[dssa] DNS attack trees
Hello Mikey: Sorry I was not able to make yesterday's call. I submit the attached in case it is of any help to the team's efforts. It's a more complete version of the DNS attack tree that was included in the Baseline IT Sector Risk Assessment, a previous effort I was part of. Sorry for not sharing this earlier, but I was only recently reminded that what was included in the Risk Assessment was actually a summary of the attack tree that was built and tracked down the attached full tree as quickly as I could. Please note that the Risk Assessment was developed in 2008 and predates deployment of DNSSEC at the root. In case I have not shared the link before, the Baseline IT Sector Risk Assessment can be viewed at www.dhs.gov/xlibrary/assets/nipp_it_baseline_risk_assessment.pdf. Page 30 is where the DNS chapter/section starts. Regards, Scott C. Algeier Executive Director, IT-ISAC +1 703-385-4969 salgeier@xxxxxxxxxxx Attachment:
ITSRA Full DNS Attack Tree - 2009 ITSRA.ppt |