08_Infrastructure Security_2

00:00 - Content of this Chapter 00:06 - Coming back to our original problems … 00:27 - Attacking Names 00:32 - Attack Vectors (1) 00:38 - Attack Vectors (2) 00:42 - Attack Vectors (3) 00:44 - Attack Vectors (4) 00:53 - Attack Surface of the DNS 01:11 - Recap RFC 973 on trust in DNS, January 1986 02:08 - DNS problems we want to solve 02:32 - Content of this Chapter 02:37 - DNSSEC Design Objectives 04:13 - DNSSEC Fundamentals 05:28 - Two Objectives 05:38 - Two Objectives 06:18 - DNSSEC does not sign resource records individually 07:00 - DNSSEC signs Resource Record Sets 08:15 - DNSSEC distinguishes between two types of key pairs 08:44 - DNSSEC distinguishes between two types of key pairs 09:47 - Two Objectives 10:09 - Content of this Chapter 10:17 - DNSSEC applies a chain of trust to implement security 11:45 - Consequences of chain of trust 13:01 - Delegation Signer (DS) Record 14:06 - Resolving DNSSEC 15:42 - Chain of trust verification: Summary 17:40 - DNSSEC Trust Chain: Example 19:02 - Content of this Chapter 19:09 - Deployment Options@Clients 20:28 - DNSSEC deployment statistics 21:19 - Questions & Tasks