Line 31: |
Line 31: |
| ==Work Product== | | ==Work Product== |
| The Final Report indicated that [[ICANN Organization]] can improve the security of the [[DNS]] directly, through funded research and education, and indirectly through partnerships, community collaboration, and [[Contractual Compliance|contractual controls]] and offered 12 recommendations:<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, ICANN Community]</ref> | | The Final Report indicated that [[ICANN Organization]] can improve the security of the [[DNS]] directly, through funded research and education, and indirectly through partnerships, community collaboration, and [[Contractual Compliance|contractual controls]] and offered 12 recommendations:<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, ICANN Community]</ref> |
− | # Develop a Tabletop Exercise Program | + | # Develop a Tabletop Exercise Program to exercise incident-response procedures and identify operational gaps for services provided by registries and registrars and facilitate closing them |
− | # Continue Existing Work on [[DNS Abuse]] | + | # Continue developing the definitions of [[DNS Abuse]] and support the security and research communities in identifying and mitigating DNS abuse via SME research funding |
| # Investigate DNS Security Enhancements | | # Investigate DNS Security Enhancements |
| # Investigate Best Practices for Authentication | | # Investigate Best Practices for Authentication |
| # Empower [[CPH|Contracted Parties]] to adopt security enhancements to the domain registration systems and authoritative name services | | # Empower [[CPH|Contracted Parties]] to adopt security enhancements to the domain registration systems and authoritative name services |
− | # Bug Bounty Program Feasibility Funding | + | # OFfer Bug Bounty Program Feasibility Funding |
| # Educate DNS stakeholders to make available the appropriate standards-based authentication mechanisms for all interactions | | # Educate DNS stakeholders to make available the appropriate standards-based authentication mechanisms for all interactions |
| # Improve documentation and understanding of Registry Lock features and promote their use; explain the differences between Registry and Registrar Lock to registrants; facilitate the standardization of minimum requirements for Registry and Registrar Lock services | | # Improve documentation and understanding of Registry Lock features and promote their use; explain the differences between Registry and Registrar Lock to registrants; facilitate the standardization of minimum requirements for Registry and Registrar Lock services |
| # Raise Awareness of Best Practices for [[ICANN Terms#Infrastructure|Infrastructure]] Security by participating in initiatives such as [[MANRS]] and [[KINDNS]] and promoting the adoption of [[DMARC]], [[SPF]], [[TLSA]], [[DANE]], and [[DNSSEC]] | | # Raise Awareness of Best Practices for [[ICANN Terms#Infrastructure|Infrastructure]] Security by participating in initiatives such as [[MANRS]] and [[KINDNS]] and promoting the adoption of [[DMARC]], [[SPF]], [[TLSA]], [[DANE]], and [[DNSSEC]] |
| # Help the [[ICANN Community]], contracted parties, and others understand the risks and benefits of DNS [[RBL|Blocking]] and filtering for [[SSR|security and stability reasons]], best practices, tooling for DNS interdependencies to avoid large-scale collateral damage, using the Public Suffix List ([[PSL]]), sharing lists to avoid overblocking, and general reputation hygiene | | # Help the [[ICANN Community]], contracted parties, and others understand the risks and benefits of DNS [[RBL|Blocking]] and filtering for [[SSR|security and stability reasons]], best practices, tooling for DNS interdependencies to avoid large-scale collateral damage, using the Public Suffix List ([[PSL]]), sharing lists to avoid overblocking, and general reputation hygiene |
− | # Incident Responses | + | # Develop and deploy a formalized incident-response process across the DNS industry that allows for interaction with others in the ecosystem |
| # Raise Covert Channel Awareness | | # Raise Covert Channel Awareness |
| | | |