SlideShare a Scribd company logo

WHOIS Database for Incident Response & Handling

APNIC
APNIC

At the recent CNCERT 2015, APNIC's Security Specialist, Adli Wahid outlined the relationship between the whois database and incident response.

Internet
1 of 24
Download to read offline
Issue Date: Revision: WHOIS Database For Incident Response & Handling 2015 CNCERT Annual Conference, Wuhan Adli Wahid <adli@apnic.net> Security Specialist, APNIC
Issue Date: Revision: ⼤大家好 Hello Everyone!
Presenter Adli Wahid (@adliwahid) Security Specialist, APNIC Adli is responsible for the security outreach activities at APNIC. He engages with APNIC members, CSIRTs, Law Enforcement agencies in promoting security best practices. Adli is also actively involved with the regional CSIRTs organisations such as APCERT, OIC-CERT and TF-CSIRT. He is currently a boar member of FIRST.org Prior to joining APNIC, Adli was a regional Cyber Security Manager at Bank of Tokyo Mitsubishi – UFJ and Head of Malaysia CERT (MyCERT) Areas of interests: CSIRTs, Honeypots, Malware, International Collaboration, Contact: Email: adli@apnic.net
Agenda 1.  About APNIC 2.  Whois Database for Incident Handling & Response 3.  Challenges 4.  Conclusion 4
Issue Date: Revision: Intro to APNIC 5
What is APNIC? •  Regional Internet Registry (RIR) for the Asia Pacific region –  Comprises 56 economies •  Secretariat located in Brisbane, Australia –  Currently employs around 70 staff •  Not-for-profit, membership-based organization •  Governed by the Executive Council (EC), who are elected by the Members 6
The Regional Internet Registry for the Asia Pacific region
How APNIC support the Internet community •  Distribution and Registration of Internet Resources (v4,v6, ASN) •  Facilitate the policy development process –  Via mailing lists, conferences etc. •  Training services •  Information dissemination •  Collaboration & Liaison
Security Initiatives @ APNIC •  Target Audience –  Primarily Network Operators & Service Providers, APNIC members Topics Domain Resource Public Key Infrastructure (RPKI) Routing DNSSEC DNS Source Address Validation Everywhere (SAVE) DDoS Mitigation Updating IRT References in APNIC Whois Database Abuse Handling & Incident Response http://www.apnic.net/security
Issue Date: Revision: Incident Response & Handling 11
The State of Security Incidents •  Increasing •  Greater Impact •  Types of Incidents •  Distributed in Nature 12
Challenges to Security Responder 13 Analysis Fix / Recover •  Source of Attack •  Modus Operandi •  Command & Control •  Indicators of Compromise •  Number of Bots / Infected Computers •  Numbers of Samples •  Patch Vulnerable Systems •  Apply Firewall Rules •  Clean Infected Computers •  Disable Vulnerable Services •  Remove Malicious Page
14 Recursive DNS Servers: https://dnsscan.shadowserver.org
Where to find information ? •  Whois Database –  Domain (Names) & Numbers –  Security point of contact for a domain? •  Regional Internet Registry –  Maintains information related to IP Address & AS Numbers –  Including point of contact for Security •  Incident Response Teams (IRT) Object –  Specialized Mandatory IRT contacts for inetnum, inet6num & aut- num –  https://www.apnic.net/services/manage-resources/abuse-contacts –  https://www.apnic.net/apnic-info/whois_search/using-whois/guide/irt 15
whois –h whois.apnic.net 202.12.29.175 irt: IRT-APNIC-IS-AP address: South Brisbane, Australia e-mail: helpdesk@apnic.net abuse-mailbox: helpdesk@apnic.net admin-c: AIC1-AP tech-c: AIC1-AP auth: # Filtered remarks: APNIC Infrastructure Services mnt-by: MAINT-APNIC-IS-AP changed: hm-changed@apnic.net 20110704 source: APNIC 16
Challenges with Information in the Whois Database 1.  Information not available 2.  Information not accurate –  There’s mechanism to update information or report 3.  No guarantee recipient know what to do or expected of them 17
Examples Dear IRT, [ We have identified a command & control on your network that is related to the XYZ malware. Please do the necessary] [A host (a.c.d.e) on your network is hosting a phishing site of Bank BBB. Please remove the phishing site immediately. Refer to screenshots] [The following IP addresses on your network is running an open DNS resolver that could be used in an DDoS amplification attack] 18
Security Awareness & Incident Management for Network Operators / Providers •  Understanding different types of incidents & Reports –  Malware, DDoS, Data Breaches, Phishing etc –  Suspicious Activities: Scanning •  Impact of Different Types of Incidents –  How do I prioritize? •  Expectations : Process –  Take down or Investigate •  Best Practices for Incident Handling –  Policy or Procedures 19
Best Practices 1.  Mobile Messaging Best Practices for Service Providers –  https://www.m3aawg.org/sites/maawg/files/news/ M3AAWG_Mobile_Messaging_Best_Practices_Service_Providers- 2015-04.pdf 2.  M3AAWG Anti-Abuse Best Common Practices for Hosting & Cloud Services –  https://www.m3aawg.org/sites/maawg/files/news/ M3AAWG_Hosting_Abuse_BCPs-2015-03.pdf 3.  Many more here: –  https://www.m3aawg.org/published-documents 20
Role of National CERT / CSIRT •  Help to reach out to the relevant person in the organization –  Translate –  Explain –  Incident Response Framework, Capacity Development, Information Sharing •  What if there is no National CERT / CSIRT ? –  See Previous Slides –  NZITF is a good model (http://www.nzitf.org.nz) 21
Conclusion •  There is a need to have accurate information in the whois database for dealing with abuses & security incidents •  Training & creating awareness that the IRT / Abuse contacts know what do will make a huge difference •  Let’s work together!
More Information •  Providing Abuse Contact Information –  https://www.apnic.net/services/manage-resources/abuse-contacts –  https://www.apnic.net/apnic-info/whois_search/using-whois/abuse- and-spamming –  https://www.apnic.net/apnic-info/whois_search/using-whois/abuse- and-spamming/invalid-contact-form •  E-Learning on Establishing CSIRT –  https:/training.apnic.net •  APCERT –  http://www.apcert.org •  FIRST –  http://www.first.org 23
Issue Date: Revision: 谢谢 Adli Wahid <adli@apnic.net>

Recommended

Collective responsibility for security and resilience of the global routing s...
Collective responsibility for security and resilience of the global routing s...Collective responsibility for security and resilience of the global routing s...
Collective responsibility for security and resilience of the global routing s...APNIC
 
APNIC Update - MMNOG 2017
APNIC Update - MMNOG 2017APNIC Update - MMNOG 2017
APNIC Update - MMNOG 2017APNIC
 
Enhancing security incident response capabilities in the AP
Enhancing security incident response capabilities in the AP Enhancing security incident response capabilities in the AP
Enhancing security incident response capabilities in the AP APNIC
 
ARM 7: ROA session
ARM 7: ROA sessionARM 7: ROA session
ARM 7: ROA sessionAPNIC
 
PRFP-10: Cyber threats and security in the Pacific
PRFP-10: Cyber threats and security in the PacificPRFP-10: Cyber threats and security in the Pacific
PRFP-10: Cyber threats and security in the PacificAPNIC
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...APNIC
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
PNG IXP Inauguration: APNIC Update
PNG IXP Inauguration: APNIC UpdatePNG IXP Inauguration: APNIC Update
PNG IXP Inauguration: APNIC UpdateAPNIC
 

Recommended

Collective responsibility for security and resilience of the global routing s...
Collective responsibility for security and resilience of the global routing s...Collective responsibility for security and resilience of the global routing s...
Collective responsibility for security and resilience of the global routing s...APNIC
 
APNIC Update - MMNOG 2017
APNIC Update - MMNOG 2017APNIC Update - MMNOG 2017
APNIC Update - MMNOG 2017APNIC
 
Enhancing security incident response capabilities in the AP
Enhancing security incident response capabilities in the AP Enhancing security incident response capabilities in the AP
Enhancing security incident response capabilities in the AP APNIC
 
ARM 7: ROA session
ARM 7: ROA sessionARM 7: ROA session
ARM 7: ROA sessionAPNIC
 
PRFP-10: Cyber threats and security in the Pacific
PRFP-10: Cyber threats and security in the PacificPRFP-10: Cyber threats and security in the Pacific
PRFP-10: Cyber threats and security in the PacificAPNIC
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...APNIC
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
PNG IXP Inauguration: APNIC Update
PNG IXP Inauguration: APNIC UpdatePNG IXP Inauguration: APNIC Update
PNG IXP Inauguration: APNIC UpdateAPNIC
 
Cyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contributeCyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contributeAPNIC
 
APNIC Update, APEC TEL 54
APNIC Update, APEC TEL 54APNIC Update, APEC TEL 54
APNIC Update, APEC TEL 54APNIC
 
MMNOG: Internet infrastructure comparisons in the Asia Pacific
MMNOG: Internet infrastructure comparisons in the Asia Pacific MMNOG: Internet infrastructure comparisons in the Asia Pacific
MMNOG: Internet infrastructure comparisons in the Asia Pacific APNIC
 
Resource Public Key Infrastructure presentation, Mynog5
Resource Public Key Infrastructure presentation, Mynog5Resource Public Key Infrastructure presentation, Mynog5
Resource Public Key Infrastructure presentation, Mynog5APNIC
 
Stockholm Internet Forum 2017: Development of CERTs in the Asia Pacific
Stockholm Internet Forum 2017: Development of CERTs in the Asia PacificStockholm Internet Forum 2017: Development of CERTs in the Asia Pacific
Stockholm Internet Forum 2017: Development of CERTs in the Asia PacificAPNIC
 
APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC Technical Assistance Service, IDNIC OPM 2016APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC Technical Assistance Service, IDNIC OPM 2016APNIC
 
IGFA 2017: Introduction to APNIC and Regional Internet Registries
IGFA 2017: Introduction to APNIC and Regional Internet RegistriesIGFA 2017: Introduction to APNIC and Regional Internet Registries
IGFA 2017: Introduction to APNIC and Regional Internet RegistriesAPNIC
 
ARM 7: IPv6 deployment - where are we now?
ARM 7: IPv6 deployment - where are we now?ARM 7: IPv6 deployment - where are we now?
ARM 7: IPv6 deployment - where are we now?APNIC
 
What is APNIC: Infotel 2014
What is APNIC: Infotel 2014What is APNIC: Infotel 2014
What is APNIC: Infotel 2014APNIC
 
Government Policy and IPv6 Adoption
Government Policy and IPv6 AdoptionGovernment Policy and IPv6 Adoption
Government Policy and IPv6 AdoptionAPNIC
 
APEC TEL 63: Building cyber resilience - Internet of communities
APEC TEL 63: Building cyber resilience - Internet of communitiesAPEC TEL 63: Building cyber resilience - Internet of communities
APEC TEL 63: Building cyber resilience - Internet of communitiesAPNIC
 
APNIC Member Services
APNIC Member ServicesAPNIC Member Services
APNIC Member ServicesAPNIC
 
IPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government AgenciesIPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government AgenciesAPNIC
 
Strengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure DesignStrengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure DesignAPNIC
 
APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5APNIC
 
Cybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNICCybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNICAPNIC
 
PANDI Meeting 12: Supporting resilience and security in Internet routing
PANDI Meeting 12: Supporting resilience and security in Internet routingPANDI Meeting 12: Supporting resilience and security in Internet routing
PANDI Meeting 12: Supporting resilience and security in Internet routingAPNIC
 
IPv6 capacity development in developing economies
IPv6 capacity development in developing economiesIPv6 capacity development in developing economies
IPv6 capacity development in developing economiesAPNIC
 
TWNIC OPM 2015: Network Operator Groups
TWNIC OPM 2015: Network Operator GroupsTWNIC OPM 2015: Network Operator Groups
TWNIC OPM 2015: Network Operator GroupsAPNIC
 
APEC TEL 62: APNIC Security Engagement Activities
APEC TEL 62: APNIC Security Engagement ActivitiesAPEC TEL 62: APNIC Security Engagement Activities
APEC TEL 62: APNIC Security Engagement ActivitiesAPNIC
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 

More Related Content

What's hot

Cyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contributeCyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contributeAPNIC
 
APNIC Update, APEC TEL 54
APNIC Update, APEC TEL 54APNIC Update, APEC TEL 54
APNIC Update, APEC TEL 54APNIC
 
MMNOG: Internet infrastructure comparisons in the Asia Pacific
MMNOG: Internet infrastructure comparisons in the Asia Pacific MMNOG: Internet infrastructure comparisons in the Asia Pacific
MMNOG: Internet infrastructure comparisons in the Asia Pacific APNIC
 
Resource Public Key Infrastructure presentation, Mynog5
Resource Public Key Infrastructure presentation, Mynog5Resource Public Key Infrastructure presentation, Mynog5
Resource Public Key Infrastructure presentation, Mynog5APNIC
 
Stockholm Internet Forum 2017: Development of CERTs in the Asia Pacific
Stockholm Internet Forum 2017: Development of CERTs in the Asia PacificStockholm Internet Forum 2017: Development of CERTs in the Asia Pacific
Stockholm Internet Forum 2017: Development of CERTs in the Asia PacificAPNIC
 
APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC Technical Assistance Service, IDNIC OPM 2016APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC Technical Assistance Service, IDNIC OPM 2016APNIC
 
IGFA 2017: Introduction to APNIC and Regional Internet Registries
IGFA 2017: Introduction to APNIC and Regional Internet RegistriesIGFA 2017: Introduction to APNIC and Regional Internet Registries
IGFA 2017: Introduction to APNIC and Regional Internet RegistriesAPNIC
 
ARM 7: IPv6 deployment - where are we now?
ARM 7: IPv6 deployment - where are we now?ARM 7: IPv6 deployment - where are we now?
ARM 7: IPv6 deployment - where are we now?APNIC
 
What is APNIC: Infotel 2014
What is APNIC: Infotel 2014What is APNIC: Infotel 2014
What is APNIC: Infotel 2014APNIC
 
Government Policy and IPv6 Adoption
Government Policy and IPv6 AdoptionGovernment Policy and IPv6 Adoption
Government Policy and IPv6 AdoptionAPNIC
 
APEC TEL 63: Building cyber resilience - Internet of communities
APEC TEL 63: Building cyber resilience - Internet of communitiesAPEC TEL 63: Building cyber resilience - Internet of communities
APEC TEL 63: Building cyber resilience - Internet of communitiesAPNIC
 
APNIC Member Services
APNIC Member ServicesAPNIC Member Services
APNIC Member ServicesAPNIC
 
IPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government AgenciesIPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government AgenciesAPNIC
 
Strengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure DesignStrengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure DesignAPNIC
 
APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5APNIC
 
Cybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNICCybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNICAPNIC
 
PANDI Meeting 12: Supporting resilience and security in Internet routing
PANDI Meeting 12: Supporting resilience and security in Internet routingPANDI Meeting 12: Supporting resilience and security in Internet routing
PANDI Meeting 12: Supporting resilience and security in Internet routingAPNIC
 
IPv6 capacity development in developing economies
IPv6 capacity development in developing economiesIPv6 capacity development in developing economies
IPv6 capacity development in developing economiesAPNIC
 
TWNIC OPM 2015: Network Operator Groups
TWNIC OPM 2015: Network Operator GroupsTWNIC OPM 2015: Network Operator Groups
TWNIC OPM 2015: Network Operator GroupsAPNIC
 
APEC TEL 62: APNIC Security Engagement Activities
APEC TEL 62: APNIC Security Engagement ActivitiesAPEC TEL 62: APNIC Security Engagement Activities
APEC TEL 62: APNIC Security Engagement ActivitiesAPNIC
 

What's hot (20)

Cyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contributeCyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contribute
 
APNIC Update, APEC TEL 54
APNIC Update, APEC TEL 54APNIC Update, APEC TEL 54
APNIC Update, APEC TEL 54
 
MMNOG: Internet infrastructure comparisons in the Asia Pacific
MMNOG: Internet infrastructure comparisons in the Asia Pacific MMNOG: Internet infrastructure comparisons in the Asia Pacific
MMNOG: Internet infrastructure comparisons in the Asia Pacific
 
Resource Public Key Infrastructure presentation, Mynog5
Resource Public Key Infrastructure presentation, Mynog5Resource Public Key Infrastructure presentation, Mynog5
Resource Public Key Infrastructure presentation, Mynog5
 
Stockholm Internet Forum 2017: Development of CERTs in the Asia Pacific
Stockholm Internet Forum 2017: Development of CERTs in the Asia PacificStockholm Internet Forum 2017: Development of CERTs in the Asia Pacific
Stockholm Internet Forum 2017: Development of CERTs in the Asia Pacific
 
APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC Technical Assistance Service, IDNIC OPM 2016APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC Technical Assistance Service, IDNIC OPM 2016
 
IGFA 2017: Introduction to APNIC and Regional Internet Registries
IGFA 2017: Introduction to APNIC and Regional Internet RegistriesIGFA 2017: Introduction to APNIC and Regional Internet Registries
IGFA 2017: Introduction to APNIC and Regional Internet Registries
 
ARM 7: IPv6 deployment - where are we now?
ARM 7: IPv6 deployment - where are we now?ARM 7: IPv6 deployment - where are we now?
ARM 7: IPv6 deployment - where are we now?
 
What is APNIC: Infotel 2014
What is APNIC: Infotel 2014What is APNIC: Infotel 2014
What is APNIC: Infotel 2014
 
Government Policy and IPv6 Adoption
Government Policy and IPv6 AdoptionGovernment Policy and IPv6 Adoption
Government Policy and IPv6 Adoption
 
APEC TEL 63: Building cyber resilience - Internet of communities
APEC TEL 63: Building cyber resilience - Internet of communitiesAPEC TEL 63: Building cyber resilience - Internet of communities
APEC TEL 63: Building cyber resilience - Internet of communities
 
APNIC Member Services
APNIC Member ServicesAPNIC Member Services
APNIC Member Services
 
IPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government AgenciesIPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government Agencies
 
Strengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure DesignStrengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure Design
 
APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5
 
Cybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNICCybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNIC
 
PANDI Meeting 12: Supporting resilience and security in Internet routing
PANDI Meeting 12: Supporting resilience and security in Internet routingPANDI Meeting 12: Supporting resilience and security in Internet routing
PANDI Meeting 12: Supporting resilience and security in Internet routing
 
IPv6 capacity development in developing economies
IPv6 capacity development in developing economiesIPv6 capacity development in developing economies
IPv6 capacity development in developing economies
 
TWNIC OPM 2015: Network Operator Groups
TWNIC OPM 2015: Network Operator GroupsTWNIC OPM 2015: Network Operator Groups
TWNIC OPM 2015: Network Operator Groups
 
APEC TEL 62: APNIC Security Engagement Activities
APEC TEL 62: APNIC Security Engagement ActivitiesAPEC TEL 62: APNIC Security Engagement Activities
APEC TEL 62: APNIC Security Engagement Activities
 

Similar to WHOIS Database for Incident Response & Handling

CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareTzar Umang
 
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarEnhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarAdelaide Hill
 
Securing the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicySecuring the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicyAllot Communications
 
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingAPNIC
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Wen-Pai Lu
 
Ransomware: The Impact is Real
Ransomware: The Impact is RealRansomware: The Impact is Real
Ransomware: The Impact is RealNICSA
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account securityRaleigh ISSA
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DaySymantec
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 

Similar to WHOIS Database for Incident Response & Handling (20)

CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
 
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarEnhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
 
Securing the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicySecuring the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use Policy
 
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2
 
Ransomware: The Impact is Real
Ransomware: The Impact is RealRansomware: The Impact is Real
Ransomware: The Impact is Real
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 

More from APNIC

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAPNIC
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemAPNIC
 

More from APNIC (20)

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry System
 

Recently uploaded

VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...akbard9823
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfThe Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfMilind Agarwal
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewingbigorange77
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 

Recently uploaded (20)

VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfThe Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 

WHOIS Database for Incident Response & Handling

  • 1. Issue Date: Revision: WHOIS Database For Incident Response & Handling 2015 CNCERT Annual Conference, Wuhan Adli Wahid <adli@apnic.net> Security Specialist, APNIC
  • 3. Presenter Adli Wahid (@adliwahid) Security Specialist, APNIC Adli is responsible for the security outreach activities at APNIC. He engages with APNIC members, CSIRTs, Law Enforcement agencies in promoting security best practices. Adli is also actively involved with the regional CSIRTs organisations such as APCERT, OIC-CERT and TF-CSIRT. He is currently a boar member of FIRST.org Prior to joining APNIC, Adli was a regional Cyber Security Manager at Bank of Tokyo Mitsubishi – UFJ and Head of Malaysia CERT (MyCERT) Areas of interests: CSIRTs, Honeypots, Malware, International Collaboration, Contact: Email: adli@apnic.net
  • 4. Agenda 1.  About APNIC 2.  Whois Database for Incident Handling & Response 3.  Challenges 4.  Conclusion 4
  • 6. What is APNIC? •  Regional Internet Registry (RIR) for the Asia Pacific region –  Comprises 56 economies •  Secretariat located in Brisbane, Australia –  Currently employs around 70 staff •  Not-for-profit, membership-based organization •  Governed by the Executive Council (EC), who are elected by the Members 6
  • 7.
  • 9. How APNIC support the Internet community •  Distribution and Registration of Internet Resources (v4,v6, ASN) •  Facilitate the policy development process –  Via mailing lists, conferences etc. •  Training services •  Information dissemination •  Collaboration & Liaison
  • 10. Security Initiatives @ APNIC •  Target Audience –  Primarily Network Operators & Service Providers, APNIC members Topics Domain Resource Public Key Infrastructure (RPKI) Routing DNSSEC DNS Source Address Validation Everywhere (SAVE) DDoS Mitigation Updating IRT References in APNIC Whois Database Abuse Handling & Incident Response http://www.apnic.net/security
  • 12. The State of Security Incidents •  Increasing •  Greater Impact •  Types of Incidents •  Distributed in Nature 12
  • 13. Challenges to Security Responder 13 Analysis Fix / Recover •  Source of Attack •  Modus Operandi •  Command & Control •  Indicators of Compromise •  Number of Bots / Infected Computers •  Numbers of Samples •  Patch Vulnerable Systems •  Apply Firewall Rules •  Clean Infected Computers •  Disable Vulnerable Services •  Remove Malicious Page
  • 14. 14 Recursive DNS Servers: https://dnsscan.shadowserver.org
  • 15. Where to find information ? •  Whois Database –  Domain (Names) & Numbers –  Security point of contact for a domain? •  Regional Internet Registry –  Maintains information related to IP Address & AS Numbers –  Including point of contact for Security •  Incident Response Teams (IRT) Object –  Specialized Mandatory IRT contacts for inetnum, inet6num & aut- num –  https://www.apnic.net/services/manage-resources/abuse-contacts –  https://www.apnic.net/apnic-info/whois_search/using-whois/guide/irt 15
  • 16. whois –h whois.apnic.net 202.12.29.175 irt: IRT-APNIC-IS-AP address: South Brisbane, Australia e-mail: helpdesk@apnic.net abuse-mailbox: helpdesk@apnic.net admin-c: AIC1-AP tech-c: AIC1-AP auth: # Filtered remarks: APNIC Infrastructure Services mnt-by: MAINT-APNIC-IS-AP changed: hm-changed@apnic.net 20110704 source: APNIC 16
  • 17. Challenges with Information in the Whois Database 1.  Information not available 2.  Information not accurate –  There’s mechanism to update information or report 3.  No guarantee recipient know what to do or expected of them 17
  • 18. Examples Dear IRT, [ We have identified a command & control on your network that is related to the XYZ malware. Please do the necessary] [A host (a.c.d.e) on your network is hosting a phishing site of Bank BBB. Please remove the phishing site immediately. Refer to screenshots] [The following IP addresses on your network is running an open DNS resolver that could be used in an DDoS amplification attack] 18
  • 19. Security Awareness & Incident Management for Network Operators / Providers •  Understanding different types of incidents & Reports –  Malware, DDoS, Data Breaches, Phishing etc –  Suspicious Activities: Scanning •  Impact of Different Types of Incidents –  How do I prioritize? •  Expectations : Process –  Take down or Investigate •  Best Practices for Incident Handling –  Policy or Procedures 19
  • 20. Best Practices 1.  Mobile Messaging Best Practices for Service Providers –  https://www.m3aawg.org/sites/maawg/files/news/ M3AAWG_Mobile_Messaging_Best_Practices_Service_Providers- 2015-04.pdf 2.  M3AAWG Anti-Abuse Best Common Practices for Hosting & Cloud Services –  https://www.m3aawg.org/sites/maawg/files/news/ M3AAWG_Hosting_Abuse_BCPs-2015-03.pdf 3.  Many more here: –  https://www.m3aawg.org/published-documents 20
  • 21. Role of National CERT / CSIRT •  Help to reach out to the relevant person in the organization –  Translate –  Explain –  Incident Response Framework, Capacity Development, Information Sharing •  What if there is no National CERT / CSIRT ? –  See Previous Slides –  NZITF is a good model (http://www.nzitf.org.nz) 21
  • 22. Conclusion •  There is a need to have accurate information in the whois database for dealing with abuses & security incidents •  Training & creating awareness that the IRT / Abuse contacts know what do will make a huge difference •  Let’s work together!
  • 23. More Information •  Providing Abuse Contact Information –  https://www.apnic.net/services/manage-resources/abuse-contacts –  https://www.apnic.net/apnic-info/whois_search/using-whois/abuse- and-spamming –  https://www.apnic.net/apnic-info/whois_search/using-whois/abuse- and-spamming/invalid-contact-form •  E-Learning on Establishing CSIRT –  https:/training.apnic.net •  APCERT –  http://www.apcert.org •  FIRST –  http://www.first.org 23