Hi All,
The OCED just published SECURITY OF THE DOMAIN NAME SYSTEM (DNS)
The Domain Name System (DNS) is an essential logical infrastructure that enables the mapping of names and services on the Internet and underpins its very functioning. In fact, almost every activity on the Internet starts with a DNS query, i.e. a request for information sent by a user's machine to a DNS server. As a result, the impact of incidents affecting the DNS can be significant. They include digital security attacks, i.e. incidents caused intentionally by malicious actors (e.g. DNSpionage and the Sea Turtle DNS hijacking in 2018 and 2019), as well as unintentional incidents, for instance resulting from a misconfiguration that would make a DNS server unavailable (e.g. the Facebook outage in October 2021).
This report focuses on DNS security, i.e., the area of digital security that covers incidents disrupting the availability, integrity, and confidentiality (the "AIC triad") of parts of the DNS ecosystem. It does not discuss areas beyond this scope, such as certain forms of "DNS abuse".
Each actor in the DNS ecosystem, and each relationship between those actors, contain potential vulnerabilities that can be exploited by malicious actors or lead to an unintentional digital security incident. The report looks at three types of vulnerabilities whose exploitation may affect the AIC triad of the DNS ecosystem, as well as at the existing efforts and emerging solutions to address them.
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------