DOCSLIB.ORG

TCP/IP: DNS the Domain Name System Domain Hierarchy Servers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
TCP/IP: DNS the Domain Name System Domain Hierarchy Servers The Domain Name System • Database that primarily maps IP addresses (147.188.192.42) to names (www.cs.bham.ac.uk) and viceversa – Nice properties: distributed, coherent, reliable, autonomous, and hierarchical • DNS namespace has tree structure TCP/IP: DNS – Domain is a node in this tree – All nodes except the root have labels (e.g., www) – Fully qualified name: nodes labels, bottom up, each followed by a dot • Nodes are grouped (clique) into zones (administrative boundaries) – Apex is called the “start of authority” Network Security – Bottom edges with other zones below them are “delegation points” – Bottom nodes with no other zones below them are “leaf nodes” Lecture 8 – Each zone is served by authority servers • Nodes store actual content in resource records (RRs) – RR: name, class, type, TTL, and data – Data can map IP to host name and viceversa – Data can specify the mail server for domain • More: P. Vixie, “DNS Complexity ”, ACM Queue, 2007 Eike Ritter Network Security - Lecture 8 2 Domain hierarchy Mapping names to IPs and viceversa Can a host name be mapped to many IP addresses? . (root) • – Yes. For example, load balancing $ nslookup www.google.com Name: www.l.google.com Address: 209.85.143.99 Name: www.l.google.com arpa com net uk Address: 209.85.143.104 • Can an IP address be mapped to many domain names? – Yes. For example web hosting in-addr google lloydstsb co ac (Some) domains seen at 74.125.53.132: amomsrantings.blogspot.com, bloxee.blogspot.com, 147 google bham culturadohashi.blogspot.com, ocedeloguxuf.blogspot.com, 188 opensocial.googleusercontent.com, www-blogger-, ads.gmodules.com,, www.gmodules.com, … 192 ph cs – Tool: Passive DNS replication @ BFK 42 Eike Ritter Network Security - Lecture 8 3 Eike Ritter Network Security - Lecture 8 4 Servers Clients • Primary authoritative server • Often called “resolvers” – Authoritative for a zone – Loads mappings from local configuration (file on disk) • Most often they do not cache (“stub • Secondary authoritative server resolver”) – Backup • Rely on recursive service of their designated – Their zone data comes to them from primary servers via a zone transfer procedure full resolver $ cat /etc/resolv.conf • Recursive and caching server search cs.bham.ac.uk – Caches query results until their TTL expires nameserver 147.188.192.4 nameserver 147.188.192.8 – Implements the recursive algorithm needed to locate a RR • Tools: nslookup, dig, host Eike Ritter Network Security - Lecture 8 5 Eike Ritter Network Security - Lecture 8 6 Queries Example $ dig google.com • Recursive • Specify the information ;; Got answer: – Client asks the server to respond requested (type of query) ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34072 with either the requested resource − A: address of host ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0 record or error message if none − NS: authoritative name server for exists domain ;; QUESTION SECTION: ;google.com. IN A – If DNS server does not have the − CNAME: canonical name queried information, it queries other servers until it gets the − MX: mailer for host ;; ANSWER SECTION: information (or the query fails) − TXT google.com. 300 IN A 209.85.143.99 • Iterative • Are identified by ID field (16 bits) google.com. 300 IN A 209.85.143.104 – Client asks the server to respond • Can be done over UDP or TCP ;; AUTHORITY SECTION: with the best answer it can − Typically UDP; TCP for larger google.com. 172800 IN NS ns4.google.com. provide, given its cache or zone responses google.com. 172800 IN NS ns1.google.com. data google.com. 172800 IN NS ns2.google.com. – If DNS server does not have the google.com. 172800 IN NS ns3.google.com. queried information, it may respond with a referral to server ;; Query time: 21 msec that may have it ;; SERVER: 147.188.192.4#53(147.188.192.4) ;; WHEN: Wed Feb 2 18:29:31 2011 ;; MSG SIZE rcvd: 132 Eike Ritter Network Security - Lecture 8 7 Eike Ritter Network Security - Lecture 8 8 Example DNS query % dig +norecurse google.com ;; Got answer: 13:30:08.018705 IP 10.4.130.214.51103 > 147.188.128.102.53: 1313+ A? ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52597 google.com. (28) ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0 13:30:08.047483 IP 147.188.128.102.53 > 10.4.130.214.51103: 1313 5/13/0 ;; QUESTION SECTION: A 74.125.230.114, A 74.125.230.115, A 74.125.230.116, A 74.125.230.112, ;google.com. IN A A 74.125.230.113 (319) ;; AUTHORITY SECTION: com. 172794 IN NS i.gtld-servers.net. com. 172794 IN NS e.gtld-servers.net. com. 172794 IN NS l.gtld-servers.net. com. 172794 IN NS c.gtld-servers.net. com. 172794 IN NS h.gtld-servers.net. com. 172794 IN NS d.gtld-servers.net. com. 172794 IN NS b.gtld-servers.net. com. 172794 IN NS g.gtld-servers.net. com. 172794 IN NS f.gtld-servers.net. com. 172794 IN NS a.gtld-servers.net. com. 172794 IN NS k.gtld-servers.net. com. 172794 IN NS j.gtld-servers.net. com. 172794 IN NS m.gtld-servers.net. Eike Ritter Network Security - Lecture 8 9 Eike Ritter Network Security - Lecture 8 10 DNS spoofing Defense: double reverse lookup ns1.example.com server2.example.com 172.16.48.2 • Given IP address I 1, obtains the name N ns1.evil.com 2.-3. – Mapping is provided by name server responsible 1. for I 1, which may well be completely untrustworthy Assumption: server1 trusts connection from • Given N, obtain its address I .example.com 2 1) attacker connects to server1 – Mapping is provided by name server responsible Attacker: from 6.6.6.6 server1.example.com 6.6.6.6 2) server1 looks up the name 172.16.48.1 for N. In the scenario before, this name server is associated with 6.6.6.6 trusted 3) ns1.evil.com replies “server2.example.com” 4) Server1 grants access to • Check if I 1 = I2 attacker Eike Ritter Network Security - Lecture 8 11 Eike Ritter Network Security - Lecture 8 12 DNS hijacking DNS hijacking • DNS does not provide any means of authentication A 74.125.230.115 • Racing against the queried named server it is A? google.com possible to provide a fake IP address/domain name mapping A 172.16.48.1 – Attacker could mount attack against client ns1.example.com – Attacker could mount attack against name server Victim: Attacker: • The attacker needs to set correctly the request ID 172.16.48.2 172.16.48.1 – Easy if attack done on the same LAN (sniffing) – Need to guess if done blindly Eike Ritter Network Security - Lecture 8 13 Eike Ritter Network Security - Lecture 8 14 DNS amplification attack DNS poisoning • Certain queries can cause large responses • Certain DNS implementations used to cache – TXT, ANY query – Queries for “.” (root) anything contained in a DNS reply • Most typically, queries done over UDP • Malicious DNS server would return a reply with • Do you see a problem here? (remember smurf attacks?) additional answers that would poison the • DNS amplification attack: victim’s cache – The attacker spoofs the source IP address to be the address of the victim – Query for foo.com answered with additional section – Sends these “expensive” queries to a large number of servers containing the IP address of bank.com – Servers will send the response to the victim, overloading it • Defenses: – Can you use it to bypass the double reverse lookup? – Don’t allow open recursive servers, that is recursive servers that respond queries from external clients • Solution: only accept additional information that – Respond to expensive queries from untrusted parties with shorter error is relative to the domain being queried (bailiwick messages (REFUSED answer, instead of providing the list of root servers) check) Eike Ritter Network Security - Lecture 8 15 Eike Ritter Network Security - Lecture 8 16 DNS poisoning Kaminsky attack A? google.com • Attacker forces recursive resolver ID = 1234 • Technique to “speed up” the poisoning attack to initiate a DNS query ns.victim.com ns.google.com • Attacker sends query for 000001.bank.com • As the resolver is waiting for • Recursive server recursively attempts to answer the query contacting answer from authority resolver, authoritative server of bank.com (ID = 1234) attacker forges answers • Attacker sends a number of spoofed responses (trying to guess the correct • Attacker needs to guess all the ID) with 2 parts: transactional elements used in – Answer for 000001.bank.com is arbitrary the victim’s query – Authority section that claims a malicious IP is the NS for the bank.com zone – Query ID • If the attacker guesses the ID and port number, Bailiwick check passes – Port number IN A google.com • If success, victim will store wrong 172.16.48.1 • If the attacker is unsuccessful, the correct answer (likely, NXDOMAIN) arrives first and is accepted IP-domain mapping ID = 1234 • If attacker looses the race, he will • But now attacker can simply try again, querying for 000002.bank.com have to wait until the correct – Attacker does not need to wait for TTL to expire response expires (TTL field) – Order of several days, typically Attacker 172.16.48.1 Eike Ritter Network Security - Lecture 8 17 Eike Ritter Network Security - Lecture 8 18 PGP • Alice signs a message as follows: $ gpg –s –a msg.txt and sends it to Bob via regular email • What security properties are guaranteed? – Integrity? In form of a quiz – Confidentiality? – Authenticity? TCP/IP RECAP • Would anything change if Alice signed the message in binary format, i.e., without using the –a flag? Eike Ritter Network Security - Lecture 8 19 Eike Ritter Network Security - Lecture 8 20 IP addresses IP You’re monitoring traffic between A and C.
Load more

Recommended publications
  • Configuring DNS
    Configuring DNS The Domain Name System (DNS) is a distributed database in which you can map hostnames to IP addresses through the DNS protocol from a DNS server. Each unique IP address can have an associated hostname. The Cisco IOS software maintains a cache of hostname-to-address mappings for use by the connect, telnet, and ping EXEC commands, and related Telnet support operations. This cache speeds the process of converting names to addresses. Note You can specify IPv4 and IPv6 addresses while performing various tasks in this feature. The resource record type AAAA is used to map a domain name to an IPv6 address. The IP6.ARPA domain is defined to look up a record given an IPv6 address. • Finding Feature Information, page 1 • Prerequisites for Configuring DNS, page 2 • Information About DNS, page 2 • How to Configure DNS, page 4 • Configuration Examples for DNS, page 13 • Additional References, page 14 • Feature Information for DNS, page 15 Finding Feature Information Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
    [Show full text]
  • Adopting Encrypted DNS in Enterprise Environments
    National Security Agency | Cybersecurity Information Adopting Encrypted DNS in Enterprise Environments Executive summary Use of the Internet relies on translating domain names (like “nsa.gov”) to Internet Protocol addresses. This is the job of the Domain Name System (DNS). In the past, DNS lookups were generally unencrypted, since they have to be handled by the network to direct traffic to the right locations. DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by using HTTPS to provide privacy, integrity, and “last mile” source authentication with a client’s DNS resolver. It is useful to prevent eavesdropping and manipulation of DNS traffic. While DoH can help protect the privacy of DNS requests and the integrity of responses, enterprises that use DoH will lose some of the control needed to govern DNS usage within their networks unless they allow only their chosen DoH resolver to be used. Enterprise DNS controls can prevent numerous threat techniques used by cyber threat actors for initial access, command and control, and exfiltration. Using DoH with external resolvers can be good for home or mobile users and networks that do not use DNS security controls. For enterprise networks, however, NSA recommends using only designated enterprise DNS resolvers in order to properly leverage essential enterprise cybersecurity defenses, facilitate access to local network resources, and protect internal network information. The enterprise DNS resolver may be either an enterprise-operated DNS server or an externally hosted service. Either way, the enterprise resolver should support encrypted DNS requests, such as DoH, for local privacy and integrity protections, but all other encrypted DNS resolvers should be disabled and blocked.
    [Show full text]
  • Chapter 2. Application Layer Table of Contents 1. Context
    Chapter 2. Application Layer Table of Contents 1. Context ........................................................................................................................................... 1 2. Introduction .................................................................................................................................... 2 3. Objectives ....................................................................................................................................... 2 4. Network application software ....................................................................................................... 2 5. Process communication ................................................................................................................. 3 6. Transport Layer services provided by the Internet ....................................................................... 3 7. Application Layer Protocols ........................................................................................................... 4 8. The web and HTTP .......................................................................................................................... 4 8.1. Web Terminology ................................................................................................................... 5 8.2. Overview of HTTP protocol .................................................................................................... 6 8.3. HTTP message format ...........................................................................................................
    [Show full text]
  • Analysis of Malware and Domain Name System Traffic
    Analysis of Malware and Domain Name System Traffic Hamad Mohammed Binsalleeh A Thesis in The Department of Computer Science and Software Engineering Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy at Concordia University Montréal, Québec, Canada July 2014 c Hamad Mohammed Binsalleeh, 2014 CONCORDIA UNIVERSITY Division of Graduate Studies This is to certify that the thesis prepared By: Hamad Mohammed Binsalleeh Entitled: Analysis of Malware and Domain Name System Traffic and submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy complies with the regulations of this University and meets the accepted standards with respect to originality and quality. Signed by the final examining committee: Chair Dr. Christian Moreau External Examiner Dr. Nadia Tawbi Examiner to Program Dr. Lingyu Wang Examiner Dr. Peter Grogono Examiner Dr. Olga Ormandjieva Thesis Co-Supervisor Dr. Mourad Debbabi Thesis Co-Supervisor Dr. Amr Youssef Approved by Chair of the CSE Department 2014 Dean of Engineering ABSTRACT Analysis of Malware and Domain Name System Traffic Hamad Mohammed Binsalleeh Concordia University, 2014 Malicious domains host Command and Control servers that are used to instruct in- fected machines to perpetuate malicious activities such as sending spam, stealing creden- tials, and launching denial of service attacks. Both static and dynamic analysis of malware as well as monitoring Domain Name System (DNS) traffic provide valuable insight into such malicious activities and help security experts detect and protect against many cyber attacks. Advanced crimeware toolkits were responsible for many recent cyber attacks. In order to understand the inner workings of such toolkits, we present a detailed reverse en- gineering analysis of the Zeus crimeware toolkit to unveil its underlying architecture and enable its mitigation.
    [Show full text]
  • Internet Domain Name System
    IINNTTEERRNNEETT DDOOMMAAIINN NNAAMMEE SSYYSSTTEEMM http://www.tutorialspoint.com/internet_technologies/internet_domain_name_system.htm Copyright © tutorialspoint.com Overview When DNS was not into existence, one had to download a Host file containing host names and their corresponding IP address. But with increase in number of hosts of internet, the size of host file also increased. This resulted in increased traffic on downloading this file. To solve this problem the DNS system was introduced. Domain Name System helps to resolve the host name to an address. It uses a hierarchical naming scheme and distributed database of IP addresses and associated names IP Address IP address is a unique logical address assigned to a machine over the network. An IP address exhibits the following properties: IP address is the unique address assigned to each host present on Internet. IP address is 32 bits 4bytes long. IP address consists of two components: network component and host component. Each of the 4 bytes is represented by a number from 0 to 255, separated with dots. For example 137.170.4.124 IP address is 32-bit number while on the other hand domain names are easy to remember names. For example, when we enter an email address we always enter a symbolic string such as [email protected]. Uniform Resource Locator URL Uniform Resource Locator URL refers to a web address which uniquely identifies a document over the internet. This document can be a web page, image, audio, video or anything else present on the web. For example, www.tutorialspoint.com/internet_technology/index.html is an URL to the index.html which is stored on tutorialspoint web server under internet_technology directory.
    [Show full text]
  • Secure Shell- Its Significance in Networking (Ssh)
    International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: [email protected] Volume 4, Issue 3, March 2015 ISSN 2319 - 4847 SECURE SHELL- ITS SIGNIFICANCE IN NETWORKING (SSH) ANOOSHA GARIMELLA , D.RAKESH KUMAR 1. B. TECH, COMPUTER SCIENCE AND ENGINEERING Student, 3rd year-2nd Semester GITAM UNIVERSITY Visakhapatnam, Andhra Pradesh India 2.Assistant Professor Computer Science and Engineering GITAM UNIVERSITY Visakhapatnam, Andhra Pradesh India ABSTRACT This paper is focused on the evolution of SSH, the need for SSH, working of SSH, its major components and features of SSH. As the number of users over the Internet is increasing, there is a greater threat of your data being vulnerable. Secure Shell (SSH) Protocol provides a secure method for remote login and other secure network services over an insecure network. The SSH protocol has been designed to support many features along with proper security. This architecture with the help of its inbuilt layers which are independent of each other provides user authentication, integrity, and confidentiality, connection- oriented end to end delivery, multiplexes encrypted tunnel into several logical channels, provides datagram delivery across multiple networks and may optionally provide compression. Here, we have also described in detail what every layer of the architecture does along with the connection establishment. Some of the threats which Ssh can encounter, applications, advantages and disadvantages have also been mentioned in this document. Keywords: SSH, Cryptography, Port Forwarding, Secure SSH Tunnel, Key Exchange, IP spoofing, Connection- Hijacking. 1. INTRODUCTION SSH Secure Shell was first created in 1995 by Tatu Ylonen with the release of version 1.0 of SSH Secure Shell and the Internet Draft “The SSH Secure Shell Remote Login Protocol”.
    [Show full text]
  • A Diversified Set of Security Features for XMPP Communication Systems
    International Journal on Advances in Security, vol 6 no 3 & 4, year 2013, http://www.iariajournals.org/security/ 99 A Diversified Set of Security Features for XMPP Communication Systems Useful in Cloud Computing Federation Antonio Celesti, Massimo Villari, and Antonio Puliafito DICIEAMA, University of Messina Contrada di Dio, S. Agata, 98166 Messina, Italy. e-mail: facelesti, mvillari, apuliafi[email protected] Abstract—Nowadays, in the panorama of Cloud Computing, Presence Protocol (XMPP), i.e., an open-standard commu- finding a right compromise between interactivity and security nications protocol for message-oriented middleware based is not trivial at all. Currently, most of Cloud providers base on the XML (Extensible Markup Language). On one hand, their communication systems on the web service technology. The problem is that both Cloud architectures and services the XMPP is able to overcome the disadvantages of web have started as simple but they are becoming increasingly services in terms of performance, but on the other hand complex. Consequently, web services are often inappropriate. it lacks of native security features for addressing the new Recently, many operators in both academia and industry are emerging Cloud computing scenarios. evaluating the eXtensible Messaging and Presence Protocol for In this paper, we discuss how the XMPP can be adopted the implementation of Cloud communication systems. In fact, the XMPP offers many advantages in term of real-time capa- for the development of secure Cloud communication sys- bilities, efficient data distribution, service discovery, and inter- tems. In particular, we combine and generalize the assump- domain communication compared to web service technologies. tions made in our previous works respectively regarding how Nevertheless, the protocol lacks of native security features.
    [Show full text]
  • Domain Name System System Work?
    What is the DNS? - how it works Isaac Maposa | Dev Anand Teelucksingh | Beran Gillen Community Onboarding Program | 11 March 2017 Agenda 1 2 3 What is the Domain Structure of the How does the Name System? Domain Name Domain Name System System Work? 4 5 6 Who makes the Stakeholders in the Engage with ICANN Domain Name Domain Name ??? System Work? System. | 2 What is the Domain Name System (DNS)? The Internet, what is it..? ● The Internet is a network of networks that interconnects devices to exchange information. ● In order to “talk” to each other, all of these devices must have a unique numerical address called an Internet Protocol address or IP Address. An example of an IP address is 94.127.53.132 ● When you visit a website from your browser, you are requesting the website from your device’s IP address to the web server’s IP address. ● However, you don’t type in the ip address of the web server, rather the domain name of for example www.google.com ● In so doing, you have queried the DNS. ● So what is this DNS???? | 4 What is the Domain Name System? ● The Domain Name System or DNS overcomes this problem of remembering IP addresses by mapping domain names to IP addresses. ● While this sounds like a phone book, it is not a centralised database. ● The DNS is a distributed database across a hierarchy of networks of servers and provide ways for devices and software (like browsers and email) to query the DNS to get an IP address. ● Domain names must be unique.
    [Show full text]
  • Iot Communications a 5G Smart Cities Case Study Approach
    1 End to End VANET/ IoT Communications A 5G Smart Cities Case Study Approach Melvin Hayes1 and Tamer Omar2 Department of Technology Management, Indiana State University Terre Haute 1 Department of Electrical and Computer Engineering, Cal-Poly Pomona 2 Email: [email protected], [email protected] Abstract—This paper investigates the infrastructure to vehi- in achieving end-to-end communications for IoT datum and cle and infrastructure to cloud connectivity and reliability in meta-data collection and dissemination platform for IoV. the vehicular ad hoc networks (VANET) area of Intelligent Transportation Systems (ITS). A key focus of this work is to Furthermore, this work highlights and investigates the role investigate protocols that will enhance real-time, robust and that Zero-Configuration a set of technologies that can auto- reliable communication methods, and complement autonomous vehicles’ navigation experiences within smart cities. The main matically creates a usable RSUs network based on the Internet areas of study include highway infrastructure that include the Protocol Suite to support the proposed end to end communi- Wireless Sensor Networks (WSN) to the Cloud (web service) and cations systems design. This work is predominately interested vice-versa. The pertinent cloud-based data will be communicated in the upper layers of the data communication protocols for to subscribed vehicles (with password access) to complete the the Internet of Things (IoT) harmonization of WSN devices V2I and I2V communication cycle. The data collected from the WSN is communicated to the cloud via XML over XMPP, that can be used for a Vehicular Ad-Hoc Network (VANET) zero configuration, and mDNS protocols.
    [Show full text]
  • Electronic Mail
    Electronic Mail • The protocols used for Internet email can be divided into three broad categories transfer program interface application interface application 33 The Simple Mail Transfer Protocol (()SMTP) • The Simple Mail Transfer Protocol (SMTP) is the standard protocol that a mail transfer program uses • SMTP can be characterized as: – Follows a stream paradigm – Uses textual control messages – Only transfers text messages – Allows a sender to specify recipients’ names and check each name • SMTP can sen d a s ing le message to mu ltilltiple rec iiipien ts – The protocol allows a client to list users and then send a single copy of a message for all users on the list • SMTP has a restriction to send only textual content – MIME standard that allows email to include attachments such as graphic images or binary files – MIME: Multipurpose Internet Mail Extension 34 Response of the server with a code Establishing a session! linefeed and Carriage Return John (on example.edu) is sending an email to Math and Paul on somewhere.com 35 linefeed and Carriage Return Other commands 36 ISPs, Mail Servers, and Mail Access • ISPs began offer email services – An ISP runs an email server and provides a mailbox for each user • each ISP provides interface that allows a user to access their mailbox • Email access follows one of two forms: – A special-purpose email interface application (OUTLOOK) –A web browser that accesses an email web page 37 ISPs, Mail Servers, and Mail Access • The web browser approach is straightforward: – an ISP provides a special
    [Show full text]
  • Federal Register/Vol. 80, No. 193/Tuesday, October 6, 2015
    Federal Register / Vol. 80, No. 193 / Tuesday, October 6, 2015 / Notices 60363 identification card for access to federal and capabilities, but no earlier than Based Security for Electronic Mail facilities if such license or identification November 5, 2015. When the building Building Block. The full building block card is issued by a state that is block has been completed, NIST will description can be viewed at: http:// compliant with the REAL ID Act of 2005 post a notice on the Domain Name nccoe.nist.gov/DNSSecuredEmail. (P.L. 109–13), or by a state that has an System-Based Security for Electronic Interested parties should contact NIST extension for REAL ID compliance. Mail Building Block Web site at using the information provided in the NIST currently accepts other forms of http://nccoe.nist.gov/DNSSecuredEmail FOR FURTHER INFORMATION CONTACT federal-issued identification in lieu of a announcing the completion of the section of this notice. NIST will then state-issued driver’s license. For building block and informing the public provide each interested party with a detailed information please contact Ms. that it will no longer accept letters of letter of interest template, which the Young or visit: http://www.nist.gov/ interest for this building block. party must complete, certify that it is public_affairs/visitor/. ADDRESSES: The NCCoE is located at accurate, and submit to NIST and which 9600 Gudelsky Drive, Rockville, MD identifies the organization requesting Richard Cavanagh, 20850. Letters of interest must be participation in the Domain Name Acting Associate Director for Laboratory submitted to [email protected] System-Based Security for Electronic Programs.
    [Show full text]
  • M-Link Administration Guide M-Link Administration Guide Ii
    MLINKADM-17.0 M-Link Administration Guide M-Link Administration Guide ii Table of Contents Chapter 1 Isode M-Link Overview............................................................................................. 1 This chapter gives an overview of Isode M-Link. Chapter 2 M-Link: Getting Started........................................................................................... 4 This chapter discusses M-Link Server creation. Chapter 3 Domains.................................................................................................................... 47 This chapter describes how M-Link Console can be used to view, modify, create and delete domains. Chapter 4 Con®guring Groups................................................................................................. 52 This chapter discusses how M-Link Console can be used to view, modify, create and delete groups for an M-Link service. Chapter 5 Con®guring TLS...................................................................................................... 54 This chapter discusses how to manage TLS con®guration of an M-Link service. Chapter 6 M-Link User Management...................................................................................... 68 This chapter discusses provisioning of user, user authentication and authorization, and groups. Chapter 7 Security Labels in XMPP........................................................................................ 90 This chapter discusses M-Link con®guration of security labels. Chapter 8 M-Link Edge, Peers
    [Show full text]