Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/26/2009
01:14 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

ICANN Develops Strategic Security Plan

Plan designed to enhance security, stability and resiliency of the Internet's naming and addressing systems

ICANN has developed a plan to enhance the security, stability and resiliency of the Internet's naming and addressing systems as called for in its Strategic Plan and in accordance within its bylaws.

The plan notes how the Internet has thrived by engaging many stakeholders who collaborate to foster communication, creativity and commerce in a global commons. The interoperability of the global commons depends on the operation and coordination of the Internet's unique identifier systems. ICANN and the operators of these systems acknowledge that maintaining and enhancing the security, stability and resiliency of these systems is a core element of their collaborative relationship. The plan notes the growing risks to the security, stability and resiliency of the unique identifier systems and the need to collaboratively address these risks.

The plan delineates ICANN's specific programs that will address security, stability and resiliency. It also details planned activities that will enhance its contributions through the next operational year. This first version of the plan is intended as a foundation for ICANN and its community to establish a framework for organizing its security, stability and resiliency efforts. The plan does not envision major new roles or programs for ICANN in this area.

The programs and initiatives in which ICANN plans to engage during the 2009-2010 operating year include:

  • Improving root zone management through automation; improve authentication of communications with TLD managers and support implementation of DNS Security Extensions (DNSSec)
  • Ensure the maturation of the gTLD registry continuity plan and test the data escrow system
  • Build on the collaborative efforts of the Internet security community efforts to effectively respond to malicious abuses of the Domain Name System (DNS).

    This Plan is posted for a 30-day public comment http://www.icann.org/en/public-comment/public-comment-200906.html#ssr and will also be the subject of a public comment forum at the Sydney meeting.

    The entire ICANN Plan for Enhancing Internet Security, Stability and Resiliency can be reviewed here http://www.icann.org/en/topics/ssr/ssr-draft-plan-16may09-en.pdf [PDF, 1,930K].

     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/13/2020
    Omdia Research Launches Page on Dark Reading
    Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
    Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
    Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-14300
    PUBLISHED: 2020-07-13
    The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in th...
    CVE-2020-14298
    PUBLISHED: 2020-07-13
    The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the co...
    CVE-2020-15050
    PUBLISHED: 2020-07-13
    An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
    CVE-2020-10987
    PUBLISHED: 2020-07-13
    The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
    CVE-2020-10988
    PUBLISHED: 2020-07-13
    A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.