Network Security Workshop
 Chairman :  Yoshiaki Kasahara <kasahara@nc.kyushu-u.ac.jp>
 Yasuichi Kitamura <kita@jp.apan.net>
 Objectives :  
  1. To raise the security awareness and knowledge within APAN community.
  2. To exchange experience and knowledge in network security technologies and issues.
  3. To cooperate with other international security efforts to raise security awareness, capabilities and interoperation globally.
 Security related topics includes protection of the physical, intellectual, and electronic assets of the APAN and other network, including its security policies, network access controls, virus protection, network administration, auditing, and transaction security.

 Target Audience :  Researchers, Scientists, Network Engineers
 Expected Number of Participants :  40
 Agenda :  

Session Chair: Yoshiaki Kasahara


1. Routing security - BGP -   Yoshinobu Matsuzaki , (Internet Initiative Japan)   Slides

The BGP is a critical routing protocol for the Internet. And it's reported there are 'prefix hijacking' events in the global BGP routing table. I will share the best current practice to prevent such a hijacking event, and also describe about a route monitoring system that is operated by The Telecom-isac Japan.

2. DNS RPZ: Implementing Shared Security Policy In The Domain Name System -   Paul Vixie , (Internet Systems Consortium)   Slides

The Domain Name System is the world's first distributed coherent reliable autonomous database, and is one of the keystone technologies that makes the Internet possible. In recent years growth in the domain name system has been predominantly in the form of criminal or "junk" names whose value proposition is one sided. With DNS RPZ, it is now possible for DNS analysts and operators to publish and subscribe to a policy framework and reputation data feeds that can help manage these worthless names and therefore protect end-users from some forms of online crime or harassment.

This presentation will explore the motives and capabilities of DNS RPZ.

3. Security Information Exchange and Passive DNS Database -   Paul Vixie , (Internet Systems Consortium)

For a distributed system to be observable it is necessary that operators and analysts cooperate and that a standard framework for data collection and data sharing be used. We at Internet Systems Consortium (ISC, a nonprofit public benefit technology company in California) have created such a framework using our NMSG tool set and our Security Information Exchange (SIE). We now collect and share about five hundred megabits per second of operational telemetry among dozens of operators and analysts. Our newest project is to postprocess the DNS data flows seen at ISC SIE into a passive DNS database called ISC DNSDB.

In this presentation the NMSG tool set and Security Information Exchange will be described, and ISC DNSDB will be demonstrated.

 Remarks :  

© Copyright 2009 - 2011 APAN | | Last updated: 14 Feb 2011