Difference between revisions of "DNS Security Facilitation - Technical Study Group"

From ICANNWiki
Jump to navigation Jump to search
Line 39: Line 39:
 
# Educate on Authentication  
 
# Educate on Authentication  
 
# Registry Locks
 
# Registry Locks
# Raise Awareness of Best Practices for [[Infrastructure]] Security
+
# Raise Awareness of Best Practices for [[ICANN Terms#Infrastructure|Infrastructure]] Security
 
# DNS [[RBL|Blocking]] and Filtering
 
# DNS [[RBL|Blocking]] and Filtering
 
# Incident Responses
 
# Incident Responses

Revision as of 20:21, 15 November 2021

The DNS Security Facilitation - Technical Study Group (DSFI-TSG) was formed to investigate and determine what ICANN should and should not do based on the technical landscape -- not about DNS Abuse -- but about security threats and attack vectors, including the DNS itself. This study group provides technical guidance to the ICANN CEO on what ICANN can initiate to facilitate DNS security.[1] This group does not make policy but it may make policy recommendations.

Members

Guiding Questions

  1. Which ICANN mechanisms or functions specifically address DNS security?[2]
  2. What are the most critical gaps in the DNS security landscape?
  3. what technical requirements are needed to fill the gaps?
  4. How to fix operational best practices to address the gaps?
  5. What are the hindrances to their deployments?
  6. Who should fill those gaps?
  7. what is ICANN Organization's role?
  8. What strategic partnerships should ICANN org make to enhance DNS security?
  9. What are the risks?
  10. What are the shortcomings of the current threat models?
  11. What are the externalities?
  12. which DNS characteristics attract security problems that other Internet services don’t have?
  13. What can ICANN learn from other protocols or industries that face similar issues?

History

The group met 29 times between June 2020 and September 2021 to answer the aforementioned questions and draft recommendations for the ICANN CEO.[3] The group submitted its draft report to the ICANN CEO in October 2021, just prior to ICANN 72.[4] At ICANN 72, the group presented its findings in a session during Prep Week.[5]

Work Product

The Final Report indicated that ICANN Organization can improve the security of the DNS directly, through funded research and education, and indirectly through partnerships, community collaboration, and contractual controls and offered 12 recommendations:[6]

  1. Develop a Tabletop Exercise Program
  2. Continue Existing Work on DNS Abuse
  3. Investigate DNS Security Enhancements
  4. Investigate Best Practices for Authentication
  5. Empower Contracted Parties
  6. Bug Bounty Program Feasibility Funding
  7. Educate on Authentication
  8. Registry Locks
  9. Raise Awareness of Best Practices for Infrastructure Security
  10. DNS Blocking and Filtering
  11. Incident Responses
  12. Raise Covert Channel Awareness

References

  1. DSFTSG Charter
  2. DSFTSG Charter
  3. DSFTSG Key Meetings Timeline
  4. ICANN.org Blog - DSFI-TSG Delivers its Final Report, October 13, 2021
  5. ICANN 72 Archive - Introducing the DSFI-TSG, October 14, 2021
  6. DSFI-TSG Final Report, ICANN Community
Retrieved from "https://icannwiki.org/index.php?title=DNS_Security_Facilitation_-_Technical_Study_Group&oldid=1340909"