives of Cyber Attack • Loss of Integrity (corrupted data, lost data) • Loss of Availability (loss of system functionality and operational effectiveness) • Loss of Confidentiality (unauthorized, unanticipated, or unintentional disclosure could result in loss of public confidence, embarrassment, or legal action against the organization) • Theft (information stolen especially financial or personal data, R&D documents) • Physical Destruction (ability to create actual physical harm or destruction through the use of IT systems; i.e. SCADA systems)
  • 14. Motivation Motivation • Financial • Challenge, ego, “fame” • Non-financial • Illegal information disclosure, blackmail • Monetary gain • Unauthorized data alteration • Destruction of information, exploitation and revenge • Sabotage (to gain competitive advantage) • Industrial or corporate espionage • Government led intelligence and economic espionage
  • 15. Tools of Cyber Attacks • Infrastructure is targeted: • Service flooding - Distributed Denial of Service Attack (DDoS) • Vulnerabilities detection + system intrusion / break-ins • Backdoors • Trojan horses and viruses • Botnets • 3rd party infrastructure is targeted (example: domain hijacking, DNS hijacking) • Humans are targeted: • Social engineering: Phishing & E-mail Spoofing • Blackmail or physical assault on an employee
  • 16. Tools of Cyber Attacks example: Phishing • using social methods to infect users with non-vulnerability based malware (such as Trojans and keyloggers) or to steal user privileged information by requesting the user to provide it and making the user believe they are surfing a genuine site.
  • 17. Tools of Cyber Attacks example: domain hijacking Domain hijacking or domain theft is the process by which registration of a currently registered domain name is transferred without the permission of its original registrant, generally by exploiting a vulnerability in the domain name registration system.
  • 18. http://imgs.xkcd.com/comics/security.png Are you using TWO-MAN RULE in your infrastructure? The two-man rule is a control mechanism designed to achieve a high level of security for especially critical material or operations. Under this rule all access and actions requires the presence of two authorized people at all times.
  • 19. Critical Infrastructure Roles of the Registry Roles of the Registrars CHALLENGES FOR REGISTRIES AND REGISTRARS
  • 20. Expectations from Registrars and Registries Security Availability Integrity Registrars/ Registries
  • 21. Roles of the Registry • from DDoS attacks on the whole Protect zone DNS • from DNS spoofing of individual zones (domains) Protect • from loss of internal integrity of data data (users, • from attacks targeted to steal data domains, financial) • from domain hijacking Protects • from natural disasters and industrial from catastrophes outages
  • 22. Roles of the Registrars Protects • from loss of internal integrity of data data (users, • from attacks targeted to steal data domains, financial) • from domain hijacking Protects • from natural disasters and industrial from catastrophes outages
  • 23. Necessary costs of Cybersecurity Registrars ISPs Registries DNS robustness, $ $$$$ stability and ANYCAST Monitoring (data $$ $$$$ integrity + service availability) DNSSEC $ $ $$$$ Data protection: $ $$ $$$$ Infrastructure & software Availability: protection $ $$ $$$$ from outages
  • 24. Challenges to be faced by both Registries and Registrars Intensified Hacker attacks to: • Steal personal data • Take control of domain names to disrupt business or use hijacked domains for unlawful purposes • Disrupt services (locally) Cybererrorism: • Cyberterrorism should be perceived as threat by Registries. Attack on the country’s infrastructure can be combined with attack on the TLD Registry.
  • 25. SECURITY - COST OR OPPORTUNITY?
  • 26. Are YOU prepared for… making money on security?
  • 27. Cybersecurity in upcoming years – just the cost or business opportunity? • For most domain registrants (doman holders), cybersecurity of their domains, on-line applications and web-pages, technical infrastructure is only the necessary cost. • For Registrar and Registries cybersecurity can be both cost and the business opportunity. Today, most Registries and Registrars miss the opportunity to make revenue on the additional security for domain name holders.
  • 28. Business opportunities in upcoming years for… Registrars Registries WHOIS Privacy Protection YES NO Domain Lock Services YES Maybe DNSSEC support YES Maybe SSL Certificates YES Maybe Domains/URL Security YES YES Scanning - On-line application vulnerabilities Domains/URL Security YES YES Scanning - Malware detection
  • 29. Domains/URL Security Scanning - On-line application vulnerabilities • Web Scanner is aimed at detecting security vulnerabilities in web sites and online applications. • example: Yonita Web Scanner performs dynamic verification of web applications based on automated tests generated by the Smart Test Generator and Randomized Data Generator. Provided by Provided by Registry Registrar Free service – whole zone Pay per scan scan Paid service through Registrars
  • 30. Domains/URL Security Scanning - On-line application vulnerabilities Defects in Defects in session Cross-site Scripting Cross-site Request authentication and management (XSS) Forgery authorization Defects in forward and redirect Content spoofing Buffer overflow Script injection mechanisms OS command Direct object SQL injection CRLF injection injection references
  • 31. Domains/URL Security Scanning CRITICAL VULNERABILITIES (TYPES) / DOMAIN* August 2011 .LV .BA .UA .CZ .BG .RU .RS 0 0.2 0.4 0.6 0.8 1 .RS .RU .BG .CZ .UA .BA .LV CRITICAL 1 0.80 0.56 0.50 0.40 0.33 0.12 *) based on Alexa list, ccTLD domains only Full report will be available @ end of September
  • 32. Domains/URL Security Scanning Detected Vulnerabilities, August 2011 3% 1% 16% 12% 59% 9% SQL Injection Integer Overflow Attack Shell Injection HTTP PUT Accepted Backend XML Injection Other
  • 33. Domains/URL Security Scanning – Malware detection • to help prevent websites from infecting other websites. – automatic malware scanning service with every domain name registration • examples: McAfee agreement with .XXX ($8 million deal); VERISIGN MalDetector Provided by Provided by Registry Registrar Free service – whole zone Pay per scan scan Paid service through Registrar
  • 34. WHOIS Privacy Protection • A user buys privacy from the company, who in turn replaces the user's info in the WHOIS with the info of a forwarding service (for email and sometimes postal mail, done by a proxy server). • Pricing: $4-$10/yr + processing fees (i.a. disputes) • Providers: “Domain by Proxy” (GoDaddy), eNOM, WhoisGuard and many more • Some TLDs (including XXX, US, CA, AG, CO.NZ, SE, TC, TK, TW, IT, JOBS, JP) do not allow WHOIS Privacy Protection
  • 35. Domain Lock • Domain Lock is a status code that can be set on an Internet domain name by the sponsoring registrar of the domain name to prevent unauthorized, unwanted or accidental changes to the domain name. – The Extensible Provisioning Protocol (EPP) specifies both client (registrar) and server (registry) status codes that can be used to prevent unintended registry changes: Delete, Transfer and/or Update • Types: – Registrar Lock: usually free of charge; protects against accidental transfers/deletions; no real protection; high volume/low value • all gTLDs, many ccTLDs – Registry Lock: more secure, required additional secure, authenticated process (i.a. manual); low volume/high value • examples: .COM, .AF, .CX, .GS, .GY, .KI, .NF, .NL., .PR, .US and .TL
  • 36. DNSSEC support • DNSSEC is an addition to the Domain Name System (DNS) protocols; it is designed to add security to the DNS to protect it from certain attacks, such as any data modification attack (e.g. cache poisoning). It is a set of extensions to DNS, which provide origin authentication of DNS data, data integrity and authenticated denial of existence. • Registry – provides the free of charge service through EPP • Registrar: – Registrars can either pass Delegation Signer (DS) (the only correct approach from security point of view) only or complete the whole process of keys generation and signing (less secure but easier to sell) Free Paid – Can be offered for free or as a part of the • Registrant signs • Registrar zone; Registrar responsible for paid service (like GoDaddy’s “Premium uploads DS everything DNS Account”) • Registrar responsible for everything
  • 37. Dr. Andrzej Bartosiewicz, CEO of Yonita Inc. Ph.D. in Informatics, Warsaw University of Technology. Expert in domain names, security and trademarks protection, telecommunication. Author of more than 200 publications and presentations. Over 15 years of experience in the information and communication technology business, including 12 years of experience in senior managerial positions. • Director and Chairman of CENTR (2006- 2010). • Rapporteur and Chairman of ITU-T in the field of “Internationalized Domain Names” (2005-2008) • Head of .PL Registry (2001-2010)