Deploying DNSSEC: A .LK Case Study
Sashika Suren (LK Domain Registry)
This session will explore LK Domain Registry’s technical solution for deploying DNSSEC support in the .LK registry. With a goal of making it easier for domain name holders to easily add DNSSEC, we will take a quick look at our DNSSEC implementation strategy, the status/progress of .LK signed domains, and our lessons learned and challenges for increasing the percentage of signed domain names.
ClearPass Guest is a solution for secure guest access networks that addresses three key challenges: 1) non-secure access, 2) manual intervention required for credential provisioning, and 3) separate point solutions for management and enforcement. It provides automated workflows for credential distribution, a single portal for WiFi and wired access, and centralized policy management. ClearPass Guest automates guest access provisioning and enables secure and customizable guest networking solutions for environments like retail stores, hospitals, and public venues.
The document outlines a technical seminar on Linux administration presented by Yogesh K S. It discusses key topics like installing Linux, user and group management, security features like firewalls and SELinux, managing services, backups, and package management. The seminar covered essential admin tasks, tools, and commands for system installation, configuration, maintenance and security.
The document provides information about an exam for the Microsoft Azure Administrator AZ-104 certification. It includes 10 total questions covering topics related to Azure networking, Active Directory, virtual machines, and storage. The document provides sample questions, explanations of answers, and an overview of the exam format and policies regarding feedback, support, and copyright.
Windows Server 2022 is now in preview, the next release in our Long-Term Servicing Channel (LTSC), which will be generally available later this calendar year. It builds on Windows Server 2019, our fastest adopted Windows Server ever. This release includes advanced multi-layer security, hybrid capabilities with Azure, and a flexible platform to modernize applications with containers.
Cisco ISE provides comprehensive secure access through device profiling, posture assessment, and contextual identity to apply appropriate network access policies. It centrally manages policy enforcement on wired, wireless and VPN networks to increase security, productivity and operational efficiency. Cisco ISE automates user onboarding and ensures compliant devices receive network access while improperly postured devices are remediated.
The document discusses DNS attacks and how to prevent them. It begins by explaining what DNS is and how it works to translate domain names to IP addresses. It then outlines several common attacks against DNS like cache poisoning, amplification attacks, and DDoS attacks. The document recommends approaches to secure DNS like DNSSEC, which adds digital signatures to authenticate DNS data and prevent spoofing. It provides details on how DNSSEC works through cryptographic signing of DNS records and validation of signatures up the DNS hierarchy.
TLS 1.3 is an update to the Transport Layer Security protocol that improves security and privacy. It removes vulnerable optional parts of TLS 1.2 and only supports strong ciphers to implement perfect forward secrecy. The handshake process is also significantly shortened. TLS 1.3 provides security benefits by removing outdated ciphers and privacy benefits by enabling perfect forward secrecy by default, ensuring only endpoints can decrypt traffic even if server keys are compromised in the future.
A presentation explaining the concepts of public key infrastructure. It covers topics like Public Key Infrastructure (PKI) introduction, Digital Certificate, Trust Services, Digital Signature Certificate, TLS Certificate, Code Signing Certificate, Time Stamping, Email Encryption Certificate
This document provides an introduction to DNSSEC (Domain Name System Security Extensions) in 3 parts:
1. It explains the purpose of DNSSEC is to address vulnerabilities in the DNS like cache poisoning and lack of data integrity by cryptographically signing DNS records.
2. It discusses some of the operational implications of DNSSEC like increased response sizes requiring EDNS0, using multiple keys (KSK and ZSK), and developing a DNSSEC Policy and Practice Statement.
3. It provides resources for further learning including open source DNSSEC software, mailing lists, and examples of deployed DNSSEC at the root zone and in some top-level domains.
Este documento describe los pasos para configurar una red inalámbrica que incluye routers, switches y clientes inalámbricos. Se configuran dispositivos como un router Linksys WRT300N, switches Cisco y rutas estáticas en varios dispositivos para establecer la conectividad completa entre las redes VLAN, la red inalámbrica y los clientes. Se establecen medidas de seguridad como WEP y contraseñas para proteger la red.
La formation complète est disponible ici:
http://www.alphorm.com/tutoriel/formation-en-ligne-proxmoxve-3-x
Cette formation pratique vous permettra d'acquérir les connaissances et compétences nécessaires pour configurer et gérer un environnement virtualiséopensource. Aucune connaissance de Proxmoxn'est requise. Toutefois, des connaissances sur les OS et des notions sur le réseau, le stockage sont recommandés, mais pas indispensables.
Durant ce cours et en se basant sur ses longues années d'expériences Ludovic Quenec'hdu, vous apprendra comment configurer administrer et égalementsaisir les enjeux de la virtualisation libres, ainsi que de vous fournir des lignes directrices aux bonne pratiques qui vous aideront à optimiser votre déploiement de serveur Proxmox. Il vous donnera les éléments pour bien démarrer et mettre en œuvre un projet de virtualisation libre.
Aruba introduced its virtualized controller solution called Aruba Instant, which provides a centralized management platform for wireless networks through a virtualized controller with integrated redundancy and distributed control and data planes. Aruba also unveiled its cloud-based network management platform Aruba Central, which provides zero-touch provisioning, monitoring, configuration, troubleshooting, reporting and guest WiFi services for networks through a software-as-a-service model. Additionally, Aruba Central includes an MSP dashboard for managed service providers to centrally manage multiple customer accounts and networks.
Telnet is a protocol that allows administrators to remotely access and manage devices, but it transmits usernames and passwords in clear text, posing a security risk. SSH is a more secure replacement for Telnet, as it encrypts all transmitted data using public key cryptography. Both protocols require a client and server, with Telnet using port 23 and SSH typically using port 22.
The document provides examples of subnetting IP address ranges to meet specific requirements for number of subnets and hosts. It demonstrates converting host bits in an IP address to network bits to create subnets, and calculating the resulting number of subnets, hosts per subnet, and subnet ranges. Custom subnet masks are provided based on the number of bits converted from host to network.
This document provides an overview of DNS security and DNSSEC. It begins with explanations of what DNS is, how it works, and how DNS responses can be corrupted. It then discusses the problems that occur when DNS goes bad, such as being directed to the wrong site or downloading malware. The document introduces DNSSEC as a solution and explains why it was created and why it is important, particularly for government agencies. It addresses why more organizations don't use DNSSEC and the challenges of deploying and maintaining it. Finally, it describes options for implementing DNSSEC, including the GSA DNSSEC Cloud Signing Service, which handles the complexities for .gov domains.
The document outlines the configuration of a network including a LAN server and LAN client. It describes setting up Active Directory, DNS, DHCP services on the LAN server with IP scopes and reservations. It also covers installing DHCP relay on the server to facilitate IP addressing between the server and LAN client subnet, as well as allowing users to access file shares, join the domain, and login with Active Directory credentials.
Active Directory stores user credentials, permissions, and other resources on a centralized and protected location. It logs all user activity and assigns or denies permissions on the network. A domain is a basic building block of the Active Directory structure and clusters computers managed by domain controllers, which are standalone servers running Active Directory services. Multiple domains can exist within a forest, which is the top-level container for an Active Directory implementation and initially contains a single root domain.
This document outlines steps for penetration testing an AWS environment, including:
1. Requesting permission from AWS for testing
2. Testing SSH security like default credentials and open ports
3. Scanning with tools like Nessus, Nmap, and OpenVAS to check vulnerabilities
4. Using tools like Nimbostratus to extract metadata like permissions and users
This document discusses virtualization concepts and provides guidance on installing and configuring Hyper-V on Windows Server 2016. It covers determining hardware compatibility, installing Hyper-V and management tools, configuring virtual networks and disks, and setting Hyper-V options such as live migration and NUMA spanning. Requirements for CPU, memory, and disk space are specified. Steps are provided to enable optional Hyper-V features and install supporting tools using Windows PowerShell.
The Routing Resilience Manifesto initiative, underpinned by the “Mutually Agreed Norms for Routing Security (MANRS)” document that includes a set of actionable recommendations, aims to help network operators around the world work together to improve the security and resilience of the global routing system. In this session, we’ll explain the basic principles outlined in MANRS, how to sign up and support the effort, and how to get involved in helping to further increase global routing security.
ION Sri Lanka - Why Implement DNSSEC?
Why Implement DNSSEC?
Jitender Kumar (Afilias)
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
ION Bangladesh, 11 April 2016 - This presentation will have two parts. Firstly, it will focus on IPv6 deployment status in Bangladesh. The current statistics from different sources will be analyzed and represented there. Though the deployment trend is upward, still not many ISPs are IPv6 enabled. The corporate and enterprise networks as well as the government websites are still running IPv4 only. In this part I’ll also talk about the challenges and how to overcome them. In the second part of the presentation, I will share my experience of IPv6 deployment planning and challenges in Bangladesh Research and Education Network (BdREN). Right now BdREN is running a very limited scale pilot network with only six universities. But soon it will migrate to its countrywide larger network that is going to connect more than 34 universities with dual stack connectivity from day 1. I was directly involved in the planning and deployment of the network and faced many challenges and gathered valuable experience that I would like to share in the presentation. I would talk about IPv6 address planning and migration planning. The presentation would give an overall idea about the IPv6 deployment steps.
What’s Happening at the IETF? Internet Standards and How to Get Involved
Dan York (Internet Society) and Thilini Rajakaruna (former IETF Fellow)
What’s happening at the Internet Engineering Task Force (IETF)? What RFCs and Internet-Drafts are in progress related to IPv6, DNSSEC, Routing Security/Resiliency, and other key topics? We’ll give an overview of the ongoing discussions in several working groups and discuss the outcomes of recent Birds-of-a-Feather (BoF) sessions, and provide a preview of what to expect in future discussions.
ION Cape Town, 8 September 2015 - Jan Zorz set up DNSSEC, DANE, and TLS in his go6lab and then tested the implementations in the top one million Alexa domains. Jan will share his experiences deploying, testing, and evaluating DNSSEC, DANE, and TLS in his own lab and explain the process he used.
IPv4 addresses have run out globally and regionally in Latin America and the Caribbean. There were only 4.3 billion IPv4 addresses allocated in the early 1980s but the exponential growth of the internet caused exhaustion of free addresses. While IPv4 exhaustion policies have provided a soft landing period for additional allocations, IPv6 adoption is necessary going forward as it provides over 340 trillion trillion trillion unique addresses. Major networks like Google and Facebook already use IPv6 to deliver a portion of their traffic without NAT, and global IPv6 traffic is growing as more networks deploy the new protocol. The transition to IPv6 is inevitable for networks to continue expanding in the future.
The document discusses the activities of the Internet Society Bangladesh Dhaka Chapter, including their focus on bridging the digital divide through education, awareness, and research. They have participated in conferences on standards, policy, and technology run by organizations like IETF, ICANN, and ITU. The chapter also aims to support training, seminars, and grants through their partnership with the global Internet Society organization.
ION Trinidad and Tobago, 5 February 2015 - The Business Case for DNSSEC
Patrick Hosein (TTNIC)
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So how can we get DNSSEC deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
This document provides information about the Deployment & Operationalization team and projects at the Internet Society, including:
1) The Deploy360 program aims to advance real-world deployment of Internet protocols by providing hands-on technical resources and working with first adopters. It includes an online knowledge repository, social media engagement, speaking events, and ION conferences.
2) The team's projects also include promoting best current operational practices and facilitating involvement between network operators and the IETF.
3) The Internet Society was founded in 1992 by Internet pioneers to be an international nonprofit organization and home of the IETF, responsible for establishing open Internet standards and practices. It now has over 100 chapters and
11 April 2016 - ION Bangladesh - What’s happening at the Internet Engineering Task Force (IETF)? What RFCs and Internet-Drafts are in progress related to IPv6, DNSSEC, Routing Security/Resiliency, and other key topics? We’ll give an overview of the ongoing discussions in several working groups and discuss the outcomes of recent Birds-of-a-Feather (BoF) sessions, and provide a preview of what to expect in future discussions.
11 April 2016 - ION Bangladesh - IPv6 in Asia: Laggards and Trends - Panelist Asela Galappattige from Sri Lanka Telecom presents on deployment strategies and experiences at Sri Lanka Telecom
Operators & the IETF
Chris Grundemann (Internet Society)
The Internet Society is seeking to foster a larger and more engaged network operator community around the IETF and protocol development work. We conducted a widespread survey of network operators from January to July 2014 and are now analyzing and synthesizing the results. In this session, we’ll discuss the initial survey results and our next steps to create a report and IETF Internet-Draft that outlines the challenges to greater operator engagement in the IETF and a summary of potential solutions.
The Internet Society is a global non-profit organization founded in 1992 to promote the open development, evolution and use of the Internet. It encourages open standards, provides information about the Internet, and leads discussions on Internet development. It also fosters growth in developing countries through education and training. The Deploy360 program provides resources to advance the real-world deployment of Internet protocols through technical documents, case studies and educational events.
Dr. Khondkar Siddique-e-Rabbani (Department of Biomedical Physics & Technology, University of Dhaka) presents the ION Bangladesh Keynote on telemedicine.
This document thanks the various speakers at an Internet Society conference in Trinidad and Tobago, including Shernon Osepa from the Internet Society, Owen Delong and Steve Spence from ArikTechs, Kevon Swift from LACNIC, Bevil Wooding from Packet Clearing House, Levin Cole from Columbus Communications Trinidad, Patrick Hosein from TTNIC, and Reynold Guerrier from GSIS. It also thanks the co-location host and ION Series sponsor. Finally, it encourages attendees to get involved by contributing content or providing feedback to help develop deployment materials on the Internet Society's Deploy360 website.
This document promotes involvement with the Deploy360 initiative by encouraging people to create educational content, define new features, and provide feedback through an online survey. It provides contact information for getting involved and thanks sponsors and hosts of the event.
This document provides an overview of the South Africa Gauteng Chapter of the Internet Society. It discusses the chapter's mission to promote an open and trusted Internet for all people in South Africa. It outlines the chapter's strategic objectives and priorities such as Internet governance, IPv6, and online identity. It also describes the chapter's activities, global presence, examples of work promoting the Internet, and importance of membership.
ION Cape Town, 8 September 2015 - What’s happening at the Internet Engineering Task Force (IETF)? What RFCs and Internet-Drafts are in progress related to IPv6, DNSSEC, Routing Security/Resiliency, and other key topics? We’ll give an overview of the ongoing discussions in several working groups and discuss the outcomes of recent Birds-of-a-Feather (BoF) sessions, and provide a preview of what to expect in future discussions.
Rolling the Root Zone DNSSEC Key Signing Key, by Edward Lewis.
A presentation given at APNIC 42's DNS and INR Security session on Monday, 3 October 2016.
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017APNIC
The document summarizes Vietnam's deployment of DNSSEC for the .VN top-level domain. It discusses Vietnam moving the domain to partial DNSSEC in 2015, getting the DS record included in the DNS root zone in 2016, and becoming fully operational in 2017. It provides details on preparations like infrastructure, key management, and monitoring plans. The next steps include signing additional subdomains and training registrars and ISPs to deploy DNSSEC to complete the rollout.
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
Signing DNSSEC answers on the fly at the edge: challenges and solutions, by Jono Bergquist.
A presentation given at the APNIC 40 APOPS 2 session on Tue, 8 Sep 2015.
AFRINIC DNSSEC Infrastructure and Signer MigrationAFRINIC
1. AfriNIC operates DNSSEC services for reverse DNS zones and several African ccTLDs. They migrated their signing infrastructure to a new signer while maintaining DNSSEC validation.
2. The migration was done silently without any invalidity window by using the existing DNSKEYs followed by a rollover. This avoided any interactions with parent zones during the migration.
3. Very few AfriNIC members currently sign their reverse zones and submit DS records. AfriNIC aims to improve adoption of DNSSEC by their members and may provide hosted signing services.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
The document discusses DNS security and various DNS attacks. It begins with an overview of the DNS protocol and infrastructure, then describes common DNS attacks like spoofing, cache poisoning, and reflection attacks. It also covers mitigation techniques like DNSSEC and discusses fast flux networks used by malware to evade detection. The document provides technical details on securing DNS servers and domains through configurations, software updates, and cryptographic protocols.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
Cloud Security Monitoring and Spark Analyticsamesar0
This document summarizes a presentation about Threat Stack's use of Spark analytics to process security event data from their cloud monitoring platform. Key points:
- Threat Stack uses Spark to perform rollups and aggregations on streaming security event data from their customers' cloud environments to detect threats and monitor compliance.
- The event data is consumed from RabbitMQ by an "Event Writer" process and written to S3 in batches, where it is then processed by Spark jobs running every 10 minutes.
- Spark analytics provides scalable rollups of event counts and other metrics that are written to Postgres. This replaced less scalable homegrown solutions and Elasticsearch facets.
- Ongoing work includes optimizing
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F18.shtml
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F16.shtml
This document discusses DNSSEC deployment. It provides an introduction to DNSSEC and outlines the preparation, process, strategy, and potential influences of a DNSSEC deployment. Key aspects include setting up a test environment, upgrading systems, training staff, signing zones and managing keys, implementing the deployment in stages, and dealing with increased size of packets and potential for larger DDoS attacks. Regular key rollover is part of the long-term strategy. Resources for further information are also provided.
11 April 2016 - ION Bangladesh - Jan Zorz set up DNSSEC, DANE, and TLS in his go6lab and then tested the implementations in the top one million Alexa domains. Jan will share his experiences deploying, testing, and evaluating DNSSEC, DANE, and TLS in his own lab and explain the process he used.
Demystifying SharePoint Infrastructure – for NON-IT People SPC Adriatics
This talk is specifically for NON-SharePoint infrastructure administrators (or for new ones still figuring things out)! Instead it’s for the rest of the SharePoint team – come learn about the basic building blocks of SharePoint infrastructure – things like DNS, load balancing, AD, high availability and disaster recovery, backup options, database options, and some of the core components of Windows in an understandable way so you can speak the lingo and seem really smart!
Zvonimir Mavretić
The document discusses the deployment of an internet exchange point (IXP) in Bangladesh called NIX. It describes the key components of NIX including route servers, RPKI validation, SIPIX for interconnection between IP telephony service providers, root server instances, looking glass, NTP servers, and an IXP manager. It outlines the challenges faced in deployment and initiatives taken to address issues related to traffic filtering, security, call quality, and availability. The future plans include completing root server mapping, establishing multiple points of presence, and adding content caching and domain hosting services.
This document provides an overview and introduction to DNS and DNSSEC. It begins with introducing the presenter, Nurul Islam Roman, and his background and areas of expertise. The overview section lists the topics to be covered, including DNS overview, forward and reverse DNS, DNS security overview, TSIG, and DNSSEC. The document then delves into explanations of DNS overview, how it works, its features and components. It also covers IP addresses vs domain names, the DNS tree hierarchy, domains, root servers, resolvers, authoritative and recursive nameservers. Finally, it discusses resource records, common RR types, reverse DNS, delegation, glue records and responsibilities around APNIC and ISPs for reverse delegations.
- The document describes a serverless data ingestion and processing architecture using AWS services like SNS, SQS, Lambda, Firehose, and S3.
- Streaming data is collected from SNS into SQS queues and processed by Lambda functions to store raw and refined data in S3 buckets.
- The architecture ensures data is not lost if messages fail processing and developers can independently deploy stream processors.
Why Implement DNSSEC?
Champika Wijayatunga from ICANN discusses the importance of implementing DNSSEC. DNSSEC introduces digital signatures to cryptographically secure DNS data and protect against threats like cache poisoning, spoofing, and man-in-the-middle attacks. While DNSSEC does not protect server threats or ensure data correctness, it does establish the authenticity and integrity of DNS data retrieved. Fully implementing DNSSEC allows businesses and users to be confident they are receiving unmodified DNS information. However, more needs to be done to increase awareness and provide turnkey solutions in order for widespread DNSSEC adoption.
This document discusses Scality's experiences building their first Node.js project. It summarizes that the project was building a TiVo-like cloud service for 25 million users, which required high parallelism and throughput of terabytes per second. It also discusses lessons learned around logging performance, optimizing the event loop and buffers, and useful Node.js tools.
Similar to ION Sri Lanka - DNSSEC at LK Domain Registry (20)
23 November 2017 - At ION Belgrade, Kevin Meynell discusses what happened at the recent IETF meeting, and how to get involved in the open Internet standards community.
The document provides information about the Internet Society and its Deploy360 program. It summarizes that the Internet Society was founded 25 years ago to support the technical evolution and use of the Internet. Its Deploy360 program aims to advance the real-world deployment of protocols like IPv6, DNSSEC, and TLS by providing hands-on technical resources for networks. The program involves online documentation, events, and engaging with first adopters to share deployment experiences. It encourages participation through its website, social media, and industry events.
This document provides information about joining the Internet Society and its Serbia chapter to help preserve the open internet. It encourages attendees to get involved by creating content or providing feedback to help develop resources for internet deployments. Contact details and links are given to follow developments and access presentation materials from the conference.
September 2017 - Aftab Siddiqui presents on the Mutually Agreed Norms for Routing Security (MANRS), and how we can work together to improve the security and resiliency of the Internet's routing system.
18 September 2017 - ION Malta
What’s happening at the Internet Engineering Task Force (IETF)? What RFCs and Internet-Drafts are in progress related to IPv6, DNSSEC, Routing Security/Resiliency, and other key topics? We’ll give an overview of the ongoing discussions in several working groups and discuss the outcomes of recent Birds-of-a-Feather (BoF) sessions, and provide a preview of what to expect in future discussions.
Collaboration and shared responsibility are two pillars supporting the Internet’s growth and success. While the global routing system has worked well, it has significant security challenges that we must address. In this panel, security experts will discuss how we can create a culture of collective responsibility and improve the global routing system, including an introduction to the “Mutually Agreed Norms for Routing Security” (MANRS).
18 September 2017 - ION Malta
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the reasons for deploying DNSSEC, examine some of the challenges operators have faced, and address those challenges and move deployment forward.
18 September 2017 - Rick Lamb, ICANN, on DANE:
If you connect to a “secure” server using TLS/SSL (such as a web server, email server or xmpp server), how do you know you are using the correct certificate? With DNSSEC now being deployed, “DANE” (“DNS-Based Authentication of Named Entities”) has emerged allowing you to securely specify exactly which TLS/SSL certificate an application should use to connect to your site. DANE has great potential to make the Internet much more secure by marrying the strong integrity protection of DNSSEC with the confidentiality of SSL/TLS certificates. In this session, we will explain how DANE works and how you can use it to secure your websites, email, XMPP, VoIP, and other web services.
18 September 2017 - At ION Malta, Adam Peake discusses the IANA transition:
The IANA transition was successfully completed in October 2016 creating strengthened relationships between the IETF (Internet protocols and standards), Regional Internet Registries RIRs (IP addresses), and ccTLD and gTLD operators and TLD community and ICANN. A new organisation, Public Technical Identifiers (PTI), an affiliate of ICANN, is now responsible for performing the IANA functions and delivering the IANA Services on behalf of ICANN. The session will discuss these new arrangements and how they have enhanced ICANN’s accountability and transparency to the global Internet community. The session will also describe how ICANN is preparing for the Root KSK Rollover.
This document summarizes Finland's efforts to promote IPv6 adoption. It discusses the formation of the Finnish IPv6 Task Force to develop recommendations for IPv6 implementation. It also describes Finland's national IPv6 launch in 2015, where major ISPs enabled IPv6 for over 5 million broadband subscriptions. As a result, IPv6 usage increased significantly. The document discusses challenges faced during the transition like upgrading network equipment and changing attitudes. It concludes that while work remains, the launch was successful and IPv6 introduction costs can be limited by starting with easier implementations.
The document discusses Marco d'Itri's thoughts on the transition to IPv6. It describes the transition as ongoing, with no flag days, as IPv6 adoption grows. It notes that while IPv4 NAT is easy for access networks, it is difficult for servers. Many large content providers already use IPv6. The transition involves steps before IPv4 addresses ran out, the current transition period, and after the transition when IPv4 will be optional. IPv6 adoption is growing in several countries like Belgium and the US. Eventually IPv4-only islands will need to make themselves accessible over IPv6. The document provides advice on starting an IPv6 transition and offers a simple IPv6 addressing plan.
MANRS protects networks and reputations by preventing BGP leaks and spoofing that can saturate networks or attack infrastructure. Implementing MANRS filtering of BGP customers and spoofed traffic helps avoid these issues. It also allows other networks to filter your routes to prevent leaks. While RPSL is complex, registering autonomous systems and routes in the RIPE database through simple objects helps third parties and saves time for automation. Overall, MANRS establishes basic management practices that benefit networks by improving stability and security.
The document provides information about celebrating 25 years of the Internet Society and getting involved in various initiatives. It encourages readers to help shape the future of the internet, visit websites for more resources, follow social media accounts, and find presentation archives from a past conference. Contact details are also listed.
The document summarizes Thato Mfikwe's presentation at the ION Conference 2017 in Durban about the ISOC South Africa Gauteng Chapter. It provides details about the chapter's establishment, vision, pillars, membership reach across Africa and Europe, and projects from 2014-2016 and planned for 2017 focusing on community networks, policy engagement, outreach, and training. It also discusses ICT, internet governance landscape, topics at the ION conference including DNS, IPv6, cyber threats, and secure routing.
7 September 2017 - At ION Conference Durban, South Africa, Kevin Meynell discusses what's happening at the IETF in the world of Internet standards, and how you can get involved in the process.
More from Deploy360 Programme (Internet Society) (20)
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...digitalxplive
Discover how artificial intelligence is revolutionizing cybersecurity in 2024. This presentation explores the impact of machine learning on threat detection, highlighting advancements, challenges, and future trends. Learn how AI-powered solutions enhance cyber defenses, mitigate risks, and adapt to evolving security landscapes.
Best Practices for Effectively Running dbt in Airflow.pdfTatiana Al-Chueyr
As a popular open-source library for analytics engineering, dbt is often used in combination with Airflow. Orchestrating and executing dbt models as DAGs ensures an additional layer of control over tasks, observability, and provides a reliable, scalable environment to run dbt models.
This webinar will cover a step-by-step guide to Cosmos, an open source package from Astronomer that helps you easily run your dbt Core projects as Airflow DAGs and Task Groups, all with just a few lines of code. We’ll walk through:
- Standard ways of running dbt (and when to utilize other methods)
- How Cosmos can be used to run and visualize your dbt projects in Airflow
- Common challenges and how to address them, including performance, dependency conflicts, and more
- How running dbt projects in Airflow helps with cost optimization
Webinar given on 9 July 2024
WhatsApp Spy Online Trackers and Monitoring AppsHackersList
Learn about WhatsApp spy online trackers, parental monitoring tools, and ethical considerations in WhatsApp surveillance. Discover features, methods, and legal implications of monitoring WhatsApp activity.
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...alexjohnson7307
In recent years, the integration of artificial intelligence (AI) in various sectors has revolutionized traditional practices, and healthcare is no exception. AI agents for healthcare have emerged as powerful tools, enhancing the efficiency, accuracy, and accessibility of medical services. This article explores the multifaceted role of AI agents in healthcare, shedding light on their applications, benefits, and the future they herald.
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Muhammad Ali
Exploring SQLite and the Litestack suite of SQLite based tools for Ruby and Rails applications. Litestack offers a SQL database, a cache store, a job queue, a pubsub engine, full text search and performance metrics for your Ruby/Ruby-on-Rails apps
Utilizing pigged pipeline technology proves advantageous for the transfer of a diverse range of products. Addressing a significant challenge in Lube Oil Blending Plants, pigged manifolds seamlessly interconnect numerous source tanks with various destinations like filling and loading. This innovative approach enhances efficiency and resolves complexities associated with managing multiple product transfers within the blending facility.
Types of Weaving loom machine & it's technologyldtexsolbl
Welcome to the presentation on the types of weaving loom machines, brought to you by LD Texsol, a leading manufacturer of electronic Jacquard machines. Weaving looms are pivotal in textile production, enabling the interlacing of warp and weft threads to create diverse fabrics. Our exploration begins with traditional handlooms, which have been in use since ancient times, preserving artisanal craftsmanship. We then move to frame and pit looms, simple yet effective tools for small-scale and traditional weaving.
Advancing to modern industrial applications, we discuss power looms, the backbone of high-speed textile manufacturing. These looms, integral to LD Texsol's product range, offer unmatched productivity and consistent quality, essential for large-scale apparel, home textiles, and technical fabrics. Rapier looms, another modern marvel, use rapier rods for versatile and rapid weaving of complex patterns.
Next, we explore air and water jet looms, known for their efficiency in lightweight fabric production. LD Texsol's state-of-the-art electronic Jacquard machines exemplify technological advancements, enabling intricate designs and patterns with precision control. Lastly, we examine dobby looms, ideal for medium-complexity patterns and versatile fabric production.
This presentation will deepen your understanding of weaving looms, their applications, and the innovations LD Texsol brings to the textile industry. Join us as we weave through the history, technology, and future of textile production.
In Deloitte's latest article, discover the impact of India's
three new criminal laws, effective July 1, 2024. These laws, replacing the IPC,
CrPC, and Indian Evidence Act, promise a more contemporary, concise, and
accessible legal framework, enhancing forensic investigations and aligning with
current societal needs.
Learn how these Three New Criminal Laws will shape the
future of criminal justice in India
Read More Deloitte India's Latest Article on Three New
Criminal Laws
https://www2.deloitte.com/in/en/pages/finance/articles/three-new-criminal-laws-in-India.html
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Here's what to expect:
- Get Hands On with Einstein Copilot
- Configure Copilot for Sales & Service
- Prompt & Action Building and Simulating
- Deep Dive - CRM AI Copilot
- External & CRM Data Integration with Copilot
- Choose the right LLM/AI
- Prompts, Action Building & Configuration
- Custom Actions Using Apex and External APIs
- AI Copilot for Business Use Cases
- Quantifying Cost, Risk and ROI
2. History
• Testing started in late 2009
- With a testbed and bind
• Generated the KSKs and ZSK at Key Generation
Ceremony in June 2010
- Used NSEC
• All 3 ccTLDs were officially signed in 15th July
2010
• DS records were submitted to ICANN
3. Our Practice
• We keep KSK in a secure isolated zone signer
- Security purposes
• ZSK is in the hidden primary DNS server
• ZSK roll over every 6 months
• Generate RRSIGs of DNSKEY recodes using KSK
and ZSK
- RRSIGs are imported to zone file
- ZSK is used to generate RRSIGs of other DNS recode types
4. Our Practice…
• Our back-end database has zone details
- NS, A, MX, TXT etc
• Script is used to generate the zone file
whenever new update propagates
- 2 to 3 times a day
• Generated zone file (new) is forwarded to
zone signing process
- All recodes will be signed
5. Our Experience
• We have 18k domains in .lk
- Around 50% of the clients do NOT have NS records
- Only resource rocodes (i.e. A, TXT, MX, SPF)
• Around 1,50,000+ SIGNED records in the .lk
Zone file
- Takes ~240 Seconds to Sign the entire .lk zone
6. Our Experience...
• All records are signed ( Feed is a new file
without RRSIGs of zone data)
- Time consuming
- Bandwidth consuming (IXFR – Less effective)
• What we expect?
- To use features of IXFR
• Less Bandwidth
- Automated Signing which supports
• Less delay
• Less overhead
7. Our Solution (Proposed)
• We are planning to implement DNSSEC with
NSUPDATE and Fully Automatic Smart Signing.
- Allows automated DNS record updates to zone.
- Automates the zone signing process.
• Increase the incremental zone transfer [IXFR]
performance.
• Supports key rollover with less human interaction.
8. Dynamic DNS Update Utility Tool
[nsupdate]
• Allows resource records to be added or
removed from a zone without manually
editing the zone file.
• Use Key for secure communication.
9. Fully Automatic Smart Signing
• Dynamic DNS must be enabled.
• Use Zone Signing Keys [ZSK]s and Key Signing
Key[KSK].
• Automatically generates the digital Signatures
of DNS resource records.
- Newly added DNS Records
- Modified DNS records
- Expired Signatures
• Higher IXFR performance.
10. Zone Signing Key Rollover
• Support for ZSK rollover with isolated KSK
• Support for Scheduled multiple ZSK rollover
- Pre-published multiple ZSKs which activate after
specified time.
- less human interaction.
ZSK ZSK ZSK
- Published Now
- Activate Now
- Published Now
- Activate in 6 months
- Published Now
- Activate in 12 months
Time
11. Concerns
• Security
- Isolated Key Signing Key [KSK]
• Correctness
- Less human errors
• Recovery Process
- nsupdate use journal file before write data to the
zone file.
- Journal file can be use to re-generate zone file in
case of zone file corruption.