Although this article was first published just a few days ago, on May 8th, there have been several important intervening developments. First, on May 10th ICANN released a News Alert on "NGPC Progress on GAC Advice" that provides a timetable for how the New gTLD program Committee will deal with the GAC Communique. Of particular note is that, as the last action in an initial phase consisting of "actions for soliciting input from Applicants and from the Community', the NGPC will begin to "Review and consider Applicant responses to GAC Advice and Public Comments on how Board should respond to GAC Advice... more»
It's safe to say that with just a week to go before ICANN intended to sign the first contract for a new gTLD, the last thing anyone wanted was a 12-page document from the world's governments with 16 new "safeguards", six of which it wants to see applied to every new extension. But what the industry shouldn't overlook, especially in the face of the expected critical responses this week and next, is that the Governmental Advisory Committee's (GAC's) formal advice from the ICANN Beijing meeting represents an opportunity for the domain name industry to lock-in self-regulation at a critical point in its evolution. more»
The Internet Corporation for Assigned Names and Numbers (ICANN) has released new guidance concerning the reporting and disclosure of bugs that affect the Domain Name System, including information of how ICANN itself will behave in response to vulnerabilities. Until recently, ICANN, which is responsible for maintaining the root domain servers at the heart of the DNS system, had no specific guidelines for the reporting of vulnerabilities, leaving responsible disclosure protocols up to the researchers who discovered the bug. more»
The 46th meeting of the Internet Corporation for Assigned Names and Numbers (ICANN) takes place this week in Beijing, China, and will bring together leaders from all over the world to discuss and debate a wide range of issues related to domain names and the surrounding industry. One can expect that the new gTLDs, a topic frequently discussed here on CircleID, will naturally consume a great amount of the discussion at ICANN 46. more»
Three vectors were exploited in the recent DDoS attack against Spamhaus: 1) Amplification of DNS queries through the use of DNSSEC signed data; 2) Spoofed source addresses due to lack of ingress filtering (BCP-38) on originating networks; 3) Utilisation of multiple open DNS resolvers While. 1) is unavoidable simply due to the additional data that DNSSEC produces, and 2) "should" be practised as part of any provider's network configuration, it is 3) that requires "you and I" ensure that systems are adequately configured. more»
There has been plenty of buzz and chatter on the Internet recently concerning a very large DDoS attack against CloudFlare, with coverage on their blog, the New York Times, and the BBC, among many others. While attacks of this nature are certainly nothing new, the scale of this attack was surprising, reported to hit 120Gbps. For a sense of scale, your average cable modem is only about 20Mbps, or about 0.016% of that bandwidth. more»
Yesterday Verisign sent ICANN a most interesting white paper called New gTLD Security and Stability Considerations. They also filed a copy with the SEC as an 8-K, a document that their stockholders should know about, It's worth reading the whole thing, but in short, their well-supported opinion is that the net isn't ready for all the new TLDs, and even if they were, ICANN's processes or lack thereof will cause other huge problems. more»
If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks... Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers. more»
Last year there was a "threat" by anonymous group to black out Internet by using DNS Reflection/Amplification attack against the Internet DNS Root servers. I even wrote a little article about it: "End of the world/Internet". In the article I was questioning if this was even possible and what was needed as general interest and curiosity. Well, looking at the "stophaus" attack last week, we are getting some answers. more»
For those of you interested in IPv6 and/or DNSSEC, we'll have a live webcast out of the Internet Society's ION Singapore conference happening tomorrow, March 28, 2013, starting at 2:00pm Singapore time. more»
I co-authored a book in 2005, titled "Extreme Exploits: Advanced Defenses Against Hardcore Hacks." My chapters focused on securing routing protocols such as BGP, and securing systems related to DMZs, firewalls, and network connectivity. As I look back over those chapters, I realize that the basic fundamentals of network security really haven't changed much even though technology has advanced at an incredible pace. "Defense in depth" was a hot catch phrase seven years ago, and it still applies today. more»
Consumption of software as a service with a usage-based business model has gained incredible popularity in recent years. On the other hand, other cloud services such as infrastructure and platform as a service are just starting to pick up. While compute and storage are by the far the most commonly used cloud infrastructure services, few consider core network services such as IP Address Management (IPAM) as something that could be utilized over the cloud. more»
In the first part of this trilogy, I discussed the importance of automatically provisioned second generation DNS in connection with Software Defined Networking (SDN) and Software Defined Data Centre (SDDC). In the second post, I talked about IP addressing, private enterprise networks, and how DHCP does not meet the requirements of multitenant Infrastructure-as-a-Service (IaaS) cloud environments. I will now wrap up this trilogy by putting these two thesis into real-life context. more»
I could have ignored yesterday's ICANN New gTLD Applicant Update Webinar and just read summaries from the usual respected news and industry sources. However, with three hours slotted and likely questions regarding ICANN CEO Fadi ChehadĂ©'s somewhat eyebrow-raising comments at the regional ICANN Registry-Registrar meeting in Amsterdam last week -- led me wanting to hear it all myself. more»
In part 1, I talked about some of the risks associated with BYOD. But there are actions you can take to greatly reduce this risk. One effective method for limiting the risk of BYOD is to employ DNS-based security intelligence techniques. DNS-based security intelligence makes use of an enterprise's caching DNS server to monitor and block DNS queries to known botnet command and control (C&C) domains. more»
Neustar announces the launch of Neustar Professional Services with a comprehensive suite of IT service offerings for enterprise organizations of all sizes. Neustar's seasoned team of professionals provides the expertise and resources organizations need to ensure the performance, security and reliability of their IT infrastructure. ›››
In March, Neustar announced the opening of the Neustar Labs Innovation Center at the University of Illinois Urbana-Champaign. Friends of Neustar at Illinois have prepared the following video from the grand opening day. ›››
Neustar today announced that it has been selected as the registry services provider for 358 applications for new generic Top-Level domains (gTLDs). Additionally, Neustar has been selected by the City of New York as the registry service provider to manage the application process and operate .nyc. ›››
As Neustar's Chief Privacy Officer, Ms. Burr will be responsible for ensuring that the company maintains state-of-the-art privacy practices that always protect customer and consumer information. ›››
DDoS experts recently participated in a webinar conducted by Neustar for a revealing discussion on how DDoS attacks are evolving and what to look for in 2012. Watch the following on-demand webcast. ›››
As part of its mission to foster open and secure technology innovation, Neustar, a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, entertainment, advertising and marketing industries, today announced a partnership with the University of Illinois to open the Neustar Innovation Center, a research facility located at the University of Illinois Urbana-Champaign. ›››
Join Neustar's DDoS experts, including Product Manager, Miguel Ramos, and SecurityWeek, a leading publication serving IT security professionals around the globe, for a revealing discussion on how DDoS attacks are evolving and what to look for in 2012 on Thursday, March 22nd at 1pm ET/10am PT. ›››