Skip to main content
Resources

Raising Security Awareness, One Security Term at a Time

The Identifier Systems Security Stability and Resiliency Team (IS-SSR) is committed to raising security awareness among ICANN community members. Team members post regularly to the ICANN blog in a series we call Raising Security Awareness, One Security Term at a Time. To help you find these among the many posts at ICANN blog.

Access Controls, User Permissions and Privileges (19 January 2016)

In my last post, What is Authorization and Access Control, I explained that we use authentication to verify identity – to prove you are who you claim to be – and also to enable an authorization policy, to define what your identity is allowed to "see and do". We then implement these authorization policies using security measures to grant or deny access to resources we want to control or protect.

The measures we use to implement authorization policies are called user access controls, user permissions or user privileges. More…

What is Authorization and Access Control? (02 December 2015)

You are probably familiar with the concept of authentication, the way that security systems challenge you to prove you are the customer, user, or employee whom you claim to be, using a password, token, or other form of credential. You may be less familiar with the concept of authorization, and the related term, access control.

Authentication verifies your identity and authentication enables authorization. An authorization policy dictates what your identity is allowed to do. More…

What is a Man in the Middle Attack? (02 November 2015)

Many years ago, your local telephone service may have been shared among you and many of your neighbors in what was called a party line. With a party line, any party on the shared circuit could listen in on, join in (welcomed or not), or disrupt any conversation. Ethernet and WiFi share this characteristic, and it's an important reason why everyone is encouraged to use encryption is to prevent the forms of eavesdropping common to shared media or party lines.

Eavesdropping is one of several kinds of attacks we call man in the middle attacks. Each man in the middle or MITM attacks involves an attacker (or a device) that can intercept or alter communications between two parties who typically are unaware that the attacker is present in their communications or transactions. Let's look at two examples of Internet MITM attacks. More…

Is This a Hack or an Attack? (15 September 2015)

Man wearing a hooded sweatshirt hacking a laptop with blue binary numbers overlapping everything in the photo

Nearly every day, we see news stories or tweets that reveal another "cyber attack" against a well-known brand, bank or government agency are commonplace today. These are almost always characterized as sophisticated hacking schemes.

Some are described as acts of hacktivism. In an effort to characterize certain attacks as the most sophisticated ever, one enthusiastic Wikipedia contributor uses the phrase advanced targeted computer hacking attack. However, the reality is that a cyber attack doesn't necessarily involve hacking, and a great many hacks have nothing to do with attacks. More…

Threats, Vulnerabilities and Exploits – oh my! (10 August 2015)

A Word Cloud of words related to hacking and computers, with 'Hacker' and 'computer' the most prominent words

Some of the most commonly used security are misunderstood or used as if they were synonymous. Certain of these security terms are so closely related that it's worth examining these together. Today, we'll look at several related terms – threat, vulnerability, and exploit – and learn how security professionals use these to assess or determine risk. More…

What is Two-Factor Authentication? (13 July 2015)

A black gloved hand reaching towards the word, 'PASSWORD' in pink, which is surrounded by wall of binary numbers

Passwords have proven time and again to be vulnerable to attacks. They can be guessed, stolen, intercepted or even traded away for candy bars. Entire databases of passwords have been breached, and such breaches are occurring altogether too frequently.

What if that stolen password wasn't the only "factor" an attacker needed to access your account? Suppose he needed something else? This is the principle behind multi-factor authentication: In addition to knowing a password, you must use something else to demonstrate that you are who you claim to be - and not someone who's stolen a password. More…

What is social engineering? (15 June 2015)

A Word Cloud of words related to cybercrime, with 'cybercrime' and 'security' the most prominent words

Social engineering is an attempt to influence or persuade an individual to take an action. Some social engineering has beneficial purposes; for example, a company may distribute a healthcare newsletter with information intended to influence you to get a flu shot.

But social engineering is commonly used by criminals to cause the recipient of an email, text, or phone call to share information (such as your online banking username and password, or personal identifying information such as your social security or passport number) or take an action that will benefit the criminal, not the individual. More…

A note about tracking cookies:

This site is using "tracking cookies" on your computer to deliver the best experience possible. Read more to see how they are being used.

This notice is intended to appear only the first time you visit the site on any computer.Dismiss

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."