Skip to main content

Raising Security Awareness, One Security Term at a Time

The Identifier Systems Security Stability and Resiliency Team (IS-SSR) is committed to raising security awareness among ICANN community members. Team members post regularly to the ICANN blog in a series we call Raising Security Awareness, One Security Term at a Time. To help you find these among the many posts at ICANN blog.

What Is a DNS Covert Channel? (8 December 2016)

In the first part of our covert channel series, I explained that a covert channel is an evasion or attack technique used to transfer information in a secretive and typically unauthorized or illicit manner. I also explained how one could create a covert channel using the Internet Protocol (IP) or the Internet Control Message Protocol (ICMP).In this part, I will explain why the Domain Name System (DNS) is also an attractive protocol for covert channels, and illustrate how the DNS could be used to create a covert download channel. More…

What Is an Internet Covert Channel? (29 August 2016)

A covert channel is an evasion or attack technique that is used to transfer information in a secretive, unauthorized or illicit manner. A covert channel can be used to extract information from or implant information into an organization. An Internet covert channel is the digital equivalent of a briefcase with a secret compartment that a spy might use to slip sensitive documents past security guards into or out of a secure facility. An attacker can use Internet covert channels to transmit sensitive documents unobserved – in this case, bypassing network security measures rather than bypassing security guards. More…

Metadata Collection And Controversy (27 June 2016)

In What Are Metadata?, I explained that metadata are data that describe or provide information about other data such as social media discussions, email exchanges or online transactions. Now that we have a common appreciation for what metadata are, let's consider how activities that involve metadata collection on a large scale can be sources of controversy. More…

Part I: What Are Metadata? (11 May 2016)

The concept of metadata is both simple and complicated. We readily understand what dataare: they are the information that we communicate, process or consume in our ever-growing digitized society. But what are metadata? More…

What is Privilege Escalation? (18 February 2016)

What is Privilege Escalation?

Parties engaged in cyber attacks are motivated to defeat authorization policies to gain access to sensitive business data, to defraud a merchant of goods or to steal money. These attackers often look for vulnerabilities that they can exploit to gain control over a computer system or application. Through such initial exploit paths, an attacker obtains access privileges. Next, the attacker will probe the system she's compromised to gain more privileges than what she initially gained. When an attacker expands her initial unauthorized access in this manner, we call the her efforts a privilege escalation attack. More…

Access Controls, User Permissions and Privileges (19 January 2016)

In my last post, What is Authorization and Access Control, I explained that we use authentication to verify identity – to prove you are who you claim to be – and also to enable an authorization policy, to define what your identity is allowed to "see and do". We then implement these authorization policies using security measures to grant or deny access to resources we want to control or protect.

The measures we use to implement authorization policies are called user access controls, user permissions or user privileges. More…

What is Authorization and Access Control? (02 December 2015)

You are probably familiar with the concept of authentication, the way that security systems challenge you to prove you are the customer, user, or employee whom you claim to be, using a password, token, or other form of credential. You may be less familiar with the concept of authorization, and the related term, access control.

Authentication verifies your identity and authentication enables authorization. An authorization policy dictates what your identity is allowed to do. More…

What is a Man in the Middle Attack? (02 November 2015)

Many years ago, your local telephone service may have been shared among you and many of your neighbors in what was called a party line. With a party line, any party on the shared circuit could listen in on, join in (welcomed or not), or disrupt any conversation. Ethernet and WiFi share this characteristic, and it's an important reason why everyone is encouraged to use encryption is to prevent the forms of eavesdropping common to shared media or party lines.

Eavesdropping is one of several kinds of attacks we call man in the middle attacks. Each man in the middle or MITM attacks involves an attacker (or a device) that can intercept or alter communications between two parties who typically are unaware that the attacker is present in their communications or transactions. Let's look at two examples of Internet MITM attacks. More…

Is This a Hack or an Attack? (15 September 2015)

Man wearing a hooded sweatshirt hacking a laptop with blue binary numbers overlapping everything in the photo

Nearly every day, we see news stories or tweets that reveal another "cyber attack" against a well-known brand, bank or government agency are commonplace today. These are almost always characterized as sophisticated hacking schemes.

Some are described as acts of hacktivism. In an effort to characterize certain attacks as the most sophisticated ever, one enthusiastic Wikipedia contributor uses the phrase advanced targeted computer hacking attack. However, the reality is that a cyber attack doesn't necessarily involve hacking, and a great many hacks have nothing to do with attacks. More…

Threats, Vulnerabilities and Exploits – oh my! (10 August 2015)

A Word Cloud of words related to hacking and computers, with 'Hacker' and 'computer' the most prominent words

Some of the most commonly used security are misunderstood or used as if they were synonymous. Certain of these security terms are so closely related that it's worth examining these together. Today, we'll look at several related terms – threat, vulnerability, and exploit – and learn how security professionals use these to assess or determine risk. More…

What is Two-Factor Authentication? (13 July 2015)

A black gloved hand reaching towards the word, 'PASSWORD' in pink, which is surrounded by wall of binary numbers

Passwords have proven time and again to be vulnerable to attacks. They can be guessed, stolen, intercepted or even traded away for candy bars. Entire databases of passwords have been breached, and such breaches are occurring altogether too frequently.

What if that stolen password wasn't the only "factor" an attacker needed to access your account? Suppose he needed something else? This is the principle behind multi-factor authentication: In addition to knowing a password, you must use something else to demonstrate that you are who you claim to be - and not someone who's stolen a password. More…

What is social engineering? (15 June 2015)

A Word Cloud of words related to cybercrime, with 'cybercrime' and 'security' the most prominent words

Social engineering is an attempt to influence or persuade an individual to take an action. Some social engineering has beneficial purposes; for example, a company may distribute a healthcare newsletter with information intended to influence you to get a flu shot.

But social engineering is commonly used by criminals to cause the recipient of an email, text, or phone call to share information (such as your online banking username and password, or personal identifying information such as your social security or passport number) or take an action that will benefit the criminal, not the individual. More…

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."