1 / 13

Security Advisory Committee

Security Advisory Committee. ICANN Meetings Bucharest June 27, 2002. Formation Committee Charter Audience. Approach Long-term schedule Near term Schedule Other Groups. Topics. Formation. 9/11 => November Marina del Rey meeting Excellent participation

driskellr
Télécharger la présentation

Security Advisory Committee

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Advisory Committee ICANN Meetings Bucharest June 27, 2002

  2. Formation Committee Charter Audience Approach Long-term schedule Near term Schedule Other Groups Topics

  3. Formation • 9/11 => November Marina del Rey meeting • Excellent participation • Appropriate forum for Internet-wide coordination • Board directed creation of a… “… committee on the security and stability of the Internet's naming and address allocation systems.” • Started as a President’s committee • Converted to a standing board committee

  4. Steve Crocker, Chair Alain Aina Jaap Akkerhuis Doug Barton Steven M. Bellovin Rob Blokzijl David R. Conrad Daniel Karrenberg Mark Kosters Allison Mankin Ram Mohan Russ Mundy Jun Murai Frederico A.C. Neves Ray Plzak Doron Shinkomi Ken Silva Bruce Tonkin Paul Vixie Rick Wesson Committee Plus: Stuart Lynn, Andrew McLaughlin, Jim Galvin

  5. Committee Strengths • Root Server Operators • gTLD Operators • ccTLD Operators • Name Space Registries • Registrars • Internet Security No policy or political members(!)

  6. Charter • “Develop a framework for DNS and address allocation security…” • “Develop requirements for new or revised DNS standards and protocols…” • “Engage in ongoing risk analysis…” • Track progress and synchronize with existing standardization, deployment, operational, and coordination activities.

  7. Audience • ICANN Board (of course) • IETF and Security Community • Operators • Servers – Root, gTLD, ccTLD, Address • Registrars • ISPs • Governments • Public

  8. Approach • Strength • Measurement • Communication

  9. Strength • Protocols: The protocols are well defined and well designed • System Design: The system of servers and communication paths is strong and robust against both qualitative attacks, e.g. source address spoofing, and quantitative attacks, e.g. DDOS. • Registration: The registration procedures are strong and reasonably uniform • Threats: The threats are identified and countered

  10. Measurement • Metrics and Milestones • What constitutes “good?” • Partly quantitative and partly qualitative • Measurements • Where are we? • How quickly are we improving? Make sure we’re all talking about the same things – avoid vague hyperbole

  11. Long term schedule • Plot course toward acceptable state • Probably a couple of years • Shift into maintenance mode • Re-evaluate charter, organization, operation

  12. Near term schedule • By Shanghai… • Description • Vulnerabilities • Security Architecture • Measurement framework

  13. Other Groups • Cyber Security Working Group • Intel, HP, Oracle, Cisco, Worldcom, Microsoft • Securing the Future of Internetworking • Sept workshop and follow on work • Measurement groups • Men and Mice, Registro.br, et al.

More Related