Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

technicians poisoning

advertisement 
DRAFT - ICANN Capacity Building Initiative
ccTLD Registry Operations Curriculum
Secure Registry Operations Course
Course Overview:
(24 hours) The Secure Registry Operations Course (SROC), course #3 of the Registry Operations
Curriculum, instructs the basics of security, stability and resiliency in registry operations. Students will
learn network and computer security principles and their application to registry functions, processes,
and infrastructure. Through a creative use of hands-on exercises, students will gain an operational
understanding of detecting, responding and recovering from cyber risks associated with TLD operations.
Students will gain perspectives with real-world experience from networking with other students and
through sharing of best practices.
Course Objectives
Students will:
 Understand current and emerging risks to registry operations
 Understand and apply methods of securing internal registry processes and operations
 Install, configure and operate registry monitoring, detection and response tools
 See principles of cyber attack detection and response through hands-on exercises
 Understand the concepts of a secure registry infrastructure
Pre-requisites:
 Students must have attended the Initial Registry Operations Course AND the Advanced Registry
Operations Course - or - have experience installing and configuring DNS server software, registry
operations software, and network monitoring software.
Target Audience:
 ccTLD registry operators, technicians and administrators
 ccTLD management with technical background and experience (CTO, CIO, CSO)
DRAFT - ICANN Capacity Building Initiative
COURSE OVERVIEW: (24 hours) The Secure Registry Operations Course (SROC) instructs the basics of security,
stability and resiliency in registry operations. Students will learn network and computer security principles and
their application to registry functions, processes, and infrastructure. Through creative use of hands-on exercises,
students gain an operational understanding of detecting, responding to, and recovering from cyber risks.
TOPIC
Course Infrastructure & Tools
HOURS
X
Student Presentations
X
Core Concept Review
X
Operating System &
Application Hardening
Secure Registry Architecture
X
Principles of Conducting
Secure Registry Operations
X
Cyber Threats & Attacks
X
Emerging Threats
X
Mitigation Strategies
Capstone Exercise
X
X
Course Exam
X
X
DESCRIPTION
Familiarizes students with the in-class registry network and tools.
Hands-on exercises reinforce topics from previous courses.
Allows students to introduce themselves, discuss their registry
operation, and their expectations to their peers. Introduces students
to building a professional network.
Re-familiarizes students with core concepts that are integral to this
course.
Introduces operating system security and hardening for Cisco devices,
Microsoft Windows and Ubuntu Linux.
Introduces registry architecture components and their purpose
related to security and attack mitigation. Provides comparison of
available implementations.
Discusses hardware, software,
redundancy, protocols, and standards.
Discusses a structured approach to conducting baselining, monitoring,
detection, response and recovery of cyber attacks tailored to ccTLDs.
Introduces concepts of logging, monitoring, analysis, well-defined
procedures, and prioritization.
Introduces threats, actors, and motivations related to cyber attacks. A
staged approach allows students to see evolution of attacks from start
to finish and of varying complexities. Subtopics include: Foothold,
Reconnaissance & Enumeration, Privilege Escalation, Corruption,
Disruption, Data Exfiltration, and Persistence. Discusses detection,
response, and recovery actions. Hands-on exercises demonstrate
attacks to students, and allow them to detect, respond and recover.
Introduces emerging threats to registry operations. Provides students
the foundation for understanding future attacks. Surveys technical
methods for conducting attacks and actor rationale for each threat.
Surveys additional strategies for mitigating cyber threats and attacks.
Hands-on exercise allows students to operate their newly built
registry and perform management, monitoring, and troubleshooting.
Assess student’s grasp of fundamentals taught during the course.
Instruction Block Detailed Description:
1) Course Infrastructure & Tools
Describes the in-class network, provides time for students to familiarize themselves with the
infrastructure, introduces tools installed on the in-class network that students should be familiar
with. Provides time for instructors to ensure all students have connectivity.
2) Student Presentations
This block continues the concept of building a professional network. Allows students to
introduce themselves and give a short presentation on their registry and its operation. Students
may address their current operation, future plans, current issues, or anything else they feel is
relevant to their peers.
DRAFT - ICANN Capacity Building Initiative
3) Core Concept Review
This block re-familiarizes students with concepts from previous courses that are integral to
understanding and performing secure registry operations. Topics include Ubuntu command line
usage, overview of network management, and network monitoring tool usage.
4) Operating System & Application Hardening
This block introduces operating system security and hardening for Cisco devices, Microsoft
Windows servers and workstations, and Ubuntu Linux servers and workstations. Topics include
securing services and applications, host-based firewalls, anti-virus, patching, and user privilege
security.
5) Secure Registry Architecture
Introduces additional registry architecture components and concepts related to security and
attack mitigation. Provides comparison of available implementations and discusses when one
implementation may be better than another. Topics include hardware / software redundancy,
protocols, standards, IPv6 and DNSSEC.
6) Principles of Conducting Secure Registry Operations
Introduces students to a structured approach to conducting security registry operations through
baselining, monitoring, detecting, responding and recovering. Discusses the concepts of logging,
monitoring, analysis of attacks in progress (bandwidth spikes, non-standards or malformed
queries, non-standard responses, etc), and open-source proactive analysis (CERTs, threat
discussion sites, etc) in attack recognitions and detection. Introduces the rationale for welldefined procedures, checklists, plans and methods for responding to attacks, suggests use of
informal trust relationships and networks with other ccTLDs, discusses use of communication
tools. Introduces concepts of business objectives, prioritization, and methods for responding
and recovering from attacks. This block is threat agnostic and strives to discuss concepts only.
7) Cyber Threats & Attacks
Introduces threats, actors, and motivations for select cyber threats. Staged approach allows
students to see evolution of attacks from start to finish and of varying complexity. Discusses
detection, response and recovery actions. Hands-on exercises allow students to see the attack
first-hand and how it affects the in-course architecture, conduct monitoring, detection, and
response actions, and implement recovery actions. Topics include Foothold (e.g. zero-day
attacks, phishing, SQL Injection, social engineering, weaknesses in implementations of customer
front-end applications, scripts, and business processes), Reconnaissance & Enumeration (e.g.
Insider attacks, port scanning, service enumeration, firewall port walking, zone transfers),
Privilege Escalation (e.g. direct operating system and application attacks, username/password
brute forcing), Corruption (e.g. internal and external cache poisoning, customer stub resolver
resolution path modification, ISP nameserver poisoning), Disruption (e.g. single points of failure,
prefix hijacking, misconfiguration, amplifications attacks, DDoS, and DoS, name server
redirection), Data Exfiltration (e.g. SCP, mail attachments, USB pen drives), and Persistence (e.g.
root kits, stealth methods, Windows service, Ubuntu daemon).
8) Emerging Threats
Introduces emerging threats to registry operations that may not be able to be demonstrated on
the in-course architecture due to technical or time limitations. Describes the threat, how it is
accomplished, provides likely attack vectors and methods, identifies the likely actors involved,
and discusses the motivations for conducting the attack. Discussion of emerging threats focuses
on classes of attacks that may not be currently in the wild, but operators should be on the
lookout for.
DRAFT - ICANN Capacity Building Initiative
9) Mitigation Strategies
Surveys additional strategies for mitigating cyber threats and attacks that may not be able to be
discussed or demonstrated due to technical or time limitations.
10) Capstone Exercise
Hands-on exercises allow students to operate their newly built registry, and perform baselining,
monitoring, detection, analysis, response and recovery actions during scenario –based attacks.
11) Course Exam
Assess the students’ grasp of fundamental taught during the course through a multiple choice
and fill-in-the blank exam. Students are allowed to use notes, materials, and the Internet during
the exam.
DRAFT - ICANN Capacity Building Initiative
In-Course Architecture
 Students will be divided into groups of two, and each will be provided with their own “ccTLD”
within the in-course architecture. Each “ccTLD” will be in a separate routed subnet from the
other “ccTLDs”.
 Students or Host Organization must provide student laptops, one for every student. All other
infrastructure will be provided by the instructors.
Block Descriptions:
 Internet access, unfiltered and able to serve 20 students with email, web surfing, instant
messaging, occasional VoIP or Skype call. Highly desired but not required
 Student WiFi – 802.11g/n wireless access for connecting student laptops to the architecture
 GroupX Laptop – a laptop capable of web browsing and running a secure shell (SSH) client
 Course Support – file, web, and wiki server for publishing materials to students for use in class
 GroupX – replicates a “ccTLD” network for student use, providing nameserver, backend
database, monitoring, and business process functionality
 “ISP” router – provides connectivity between GroupX subnetworks and the core servers
 “ISP” DNS – an open resolver, used by the external users, to query the root and “ccTLD”
nameservers
 External users – allows students to query (graphically and via command line) the root and the
ccTLD nameservers from the perspective of an end-user
 DNS Root – replicates the root DNS zone functionality
 Traffic Generator – provides large-scale traffic generation capability for DDoS attack and
background noise
 Attack Platform – platform for launching attacks against the root, ISP, “ccTLD” and external
users
External Users
Traffic Generator
DNS Root
“ISP” DNS
Group1
Attack Platform
“ISP” Router
Group2
GroupX
TLD
Rtr
TLD
Rtr
TLD
Rtr
NS
Monitor
NS
Monitor
NS
Monitor
DB
Business
DB
Business
DB
Business
Internet
Student WiFi
Group1
Laptop
Group2
Laptop
GroupX
Laptop
Course Support
(wiki, web, file)
Related documents
Membership Of The Students` Union
Membership Of The Students` Union
Clinical Registries In Hand Surgery
Clinical Registries In Hand Surgery
8. Land Registry System in Northern Ireland_Patricia Montgomery
8. Land Registry System in Northern Ireland_Patricia Montgomery
preliminary proposal for non-TVT Registry funded research
preliminary proposal for non-TVT Registry funded research
FORM 73-NOTICE TO PRINCIPAL REGISTRY OF
FORM 73-NOTICE TO PRINCIPAL REGISTRY OF
Personal Client Operations Officer Guardian Trust has been serving
Personal Client Operations Officer Guardian Trust has been serving
Download
advertisement