Line 41: |
Line 41: |
| The [[DSFI-TSG]] identified seven categories of attack vectors.<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, ICANN Community]</ref> | | The [[DSFI-TSG]] identified seven categories of attack vectors.<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, ICANN Community]</ref> |
| ===Identity and Access Management=== | | ===Identity and Access Management=== |
− | * Attacks on and through credential systems result in the modification of registration data, which can lead to [[Domain Hijacking]], traffic interception, and [[social engineering attacks]]. | + | * Attacks on and through credential systems result in the modification of registration data, which can lead to [[Domain Name Hijacking]], traffic interception, and [[Social Engineering Attacks]]. |
| * when a registrant’s credentials are compromised, the attacker can impersonate the registrant to | | * when a registrant’s credentials are compromised, the attacker can impersonate the registrant to |
| *# Transfer the domain out of the registrant’s control, | | *# Transfer the domain out of the registrant’s control, |
Line 49: |
Line 49: |
| *# Modify authoritative records of the domain name, domain registration, or DNS service, or | | *# Modify authoritative records of the domain name, domain registration, or DNS service, or |
| *# Delete or de-register the domain. | | *# Delete or de-register the domain. |
| + | |
| ===Access Control and Authorization=== | | ===Access Control and Authorization=== |
| * Bad actors can gain access to unauthorized services and/or data. In the case of a subdomain takeover, non-authorized users gain access to publish content under a DNS label that they have not been authorized to control. | | * Bad actors can gain access to unauthorized services and/or data. In the case of a subdomain takeover, non-authorized users gain access to publish content under a DNS label that they have not been authorized to control. |