This document discusses the business case for DNSSEC (Domain Name System Security Extensions). It outlines how DNSSEC helps secure the DNS infrastructure by cryptographically protecting domain name records from man-in-the-middle attacks and cache poisoning. The document provides examples of past DNS hijacking incidents that could have been prevented with DNSSEC. It argues that DNSSEC adoption gives businesses a competitive advantage by helping ensure customers are directed to the correct websites and services. Governments are also encouraging DNSSEC to improve online security and trust.
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]APNIC
This document provides an overview of DNSSEC (Domain Name System Security Extensions). It discusses how DNSSEC introduces digital signatures to cryptographically protect DNS data and prevent man-in-the-middle attacks. It also describes some common DNS record types used in DNSSEC like DNSKEY, RRSIG, and DS. The document notes that while DNSSEC deployment has increased in top-level domains and root servers, adoption remains low at the second-level domain level, and more work is still needed for full deployment.
This document provides an introduction to a DNSSEC training course hosted by RIPE NCC. It explains that DNSSEC protects against DNS spoofing and data corruption by using digital signatures to authenticate DNS data and establish its integrity. The course aims to raise awareness of DNSSEC and provide guidance on deployment. It outlines DNSSEC mechanisms like using new resource records and signing zones to authenticate communication between servers and establish authenticity of DNS data.
Extending JMS to Web Devices over HTML5 WebSockets - JavaOne 2011Peter Moskovits
HTML5 WebSockets offers secure, high-performance, bidirectional network communication over the Web and in the cloud, making applications more responsive while using less bandwidth: live dashboards, financial quotes and transactions, real-time auctions and betting, gaming, equipment monitoring . . . the list is endless. In this session, see how to extend the Java Message Service (JMS) API to Web devices over HTML5 WebSockets to enrich and accelerate your applications. Discover through concrete code examples and a live customer application how to develop highly interactive UIs showing real-time data from any middleware supporting JMS, such as Tibco EMS or Informatica UMQ. Demos include JavaFX and JavaScript running in a Web browser and on a mobile device.
The document provides a summary of Soumika Baddam's professional experience as a middleware administrator and system administrator. She has over 7 years of experience administering Weblogic Application Servers, Apache web servers, and BigData tools. Her responsibilities have included installing, configuring, and managing clustered environments, as well as deploying applications, configuring security, and performing troubleshooting.
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]APNIC
This document provides an overview of DNSSEC (Domain Name System Security Extensions). It discusses how DNSSEC introduces digital signatures to cryptographically protect DNS data and prevent man-in-the-middle attacks. It also describes some common DNS record types used in DNSSEC like DNSKEY, RRSIG, and DS. The document notes that while DNSSEC deployment has increased in top-level domains and root servers, adoption remains low at the second-level domain level, and more work is still needed for full deployment.
This document provides an introduction to a DNSSEC training course hosted by RIPE NCC. It explains that DNSSEC protects against DNS spoofing and data corruption by using digital signatures to authenticate DNS data and establish its integrity. The course aims to raise awareness of DNSSEC and provide guidance on deployment. It outlines DNSSEC mechanisms like using new resource records and signing zones to authenticate communication between servers and establish authenticity of DNS data.
Extending JMS to Web Devices over HTML5 WebSockets - JavaOne 2011Peter Moskovits
HTML5 WebSockets offers secure, high-performance, bidirectional network communication over the Web and in the cloud, making applications more responsive while using less bandwidth: live dashboards, financial quotes and transactions, real-time auctions and betting, gaming, equipment monitoring . . . the list is endless. In this session, see how to extend the Java Message Service (JMS) API to Web devices over HTML5 WebSockets to enrich and accelerate your applications. Discover through concrete code examples and a live customer application how to develop highly interactive UIs showing real-time data from any middleware supporting JMS, such as Tibco EMS or Informatica UMQ. Demos include JavaFX and JavaScript running in a Web browser and on a mobile device.
The document provides a summary of Soumika Baddam's professional experience as a middleware administrator and system administrator. She has over 7 years of experience administering Weblogic Application Servers, Apache web servers, and BigData tools. Her responsibilities have included installing, configuring, and managing clustered environments, as well as deploying applications, configuring security, and performing troubleshooting.
KAUshalye was born in 1980 in Sri Lanka. He studied at Prince of Wales' College and later earned a degree from the University of Moratuwa. He completed an internship at SKF in Sweden working on research and development projects. KAUshalye has worked with the Apache Software Foundation on several projects including Apache Axis2, Apache Rampart, and WSO2. He is currently a committer and PMC member of the Apache Software Foundation working on various web services specifications and open source projects.
The Pythagorean theorem states that in a right triangle, the square of the hypotenuse is equal to the sum of the squares of the two other sides. The formula is a2 + b2 = c2, where a and b are the lengths of the two sides adjacent to the right angle, and c is the length of the hypotenuse. The document provides examples of using the Pythagorean theorem to calculate the length of one side of a right triangle when the other two sides are known.
The document discusses a basic BGP lab scenario to demonstrate BGP configuration and operation. It describes a network with two ISPs connected to an AS through two boundary routers. In the initial scenario, EBGP is configured between the ISPs and boundary routers, with IGP (RIPv2) routing within the AS. The boundary routers cannot reach networks attached to the opposite ISP due to the lack of IBGP. Configuring IBGP allows the boundary routers to exchange routes and reach all networks.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
This document provides details about a project report submitted for a Masters degree in Computer Applications. It includes a certificate confirming the students developed a software called the Industrial Man Power and Resource Organizer. The report contains an acknowledgement, preface, contents, and introduction sections. The introduction provides an overview of the software which will allow users to manage employee information in a hierarchical organizational structure and help with tasks like monitoring performance, identifying vacancies, and future planning.
This document summarizes a study that assessed the vulnerability of Lake Mead's raw water intakes in Las Vegas Valley, Nevada to potential sources of contamination from the surrounding area. The study utilized geographic information systems (GIS) to delineate the watershed boundary and protection areas, identify land uses and soil characteristics, and locate potential contaminating activities. GIS tools were then used to analyze drainage networks, flow paths, and assign vulnerability ratings based on factors like contaminant travel time and risk. The results showed the highest vulnerability sources included septic systems, golf courses, storm channels, gas stations, auto shops, construction sites, and wastewater treatment plant discharges. The intakes were deemed at moderate risk for some contaminants and
Dokumen tersebut merupakan proposal Solusi Adi Soeprijanto untuk meningkatkan mutu ITS menuju universitas riset bereputasi internasional. Beberapa solusi yang diajukan antara lain memberikan beasiswa untuk mahasiswa berprestasi sarjana agar bisa lanjut ke jenjang pascasarjana, meningkatkan kerjasama internasional, serta meningkatkan komersialisasi hasil riset.
The document summarizes a study on the effects of a solution extracted from vermicompost on plant growth. Key findings from the study include:
1) A solution was extracted from vermicompost using a 1:1 ratio of vermicompost to distilled water and tested in hydroponic cultures of maize seedlings, capsicum seedlings, and Brassica pekinensis.
2) Plants treated with the extracted solution (E) showed increased chlorophyll content, nutrient uptake, fresh and dry root-shoot ratios compared to plants given only a nutrient solution (N).
3) Root system analysis found that plants given the extracted solution had longer roots, larger root surface area and
El documento resume los estudios de Osborne Reynolds sobre los diferentes regímenes de flujo de los fluidos, laminar y turbulento. Define el número de Reynolds, una dimensión adimensional clave que gobierna el proceso y permite determinar el tipo de flujo. Explica que para números bajos de Reynolds el flujo es laminar, dominado por la viscosidad, mientras que para números altos es turbulento, dominado por las fuerzas de inercia. Además, analiza las diferencias entre ambos regímenes y la importancia del estudio del número de Reynolds.
This document contains the resume of Ohiri Sylvester Chidi, an electrical engineer seeking new employment opportunities. It outlines his objective to contribute value and support corporate goals through leading edge engineering services. It provides details on his educational background including a B.Tech in electrical electronics engineering and safety certifications. It also lists his professional experience including roles in sales, SIM registration, equipment maintenance and repair for various companies. His skills include electrical engineering, maintenance management, project execution, control systems and computer proficiency.
The document discusses targeting young adults aged 16-21 as the audience for a new media product. It was determined that this age group enjoys psychological thrillers, especially those about teenagers, as they can relate to the realistic rather than dramatized portrayal of issues dealt with in the films. Keeping the media product relatively simple and realistic about loss was highlighted as important for engaging this intended audience.
Lake View Secondary School's vision is to provide academic excellence and rigor to support each student's fullest potential. Its mission is dedicated to scholarship, citizenship, and responsibility by pursuing excellence in learning and developing each student's talents with respect, regardless of background. Graduates will demonstrate proficiency in core subjects and technology, respect for diversity, and skills for postsecondary success and productive citizenship.
The document outlines a marketing campaign called "The New Blue" for JetBlue aimed at increasing passenger miles and revenue on certain routes. The campaign targets "Mature Excursionists" aged 55-64 with a $8 million budget across television, magazines, radio, billboards, and social media in 17 markets from February to September. The objectives are to increase passenger miles by 5% on select routes, increase vacation travelers by 5%, and generate 25% more revenue from coastal destinations from May to August.
FPL'2014 - FlexTiles Workshop - 8 - FlexTiles DemoFlexTiles Team
Slides presented at the FlexTiles Workshop at FPL'2014.
Presentation #8: FlexTiles Demo
FlexTiles is a heterogeneous many-core platform reconfigurable at run-time developed within an FP7 project.
This short document promotes creating presentations using Haiku Deck, a tool for making slideshows. It encourages the reader to get started making their own Haiku Deck presentation and sharing it on SlideShare. In just one sentence, it pitches the idea of using Haiku Deck to easily create engaging slideshow presentations.
TapSnap is an interactive photo booth company that allows customers to customize their experience. Their partner program offers marketing support and discounts of 15-20% off the standard rates. Partners can book TapSnap for events like weddings and parties, and set their own prices up to the maximum rate. The top revenue generating partner between November 2014 to June 2015 wins two airline tickets.
ION Islamabad, 25 January 2017
By Champika Wijayatunga, ICANN
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
This document discusses how F5 Networks' Dynamic DNS Services provide scalability, security, and availability for DNS infrastructure. The services improve web performance, protect sites from attacks, and direct traffic based on location. F5's solutions include BIG-IP Global Traffic Manager for robust, flexible, and secure DNS delivery globally. DNSSEC validation is supported for complete security while mitigating denial of service attacks and scaling to handle large traffic loads.
KAUshalye was born in 1980 in Sri Lanka. He studied at Prince of Wales' College and later earned a degree from the University of Moratuwa. He completed an internship at SKF in Sweden working on research and development projects. KAUshalye has worked with the Apache Software Foundation on several projects including Apache Axis2, Apache Rampart, and WSO2. He is currently a committer and PMC member of the Apache Software Foundation working on various web services specifications and open source projects.
The Pythagorean theorem states that in a right triangle, the square of the hypotenuse is equal to the sum of the squares of the two other sides. The formula is a2 + b2 = c2, where a and b are the lengths of the two sides adjacent to the right angle, and c is the length of the hypotenuse. The document provides examples of using the Pythagorean theorem to calculate the length of one side of a right triangle when the other two sides are known.
The document discusses a basic BGP lab scenario to demonstrate BGP configuration and operation. It describes a network with two ISPs connected to an AS through two boundary routers. In the initial scenario, EBGP is configured between the ISPs and boundary routers, with IGP (RIPv2) routing within the AS. The boundary routers cannot reach networks attached to the opposite ISP due to the lack of IBGP. Configuring IBGP allows the boundary routers to exchange routes and reach all networks.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
This document provides details about a project report submitted for a Masters degree in Computer Applications. It includes a certificate confirming the students developed a software called the Industrial Man Power and Resource Organizer. The report contains an acknowledgement, preface, contents, and introduction sections. The introduction provides an overview of the software which will allow users to manage employee information in a hierarchical organizational structure and help with tasks like monitoring performance, identifying vacancies, and future planning.
This document summarizes a study that assessed the vulnerability of Lake Mead's raw water intakes in Las Vegas Valley, Nevada to potential sources of contamination from the surrounding area. The study utilized geographic information systems (GIS) to delineate the watershed boundary and protection areas, identify land uses and soil characteristics, and locate potential contaminating activities. GIS tools were then used to analyze drainage networks, flow paths, and assign vulnerability ratings based on factors like contaminant travel time and risk. The results showed the highest vulnerability sources included septic systems, golf courses, storm channels, gas stations, auto shops, construction sites, and wastewater treatment plant discharges. The intakes were deemed at moderate risk for some contaminants and
Dokumen tersebut merupakan proposal Solusi Adi Soeprijanto untuk meningkatkan mutu ITS menuju universitas riset bereputasi internasional. Beberapa solusi yang diajukan antara lain memberikan beasiswa untuk mahasiswa berprestasi sarjana agar bisa lanjut ke jenjang pascasarjana, meningkatkan kerjasama internasional, serta meningkatkan komersialisasi hasil riset.
The document summarizes a study on the effects of a solution extracted from vermicompost on plant growth. Key findings from the study include:
1) A solution was extracted from vermicompost using a 1:1 ratio of vermicompost to distilled water and tested in hydroponic cultures of maize seedlings, capsicum seedlings, and Brassica pekinensis.
2) Plants treated with the extracted solution (E) showed increased chlorophyll content, nutrient uptake, fresh and dry root-shoot ratios compared to plants given only a nutrient solution (N).
3) Root system analysis found that plants given the extracted solution had longer roots, larger root surface area and
El documento resume los estudios de Osborne Reynolds sobre los diferentes regímenes de flujo de los fluidos, laminar y turbulento. Define el número de Reynolds, una dimensión adimensional clave que gobierna el proceso y permite determinar el tipo de flujo. Explica que para números bajos de Reynolds el flujo es laminar, dominado por la viscosidad, mientras que para números altos es turbulento, dominado por las fuerzas de inercia. Además, analiza las diferencias entre ambos regímenes y la importancia del estudio del número de Reynolds.
This document contains the resume of Ohiri Sylvester Chidi, an electrical engineer seeking new employment opportunities. It outlines his objective to contribute value and support corporate goals through leading edge engineering services. It provides details on his educational background including a B.Tech in electrical electronics engineering and safety certifications. It also lists his professional experience including roles in sales, SIM registration, equipment maintenance and repair for various companies. His skills include electrical engineering, maintenance management, project execution, control systems and computer proficiency.
The document discusses targeting young adults aged 16-21 as the audience for a new media product. It was determined that this age group enjoys psychological thrillers, especially those about teenagers, as they can relate to the realistic rather than dramatized portrayal of issues dealt with in the films. Keeping the media product relatively simple and realistic about loss was highlighted as important for engaging this intended audience.
Lake View Secondary School's vision is to provide academic excellence and rigor to support each student's fullest potential. Its mission is dedicated to scholarship, citizenship, and responsibility by pursuing excellence in learning and developing each student's talents with respect, regardless of background. Graduates will demonstrate proficiency in core subjects and technology, respect for diversity, and skills for postsecondary success and productive citizenship.
The document outlines a marketing campaign called "The New Blue" for JetBlue aimed at increasing passenger miles and revenue on certain routes. The campaign targets "Mature Excursionists" aged 55-64 with a $8 million budget across television, magazines, radio, billboards, and social media in 17 markets from February to September. The objectives are to increase passenger miles by 5% on select routes, increase vacation travelers by 5%, and generate 25% more revenue from coastal destinations from May to August.
FPL'2014 - FlexTiles Workshop - 8 - FlexTiles DemoFlexTiles Team
Slides presented at the FlexTiles Workshop at FPL'2014.
Presentation #8: FlexTiles Demo
FlexTiles is a heterogeneous many-core platform reconfigurable at run-time developed within an FP7 project.
This short document promotes creating presentations using Haiku Deck, a tool for making slideshows. It encourages the reader to get started making their own Haiku Deck presentation and sharing it on SlideShare. In just one sentence, it pitches the idea of using Haiku Deck to easily create engaging slideshow presentations.
TapSnap is an interactive photo booth company that allows customers to customize their experience. Their partner program offers marketing support and discounts of 15-20% off the standard rates. Partners can book TapSnap for events like weddings and parties, and set their own prices up to the maximum rate. The top revenue generating partner between November 2014 to June 2015 wins two airline tickets.
ION Islamabad, 25 January 2017
By Champika Wijayatunga, ICANN
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
This document discusses how F5 Networks' Dynamic DNS Services provide scalability, security, and availability for DNS infrastructure. The services improve web performance, protect sites from attacks, and direct traffic based on location. F5's solutions include BIG-IP Global Traffic Manager for robust, flexible, and secure DNS delivery globally. DNSSEC validation is supported for complete security while mitigating denial of service attacks and scaling to handle large traffic loads.
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksFindWhitePapers
Domain Name System (DNS) provides one of the most basic but critical functions on the Internet. If DNS isn't working, then your business likely isn't either. Secure your business and web presence with Domain Name System Security Extensions (DNSSEC).
This document provides an introduction to a DNSSEC training course hosted by RIPE NCC. It explains that DNSSEC protects against DNS spoofing and data corruption by using digital signatures to authenticate DNS data and establish the integrity and authenticity of DNS responses. The training course aims to raise awareness of DNSSEC and provide guidance on deployment. It outlines the course agenda which will cover DNSSEC mechanisms such as signing zones and establishing chains of trust, as well as operational concerns. Finally, it provides background on the trainers and the expected audience for the training.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
This document discusses DNS rebinding attacks and defenses against them. DNS rebinding works by resolving a domain name to the attacker's IP address for a short time, then rebinding it to the target's IP. This allows the attacker to circumvent the same-origin policy and run code on the target's machine. Experiments showed the attack could recruit over 30,000 browsers to a botnet without any user interaction using Flash. Defenses include smarter pinning in browsers, host name authorization, and policy-based approaches. Plug-ins also need to consult server policies before opening sockets.
- Whalebone provides DNS resolution services for millions protecting against malware and anomalies
- They have experienced random subdomain attacks that try to take down domains by overloading resolvers with queries for nonexistent subdomains
- DNSSEC aggressive caching helps mitigate these attacks by reducing load on authoritative nameservers for nonexistent records
- However, some devices like F5 BIG-IP load balancers have had faulty implementations of DNSSEC that can cause validation failures and resolution issues
Who are you really calling? When we we use VoIP systems, how can we be sure we are talking to the correct people? Particularly as we increasingly move communications to IP? In this presentation at SIPNOC 2013, Dan York introduced the ideas around DNSSEC and DANE and asked questions around how these might potentially be used to add an additionally layer of security for VoIP.
For more info, see:
http://www.internetsociety.org/deploy360/dnssec/
IT challenges are growing at exponential rates
Most of these challenges are external forces pushing in on IT
The challenges are a mix of both apps and infrastructure – mobile apps and BYoD tax both the app and network infrastructure
However the solutions are typically siloed, focused on solving very specific issues without addressing the larger problems as a whole
These technology shifts, many of which are creating market transitions. Creating a great opportunity for solutions. For example,
Users no longer work from the office. Today, they work for anywhere, at any time, one any device, and corporations needs solutions for a mobile work force
The rise of the Cloud and Software Define Data Center….means that applications are equally portable and require a new set of solutions to ensure they’re fast, secure and available
With such changes, there are new forms or threats…from simple FW solutions, to DDoS (volumetric and application centric), to malware, fraud and much more
Lets not forget Software Defined “Everything”, customer want a much more agile infrastructure and orchestration and manageability. At a push of a button they want to orchestrate the whole stack.
Clearly, there will be more devices and traffic. Demanding more diameter signaling, security and QoE
And last, let not forget the HTTP is the new TCP. HTTP is the web protocol and therefore your network infrastructure needs to be aware of the session flows and messages, which requires intelligence beyond the traditional layer 3 solutions
All these solutions are having dramatic implications on applications an the users that access them.
DNS resolution is far from being resolved. The latest developments in standards bring not only significant security improvements but also additional configuration and management requirements.
This presentation is summing up the latest related challenges and introduce benefits that all network operators can get out of it with the focus on the DNSSEC challenges and benefits:
- Examples of incidents during DNSSEC introduction and the case study of country-wide DNSSEC introduction from .sk TLD.
- DNSSEC as a benefit for the network-manager - DNSSEC can be beneficial not only for the user. It can be a great benefit for the internet provider or network-manager due to the NSEC3 negative caching.
The DNSSEC key signing key (or KSK) of the DNS root zone will be changed in the summer of 2017. During the time between July and October, all DNSSEC validating resolver need to get the new key material.
In this webinar we explain the KSK roll, how DNS resolver will load the new KSK with the RFC 5011 protocol and how a DNS administrator can verify that the new KSK is present in the resolvers configuration.
Anchor provides affordable website and email hosting with 99.8% uptime. Plans include storage, data transfer, email accounts, and features like PHP, databases, and control panel access starting at $32.50/month. Customers praise Anchor's fast servers and excellent support. The document outlines Anchor's hosting services, plans, and infrastructure to provide a reliable hosting solution for customers.
Learn to recognize the many ways in which attackers can tamper with DNS servers and records, and the measures you can take to prevent this.
See the full webinar and the rest of the series at https://www.thousandeyes.com/resources/monitoring-for-dns-security-webinar
https://f5.com/solutions/enterprise/reference-architectures/intelligent-dns-scale
DNS is the backbone of the Internet. It allows humans to find domain names like www.f5.com instead of the numerical IP addresses web servers require. It is also one of the most vulnerable points in your network. DNS failures account for 41 percent of web downtime, so keeping your DNS available is essential to your business. F5 can help you manage DNS's rapid growth and avoid outages with end-to-end solutions that increase the speed, availability, scalability, and security of your DNS infrastructure. Plus, our solution enables you to consolidate DNS services onto fewer devices, which are easier to secure and manage than traditional DNS deployments
A webinar that looks into the new features that the Windows Server 2016 will offer in the DNS, DHCP and IPv6 space.
Showcase of some of the new stuff using the latest tech preview and the aim is to give administrators a quick overview of the Windows Server 2016 and enough information to decide if early adoption is worthwhile.
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsOpenDNS
Leveraging DNS data to detect new Internet threats has been gaining in popularity in the past few years. However, most industry and academic work examines DNS solely from the authoritative layer through the use of passive DNS. This presentation covers three novel methods that can be used to detect network threats at an Internet scale by analyzing DNS traffic below and above the recursive layer, monitoring malware hosting IP infrastructures, and applying graph analytics on DNS lookup patterns.
Why Implement DNSSEC?
Champika Wijayatunga from ICANN discusses the importance of implementing DNSSEC. DNSSEC introduces digital signatures to cryptographically secure DNS data and protect against threats like cache poisoning, spoofing, and man-in-the-middle attacks. While DNSSEC does not protect server threats or ensure data correctness, it does establish the authenticity and integrity of DNS data retrieved. Fully implementing DNSSEC allows businesses and users to be confident they are receiving unmodified DNS information. However, more needs to be done to increase awareness and provide turnkey solutions in order for widespread DNSSEC adoption.
The document discusses the business case for implementing IPV6 and DNSSEC. It outlines some key criteria for a successful business, including high sales, profits, customer satisfaction, quality products, reputation and sustained growth. It then discusses the limited remaining IPv4 addresses and the need to transition to IPv6. The document also summarizes the key components and security objectives of DNSSEC for securing DNS transactions and authenticating data. Finally, it discusses potential business benefits and motivations for early adopters of DNSSEC across different roles like registries, zone operators and registrars.
Securing Your Endpoints Using Novell ZENworks Endpoint Security ManagementNovell
Endpoint security is one of the greatest concerns on the minds of senior management today. Protecting your data and controlling how systems access resources is of the utmost importance. You must take actions to protect your infrastructure while ensuring your employees can continue to perform their jobs effectively and efficiently. Come to this session to learn how you can leverage the power of Novell ZENworks Endpoint Security Management across your enterprise to achieve this delicate balance—so you and the rest of your organization can sleep at night.
ION Tokyo slides for "The Business Case for Implementing DNSSEC" by Dan York (Internet Society).
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
Similar to ION Mumbai - Richard Lamb: Why DNSSEC? (20)
23 November 2017 - At ION Belgrade, Kevin Meynell discusses what happened at the recent IETF meeting, and how to get involved in the open Internet standards community.
The document provides information about the Internet Society and its Deploy360 program. It summarizes that the Internet Society was founded 25 years ago to support the technical evolution and use of the Internet. Its Deploy360 program aims to advance the real-world deployment of protocols like IPv6, DNSSEC, and TLS by providing hands-on technical resources for networks. The program involves online documentation, events, and engaging with first adopters to share deployment experiences. It encourages participation through its website, social media, and industry events.
This document provides information about joining the Internet Society and its Serbia chapter to help preserve the open internet. It encourages attendees to get involved by creating content or providing feedback to help develop resources for internet deployments. Contact details and links are given to follow developments and access presentation materials from the conference.
September 2017 - Aftab Siddiqui presents on the Mutually Agreed Norms for Routing Security (MANRS), and how we can work together to improve the security and resiliency of the Internet's routing system.
18 September 2017 - ION Malta
What’s happening at the Internet Engineering Task Force (IETF)? What RFCs and Internet-Drafts are in progress related to IPv6, DNSSEC, Routing Security/Resiliency, and other key topics? We’ll give an overview of the ongoing discussions in several working groups and discuss the outcomes of recent Birds-of-a-Feather (BoF) sessions, and provide a preview of what to expect in future discussions.
Collaboration and shared responsibility are two pillars supporting the Internet’s growth and success. While the global routing system has worked well, it has significant security challenges that we must address. In this panel, security experts will discuss how we can create a culture of collective responsibility and improve the global routing system, including an introduction to the “Mutually Agreed Norms for Routing Security” (MANRS).
18 September 2017 - ION Malta
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the reasons for deploying DNSSEC, examine some of the challenges operators have faced, and address those challenges and move deployment forward.
18 September 2017 - Rick Lamb, ICANN, on DANE:
If you connect to a “secure” server using TLS/SSL (such as a web server, email server or xmpp server), how do you know you are using the correct certificate? With DNSSEC now being deployed, “DANE” (“DNS-Based Authentication of Named Entities”) has emerged allowing you to securely specify exactly which TLS/SSL certificate an application should use to connect to your site. DANE has great potential to make the Internet much more secure by marrying the strong integrity protection of DNSSEC with the confidentiality of SSL/TLS certificates. In this session, we will explain how DANE works and how you can use it to secure your websites, email, XMPP, VoIP, and other web services.
18 September 2017 - At ION Malta, Adam Peake discusses the IANA transition:
The IANA transition was successfully completed in October 2016 creating strengthened relationships between the IETF (Internet protocols and standards), Regional Internet Registries RIRs (IP addresses), and ccTLD and gTLD operators and TLD community and ICANN. A new organisation, Public Technical Identifiers (PTI), an affiliate of ICANN, is now responsible for performing the IANA functions and delivering the IANA Services on behalf of ICANN. The session will discuss these new arrangements and how they have enhanced ICANN’s accountability and transparency to the global Internet community. The session will also describe how ICANN is preparing for the Root KSK Rollover.
This document summarizes Finland's efforts to promote IPv6 adoption. It discusses the formation of the Finnish IPv6 Task Force to develop recommendations for IPv6 implementation. It also describes Finland's national IPv6 launch in 2015, where major ISPs enabled IPv6 for over 5 million broadband subscriptions. As a result, IPv6 usage increased significantly. The document discusses challenges faced during the transition like upgrading network equipment and changing attitudes. It concludes that while work remains, the launch was successful and IPv6 introduction costs can be limited by starting with easier implementations.
The document discusses Marco d'Itri's thoughts on the transition to IPv6. It describes the transition as ongoing, with no flag days, as IPv6 adoption grows. It notes that while IPv4 NAT is easy for access networks, it is difficult for servers. Many large content providers already use IPv6. The transition involves steps before IPv4 addresses ran out, the current transition period, and after the transition when IPv4 will be optional. IPv6 adoption is growing in several countries like Belgium and the US. Eventually IPv4-only islands will need to make themselves accessible over IPv6. The document provides advice on starting an IPv6 transition and offers a simple IPv6 addressing plan.
MANRS protects networks and reputations by preventing BGP leaks and spoofing that can saturate networks or attack infrastructure. Implementing MANRS filtering of BGP customers and spoofed traffic helps avoid these issues. It also allows other networks to filter your routes to prevent leaks. While RPSL is complex, registering autonomous systems and routes in the RIPE database through simple objects helps third parties and saves time for automation. Overall, MANRS establishes basic management practices that benefit networks by improving stability and security.
The document provides information about celebrating 25 years of the Internet Society and getting involved in various initiatives. It encourages readers to help shape the future of the internet, visit websites for more resources, follow social media accounts, and find presentation archives from a past conference. Contact details are also listed.
The document summarizes Thato Mfikwe's presentation at the ION Conference 2017 in Durban about the ISOC South Africa Gauteng Chapter. It provides details about the chapter's establishment, vision, pillars, membership reach across Africa and Europe, and projects from 2014-2016 and planned for 2017 focusing on community networks, policy engagement, outreach, and training. It also discusses ICT, internet governance landscape, topics at the ION conference including DNS, IPv6, cyber threats, and secure routing.
7 September 2017 - At ION Conference Durban, South Africa, Kevin Meynell discusses what's happening at the IETF in the world of Internet standards, and how you can get involved in the process.
More from Deploy360 Programme (Internet Society) (20)
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
High performance Serverless Java on AWS- GoTo Amsterdam 2024Vadym Kazulkin
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
QA or the Highway - Component Testing: Bridging the gap between frontend appl...zjhamm304
These are the slides for the presentation, "Component Testing: Bridging the gap between frontend applications" that was presented at QA or the Highway 2024 in Columbus, OH by Zachary Hamm.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Introduction of Cybersecurity with OSS at Code Europe 2024
ION Mumbai - Richard Lamb: Why DNSSEC?
1. The
Business
Case
for
DNSSEC
InterOp/ION
Mumbai
2012
11
October
2012
richard.lamb@icann.org
2. The
Business
Case
for
DNSSEC
• Cyber
security
is
becoming
a
greater
concern
to
enterprises,
government,
and
end
users.
DNSSEC
is
a
key
tool
and
differenFator.
• DNSSEC
is
the
biggest
security
upgrade
to
Internet
infrastructure
in
over
20
years.
It
is
a
plaHorm
for
new
security
applicaFons
(for
those
that
see
the
opportunity).
• DNSSEC
infrastructure
deployment
has
been
brisk
but
requires
experFse.
GeOng
ahead
of
the
curve
is
a
compeFFve
advantage.
3. Where
DNSSEC
fits
in
• DNS
converts
names
(www.tata.in)
to
numbers
(64.37.102.54)
• ..to
idenFfy
services
such
as
www
and
e-‐mail
• ..that
idenFfy
and
link
customers
to
business
and
visa
versa
4. Where
DNSSEC
fits
in
• ..but
CPU
and
bandwidth
advances
make
legacy
DNS
vulnerable
to
MITM
aYacks
• DNS
Security
Extensions
(DNSSEC)
introduces
digital
signatures
into
DNS
to
cryptographically
protect
contents
• With
DNSSEC
fully
deployed
a
business
can
be
sure
a
customer
gets
un-‐modified
data
(and
visa
versa)
5. The
Original
Problem:
DNS
Cache
Poisoning
A?ack
www.majorbank.se = 1.2.3.4
www.majorbank.se=?
DNS
DNS
5.6.7.8
Resolver
Server
ENTERPRISE
Attacker
www.majorbank.se = 5.6.7.8
Get page
Attacker
Login page webserver
Username / Password
www @
Error 5.6.7.8
ISP
/
ENTERPRISE
/
END
NODE
Password database
Animated
slide
detailed
descripFon
at:
h?p://unixwiz.net/techFps/iguide-‐kaminsky-‐dns-‐vuln.html
6. Argghh!
Now
all
ISP
customers
get
sent
to
a?acker.
www.majorbank.se = 1.2.3.4
www.majorbank.se=? DNS DNS
5.6.7.8 Resolver Server
Get page Attacker
Login page webserver
Username / Password www @
Error 5.6.7.8
Password database
Animated
slide
7. The
Bad:
DNSChanger
-‐
‘Biggest
Cybercriminal
Takedown
in
History’
–
4M
machines,
100
countries,
$14M
Nov
2011
h?p://krebsonsecurity.com/2011/11/malware-‐click-‐fraud-‐kingpins-‐arrested-‐in-‐estonia/
End-‐2-‐end
DNSSEC
validaFon
would
have
avoided
the
problems
8. The
Bad:
Brazilian
ISP
fall
vicFm
to
a
series
of
DNS
a?acks
7
Nov
2011
h?p://www.securelist.com/en/blog/208193214/Massive_DNS_poisoning_a?acks_in_Brazil
End-‐2-‐end
DNSSEC
validaFon
would
have
avoided
the
problems
9. The
Bad:
Other
DNS
hijacks*
• 25
Dec
2010
-‐
Russian
e-‐Payment
Giant
ChronoPay
Hacked
• 18
Dec
2009
–
Twi?er
–
“Iranian
cyber
army”
• 13
Aug
2010
-‐
Chinese
gmail
phishing
a?ack
• 25
Dec
2010
Tunisia
DNS
Hijack
• 2009-‐2012
google.*
– April
28
2009
Google
Puerto
Rico
sites
redirected
in
DNS
a?ack
– May
9
2009
Morocco
temporarily
seize
Google
domain
name
• 9
Sep
2011
-‐
Diginotar
cerFficate
compromise
for
Iranian
users
• SSL
/
TLS
doesn't
tell
you
if
you've
been
sent
to
the
correct
site,
it
only
tells
you
if
the
DNS
matches
the
name
in
the
cerFficate.
Unfortunately,
majority
of
Web
site
cerFficates
rely
on
DNS
to
validate
idenFty.
• DNS
is
relied
on
for
unexpected
things
though
insecure.
*A
Brief
History
of
DNS
Hijacking
-‐
Google
h?p://costarica43.icann.org/meeFngs/sanjose2012/presentaFon-‐dns-‐hijackings-‐marquis-‐boire-‐12mar12-‐en.pdf
10. The
Good:
Securing
DNS
with
DNSSEC
Attacker’s record does not
validate – drop it
www.majorbank.se = 1.2.3.4
www.majorbank.se=? DNS DNS
1.2.3.4 Resolver Server with
with Attacker DNSSEC
DNSSEC www.majorbank.se = 5.6.7.8
Get page
Login page webserver
Username / Password www @
Account Data 1.2.3.4
Animated
slide
11. The
Good:
Resolver
only
caches
validated
records
www.majorbank.se = 1.2.3.4
www.majorbank.se=?
DNS
DNS
1.2.3.4
Resolver
Server with
with
DNSSEC
DNSSEC
Get page
Login page webserver
Username / Password www @
Account Data 1.2.3.4
ISP
/
ENTERPRISE
ENTERPRISE
/
END
NODE
Animated
slide
12. DNSSEC
interest
from
governments
• Sweden,
Brazil,
Netherlands
and
others
encourage
DNSSEC
deployment
to
varying
degrees
• Mar
2012
-‐
AT&T,
CenturyLink
(Qwest),
Comcast,
Cox,
Sprint,
TimeWarner
Cable,
and
Verizon
have
pledged
to
comply
and
abide
by
US
FCC
[1]
recommendaFons
that
include
DNSSEC..
“A
report
by
Gartner
found
3.6
million
Americans
geOng
redirected
to
bogus
websites
in
a
single
year,
cosFng
them
$3.2
billion.,”[2].
• 2008
US
.gov
mandate.
>60%
operaFonal.
[3]
[1]
FCC=Federal
CommunicaFons
Commission=US
communicaFons
Ministry
[2]
h?p://securitywatch.pcmag.com/security/295722-‐isps-‐agree-‐to-‐fcc-‐rules-‐on-‐anF-‐botnet-‐dnssec-‐internet-‐rouFng
[3]
h?p://www.whitehouse.gov/sites/default/files/omb/memoranda/fy2008/m08-‐23.pdf
13. Security
as
DifferenFator
and
Edge
• DifferenFator
– Increased
cyber
security
awareness
for
govts
and
industry
– Major
ISP
says
security
now
on
checklist
for
customers
• DNSSEC
Service
and
Support
– 94/316
TLDs
(e.g.,
.com,.in,.nl,..)
– Growing
ISPs
adopFon*
– Available
to
84%
of
domains
– Vendor
support
(ISC/BIND,
Microsoo..)
– gTLDs
(e.g.,
.bank,
.search)
require
it
*COMCAST
Internet
(18M),
TeliaSonera
SE,
Sprint,Vodafone
CZ,Telefonica
CZ,
T-‐mobile
NL,
SurfNet
NL,
SANYO
InformaFon
Technology
SoluFons
JP,
others..
14. +1-‐202-‐709-‐5262
US-‐NSTIC
effort
VoIP
DNS
is
a
part
of
all
IT
ecosystems
OECS
ID
effort
lamb@xtcn.com
Smart
Electrical
Grid
mydomainname.com
15. The
Bad:
SSL
DiluFon
of
Trust
The
Good:
DNSSEC
=
Global
“free”
PKI
CA
CerFficate
roots
~1482
DNSSEC
root
-‐
1
Content
security
Cross-‐
Content
security
“Free
SSL”
Commercial
SSL
organizaFonal
and
cerFficates
for
Web
trans-‐naFonal
CerFficates
for
and
e-‐mail
and
“trust
idenFty
and
Web
and
e-‐mail
agility”
authenFcaFon
Network
security
DANE
and
other
yet
to
be
IPSECKEY
RFC4025
E-‐mail
security
discovered
security
DKIM
RFC4871
innovaFons,
enhancements,
Securing
VoIP
and
synergies
Login
security
Domain
Names
SSHFP
RFC4255
hYps://www.eff.org/observatory
hYp://royal.pingdom.com/2011/01/12/internet-‐2010-‐in-‐numbers/
16. Opportunity:
New
Security
Products
• Improved
Web
SSL
and
cerFficates
for
all*
• Secured
e-‐mail
(S/MIME)
for
all*
• Validated
remote
login
SSH,
IPSEC*
• Securing
VoIP
• Cross
organizaFonal
digital
idenFty
systems
• Secured
content
delivery
(e.g.
configuraFons,
updates,
keys)
• Securing
Smart
Grid
efforts
• A
global
PKI
• Increasing
trust
in
e-‐commerce
A
good
ref
h?p://www.internetsociety.org/deploy360/dnssec/
*IETF
standards
complete
or
currently
being
developed
18. The
Internet’s
Phone
Book
-‐
Domain
Name
System
(DNS+DNSSEC)
www.majorbank.se = 1.2.3.4
www.majorbank.se=? DNS DNS
1.2.3.4 Resolver Server
Get page
Login page webserver
Username / Password www @
Account Data 1.2.3.4
ISP/
HotSpot
/
Majorbank.se (Registrant)
Enterprise/
End
Node
DNS
Server
.se (Registry)
DNS
Server
Animated
slide
. (Root)