Training on DNS Prevention, Detection, Disruption and Defense

FIRST and ICANN jointly put together a DNS-related training specific for incident responders, which can help them enhance their capabilities, better protect their constituents and help the global DNS remain secure, stable and resilient.

FIRST and the Internet Corporation for Assigned Names and Numbers (ICANN) have, for years, had a relationship of collaboration and cooperation. ICANN has to help make sure that the Domain Name System remains stable, resilient and secure, and by being good at their work, incident responders can help accomplish this goal while protecting their constituents and fulfilling their own goals. So, working together in certain areas makes a lot of sense.

One particular area of mutual interest is policy making at ICANN. Of course, this is not so much about tactical responses from incident responders, but rather about long-term strategy within the larger multi-stakeholder model, helping make sure that the policies that the ICANN community creates help them be more effective and efficient.

One other area of joint interest is capacity building. In this area, even though ICANN had been training communities like network and country code Top Level Domain (ccTLD) operators and law enforcement cybercrime units for over a decade, it hadn’t really developed a training specific to incident responders. So, in 2018 FIRST and ICANN jointly put together a training on ‘DNS: Prevention, Detection, Disruption and Defense’, which is specific for this community.

The training has been successfully delivered several times during FIRST regional meetings and annual conferences, the last of which was June 4, 2023 as one of the training sessions before the 35th Annual FIRST Conference in Montreal. The training is of a beginner/intermediate level and covers from the basics of how the DNS works and how domains get registered, to familiarizing the attendees with the types of information available in the DNS, how they can acquire it and how it can help them while responding to incidents. It includes a phishing investigation exercise and some cases that show sophisticated attacks using or leveraging the DNS.

Both ICANN and FIRST look forward to continuing to deliver the training to the members of FIRST and remain open to suggestions for improvement from previous attendees.

Published on FIRST POST: Jul-Sep 2023