Jump to content

NetBeacon Reporter: Difference between revisions

From ICANNWiki
Jessica (talk | contribs)
No edit summary
Christiane (talk | contribs)
Added content
Line 1: Line 1:
'''NetBeacon''' is a tool developed by the [[DNS Abuse Institute]] in collaboration with [[CleanDNS]] to combat online abuse.<ref name="about">[https://netbeacon.org/about/ NetBeacon.org - About]</ref> The tool enables online abuse reporting, and provides vetting and identity verification for abuse complaints. Reports are routed to the relevant organizations after vetting.<ref name="about" /> It handles reports of malware, phishing, botnets, and spam.
'''NetBeacon Reporter''', formerly '''NetBeacon''', is a tool developed by the [[NetBeacon Institute]] in collaboration with [[CleanDNS]] to combat [[DNS Abuse]].<ref name="about">[https://netbeacon.org/about/ NetBeacon.org - About]</ref> The tool enables online abuse reporting, and provides vetting and identity verification for abuse complaints. Reports are routed to the relevant organizations after vetting.<ref name="about" /> It handles reports of malware, phishing, botnets, and spam.
 
==History==
 
NetBeacon grew out of a genuine need in the domain community about how to approach the problems DNS abuse presents. For this reason, the Net Beacon Institute (at the time named DNS Abuse Institute) worked to understand the complexities of mitigating DNS Abuse and the came up with programs and goals to fulfill their mission.<ref name="netbeacon1">[https://netbeacon.org/introducing-netbeacon/ Introducing NetBeacon]</ref>
 
In November 2021, [[Graeme Bunton]], Director of the Institute, published that they were developing a Centralized Abuse Reporting Tool (CART).  The intention of this tool was to provide a single platform to report DNS Abuse by outlining the evidence requirements for each abuse type, properly formatting and enriching the request details provided, and then forwarding it to the appropriate [[registry]] or [[registrar]].  The goal was to standardize reliable processes to improve both the act of reporting abuse and the abuse reports that registrars and registries receive. As part of it’s requirements gathering, the Institute researched the reporting processes of the largest registries and registrars in order to better understand how they accept reports of abuse.  Publicly available information from registry and registrar websites was collected to obtain data on their abuse reporting implementations and processes.<ref>https://netbeacon.org/the-current-state-of-dns-abuse-reporting/</ref> They concluded that there two main - and interrelated - problems:
 
* '''Complexity''': Reporting DNS Abuse to registrars and registries currently requires technical knowledge and ability to navigate the entire ecosystem. This is onerous, confusing, non-standardized, and extremely difficult to do at Internet-scale.
* '''Quality''': The DNS Abuse reports that registrars and registries receive are frequently duplicative, unevidenced, unactionable, and often contain domains that aren’t related to them. This can consume time and resources with little of that effort improving the Internet. <ref name="netbeacon1"></ref>
 
In April 2022, they provided updates and what the tool was going to be: an abuse reporting intermediary, which would improve the experience for people who want to report abuse by providing a single place to report DNS Abuse across the ecosystem in a simple, standardized fashion. A centralized solution had been called for in several important cross-community outputs, including in the recommendations of the [[SSR2|Second Security and Stability Review Team (SSR2)]] and in the [https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee-ssac-reports/sac-115-en.pdf SAC 115: Report on an Interoperable Approach to Addressing Abuse], a report from [[SSAC|ICANN’s Security and Stability Advisory Committee (SSAC)]]. They also announced that the name CART would be changed to NetBeacon.<ref>https://netbeacon.org/centralized_abuse_reporting_update/</ref>
 
In June 2022, the Institute, supported by [[PIR|Public Interest Registry (PIR)]] and CleanDNS launched NetBeacon.
 
The service is free and was directed at registrars. NetBeacon aimed to make it easier for registrars to receive actionable, high quality reports of phishing, malware, botnets, and spam. It also included customization to individual needs.
 
They claimed that their reports were:
 
* '''Evidenced''': The standardized abuse reporting forms prevent reporters from submitting a report that does not meet a basic evidentiary standard. The reports were enriched with additional external API sources (like Reputation Block Lists, Hybrid Analysis).
* '''Relevant''': The service associates the domain name with the relevant registrar to ensure that only reports relevant to your domains under management are received. There was also the possibility of redirecting potential reporters to use NetBeacon instead of providing the abuse teams with reports one cannot action. Also, one could embed the NetBeacon tool in their own abuse reporting webpage, filtering out the irrelevant reports and sending them to NetBeacon for redirection to the relevant registrar.
* '''Flexible on format''': One could choose which email address the standardized report should go to, and pick human readable format or XARF, or consume reports via API.
* '''Customizable''': One was able to decide if reports were wanted instantly, or compiled and sent daily, and also which types of reports were  to be received (phishing, malware, botnets and spam).
* '''Simplifying Triage''': If some reporters send particularly useful reports (or not), they and their subsequent reports could be labeled to speed and simplify the triage processes.<ref name="netbeacon1"></ref>


==Objectives==
==Objectives==
* provide a free and easy-to-use site to report abuse
* provide a free and easy-to-use site to report abuse
* improve the quality of reports
* improve the quality of reports
* reduces barriers to action
* reduces barriers to action
* use saveable forms for DNS abuse reporting to standardize requirements and format
* use saveable forms for DNS abuse reporting to standardize requirements and format
* Report enrichment
* report enrichment
* Automatic distribution<ref>[https://74.schedule.icann.org/ At-Large Policy: An End User's Perspective on the Role of At-Large in DNS Abuse, ICANN 74]</ref>
* automatic distribution<ref>[https://74.schedule.icann.org/ At-Large Policy: An End User's Perspective on the Role of At-Large in DNS Abuse, ICANN 74]</ref>


==References==
==References==
{{reflist}}
{{reflist}}
__NOTOC__
__NOTOC__

Revision as of 21:33, 14 May 2024

NetBeacon Reporter, formerly NetBeacon, is a tool developed by the NetBeacon Institute in collaboration with CleanDNS to combat DNS Abuse.[1] The tool enables online abuse reporting, and provides vetting and identity verification for abuse complaints. Reports are routed to the relevant organizations after vetting.[1] It handles reports of malware, phishing, botnets, and spam.

History

NetBeacon grew out of a genuine need in the domain community about how to approach the problems DNS abuse presents. For this reason, the Net Beacon Institute (at the time named DNS Abuse Institute) worked to understand the complexities of mitigating DNS Abuse and the came up with programs and goals to fulfill their mission.[2]

In November 2021, Graeme Bunton, Director of the Institute, published that they were developing a Centralized Abuse Reporting Tool (CART). The intention of this tool was to provide a single platform to report DNS Abuse by outlining the evidence requirements for each abuse type, properly formatting and enriching the request details provided, and then forwarding it to the appropriate registry or registrar. The goal was to standardize reliable processes to improve both the act of reporting abuse and the abuse reports that registrars and registries receive. As part of it’s requirements gathering, the Institute researched the reporting processes of the largest registries and registrars in order to better understand how they accept reports of abuse. Publicly available information from registry and registrar websites was collected to obtain data on their abuse reporting implementations and processes.[3] They concluded that there two main - and interrelated - problems:

  • Complexity: Reporting DNS Abuse to registrars and registries currently requires technical knowledge and ability to navigate the entire ecosystem. This is onerous, confusing, non-standardized, and extremely difficult to do at Internet-scale.
  • Quality: The DNS Abuse reports that registrars and registries receive are frequently duplicative, unevidenced, unactionable, and often contain domains that aren’t related to them. This can consume time and resources with little of that effort improving the Internet. [2]

In April 2022, they provided updates and what the tool was going to be: an abuse reporting intermediary, which would improve the experience for people who want to report abuse by providing a single place to report DNS Abuse across the ecosystem in a simple, standardized fashion. A centralized solution had been called for in several important cross-community outputs, including in the recommendations of the Second Security and Stability Review Team (SSR2) and in the SAC 115: Report on an Interoperable Approach to Addressing Abuse, a report from ICANN’s Security and Stability Advisory Committee (SSAC). They also announced that the name CART would be changed to NetBeacon.[4]

In June 2022, the Institute, supported by Public Interest Registry (PIR) and CleanDNS launched NetBeacon.

The service is free and was directed at registrars. NetBeacon aimed to make it easier for registrars to receive actionable, high quality reports of phishing, malware, botnets, and spam. It also included customization to individual needs.

They claimed that their reports were:

  • Evidenced: The standardized abuse reporting forms prevent reporters from submitting a report that does not meet a basic evidentiary standard. The reports were enriched with additional external API sources (like Reputation Block Lists, Hybrid Analysis).
  • Relevant: The service associates the domain name with the relevant registrar to ensure that only reports relevant to your domains under management are received. There was also the possibility of redirecting potential reporters to use NetBeacon instead of providing the abuse teams with reports one cannot action. Also, one could embed the NetBeacon tool in their own abuse reporting webpage, filtering out the irrelevant reports and sending them to NetBeacon for redirection to the relevant registrar.
  • Flexible on format: One could choose which email address the standardized report should go to, and pick human readable format or XARF, or consume reports via API.
  • Customizable: One was able to decide if reports were wanted instantly, or compiled and sent daily, and also which types of reports were to be received (phishing, malware, botnets and spam).
  • Simplifying Triage: If some reporters send particularly useful reports (or not), they and their subsequent reports could be labeled to speed and simplify the triage processes.[2]

Objectives

  • provide a free and easy-to-use site to report abuse
  • improve the quality of reports
  • reduces barriers to action
  • use saveable forms for DNS abuse reporting to standardize requirements and format
  • report enrichment
  • automatic distribution[5]

References