14,927
edits
Changes
Jump to navigation
Jump to search
Line 32:
Line 32: − * Identity and Access Management: Attacks on and through credential systems result in the modification of registration data, which can lead to [[Domain Hijacking]], traffic interception, and [[social engineering attacks]].+ − + − * Resource Impersonation+ − * Code and Protocol Vulnerabilities * Infrastructure Choices+ − * DNS + − * Denial of Service+ + + + + + + + + +
→Vectors
==Vectors==
==Vectors==
The DSFI-TSG identified seven categories of attack vectors.<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, ICANN Community]</ref>
The DSFI-TSG identified seven categories of attack vectors.<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, ICANN Community]</ref>
===Identity and Access Management===
* Access Control and Authorization Issues
* Attacks on and through credential systems result in the modification of registration data, which can lead to [[Domain Hijacking]], traffic interception, and [[social engineering attacks]].
* when a registrant’s credentials are compromised, the attacker can impersonate the registrant to
*# Transfer the domain out of the registrant’s control,
*# Modify the DNS servers to intercept traffic or redirect it to a criminal destination,
*# Modify the Authoritative DNS Servers allowing attackers to monitor, alter or deny queries and redirect end users to malicious endpoints,
*# Modify [[DNSSEC]]-related data by removing the DS records,
*# Modify authoritative records of the domain name, domain registration, or DNS service, or
*# Delete or de-register the domain.
===Access Control and Authorization===
===Resource Impersonation===
===Code and Protocol Vulnerabilities===
===Infrastructure Choices===
===DNS===
===Denial of Service===
==History==
==History==