Please heed ICANN's warning. Ask your team to walk through a full domain security check. This guide was created by having DNS experts review all of the ICANN, NIST, IETF, DNS-OARC, and tapping into our own decades of DNS management experience. Let us know if you have questions on this guide (we're doing updates based on feedback).
https://blogs.akamai.com/2019/02/protecting-your-domain-names-taking-the-first-steps.html > On Feb 23, 2019, at 10:46 PM, Fahd Batayneh <[email protected]> wrote: > > The below should be of interest to those interested in the security, > stability, and resiliency of the Internet’s Unique Identifiers Systems. > > Fahd Batayneh > ICANN > > Date: Saturday, February 23, 2019 at 1:33 AM > Subject: ICANN News Alert -- ICANN Calls for Full DNSSEC Deployment, Promotes > Community Collaboration to Protect the Internet > > > > > ICANN Calls for Full DNSSEC Deployment, Promotes Community Collaboration to > Protect the Internet > <https://urldefense.proofpoint.com/v2/url?u=http-3A__newsalerts.icann.org_m000Nv20000d0PB0RlB0CE0&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=pu7jN3q1ZBfuo7H0_TGgnLZ6DmTKXODkmnlRRHjLLAY&m=Xu2gisKuZUXVKtjhkma4hALrx_-gfO4V3DWP0dkBZnQ&s=v6goeLXlphTL9TIoKGnbn6TcA67sQDu3sieqowCmQUk&e=> > 22 February 2019 > > LOS ANGELES – 21 February 2019 – The Internet Corporation for Assigned Names > and Numbers (ICANN) believes that there is an ongoing and significant risk to > key parts of the Domain Name System (DNS) infrastructure. > > In the context of increasing reports of malicious activity targeting the DNS > infrastructure, ICANN is calling for full deployment of the Domain Name > System Security Extensions (DNSSEC) across all unsecured domain names. The > organization also reaffirms its commitment to engage in collaborative efforts > to ensure the security, stability and resiliency of the Internet’s global > identifier systems. > > As one of many entities engaged in the decentralized management of the > Internet, ICANN is specifically responsible for coordinating the top-most > level of the DNS to ensure its stable and secure operation and universal > resolvability. > > On 15 February 2019, in response to reports of attacks against key parts of > the DNS infrastructure, ICANN offered a checklist > <https://urldefense.proofpoint.com/v2/url?u=http-3A__newsalerts.icann.org_j0wR002PC00000BNEdC0l00&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=pu7jN3q1ZBfuo7H0_TGgnLZ6DmTKXODkmnlRRHjLLAY&m=Xu2gisKuZUXVKtjhkma4hALrx_-gfO4V3DWP0dkBZnQ&s=GEOuD07jUllPX8J4GG0sPZSzCVlfhI4GvUDT2ammOEw&e=> > of recommended security precautions for members of the domain name industry, > registries, registrars, resellers, and related others, to proactively take to > protect their systems, their customers’ systems and information reachable via > the DNS. > > Public reports > <https://urldefense.proofpoint.com/v2/url?u=http-3A__newsalerts.icann.org_uDN0000R0P0d0x02lB0CE00&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=pu7jN3q1ZBfuo7H0_TGgnLZ6DmTKXODkmnlRRHjLLAY&m=Xu2gisKuZUXVKtjhkma4hALrx_-gfO4V3DWP0dkBZnQ&s=cX8J3lUU5ZuS_nbVgUse10Z9GshdBVA9qdkF2VDFEJk&e=> > indicate that there is a pattern of multifaceted attacks utilizing different > methodologies. Some of the attacks target the DNS, in which unauthorized > changes to the delegation structure of domain names are made, replacing the > addresses of intended servers with addresses of machines controlled by the > attackers. This particular type of attack, which targets the DNS, only works > when DNSSEC is not in use. DNSSEC is a technology developed to protect > against such changes by digitally 'signing' data to assure its validity. > Although DNSSEC cannot solve all forms of attack against the DNS, when it is > used, unauthorized modification to DNS information can be detected, and users > are blocked from being misdirected. > > ICANN has long recognized the importance of DNSSEC and is calling for full > deployment of the technology across all domains. Although this will not solve > the security problems of the Internet, it aims to assure that Internet users > reach their desired online destination by helping to prevent so-called “man > in the middle” attacks where a user is unknowingly re-directed to a > potentially malicious site. DNSSEC complements other technologies, such as > Transport Layer Security (most typically used in HTTPS) that protect the end > user/domain communication. > > As the coordinator of the top-most level of the DNS, ICANN is in the position > to help mitigate and detect DNS-related risks, and to facilitate key > discussions together with its partners. The organization believes that all > members of the domain name system ecosystem must work together to produce > better tools and policies to secure the DNS and other critical operations of > the Internet. To facilitate these efforts, ICANN is planning an event for the > Internet community to address DNS protection: The first is an open session > during the upcoming ICANN64 public meeting on 9-14 March 2019, in Kobe, > Japan. > > As we learn more information, updates may be provided. For information about > ICANN64, visithttps://meetings.icann.org/kobe64 > <https://urldefense.proofpoint.com/v2/url?u=http-3A__newsalerts.icann.org_SR0E2d00P000NCB0000l0yE&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=pu7jN3q1ZBfuo7H0_TGgnLZ6DmTKXODkmnlRRHjLLAY&m=Xu2gisKuZUXVKtjhkma4hALrx_-gfO4V3DWP0dkBZnQ&s=z-fmKfQ2zFqgUwnWE3kN5vJcpGZS1rGCTbmfRqpTGHo&e=>. > > About ICANN > > ICANN's mission is to help ensure a stable, secure, and unified global > Internet. To reach another person on the Internet, you need to type an > address – a name or a number – into your computer or other device. That > address must be unique so computers know where to find each other. ICANN > helps coordinate and support these unique identifiers across the world. ICANN > was formed in 1998 as a not-for-profit public-benefit corporation with a > community of participants from all over the world. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > Menog mailing list > [email protected] <mailto:[email protected]> > http://lists.menog.org/mailman/listinfo/menog > <http://lists.menog.org/mailman/listinfo/menog>
_______________________________________________ Menog mailing list [email protected] http://lists.menog.org/mailman/listinfo/menog
