Public policy plays an important role in keeping business computing safe and secure. Companies may have some difficulty keeping up-to-date as these policies change. This is why it is important for businesses to turn to innovative solutions that will guide them through the constantly changing landscape of public policy. Watch the video below as the team from ThreatSTOP discusses public policy, DNS policy, and risk.

 

 

Understanding Public Policy and DNS Policy

Public policy refers to the basic principles and guidelines set forth by the government and other regulatory bodies. Public policy can refer to any area. This includes how businesses and individuals use web resources for communication and transactions.

DNS policy focuses specifically on the rules and regulations governing the management and operation of domain names. DNS policies cover registration, security, privacy and compliance. Compliance with DNS policies is vital to maintain a secure and trustworthy internet presence.


One-Click Sanctions Compliance with ThreatSTOP

ThreatSTOP offers a comprehensive solution to address the challenges posed by DNS policy compliance and risk management. Through its innovative platform, ThreatSTOP enables organizations to achieve one-click sanctions compliance with little effort.

The company simplifies DNS policy compliance by consolidating multiple policy requirements into a unified framework. This streamlines the process for organizations, eliminating the need for extensive manual configurations and reducing the risk of oversight.

ThreatSTOP also offers real-time threat intelligence feeds, allowing companies to stay up-to-date with the latest known cyber risks. By leveraging this intelligence, organizations can proactively block access to potentially harmful resources, bolstering their security posture.

Are you confused by seemingly constant changes to policies? Are you worried how changes in public policy might put you at risk? Contact ThreatSTOP today. We will help you navigate the murky waters of public policy, DNS policy and risk with one click sanctions compliance. ThreatSTOP stops the threats your business faces every day.

Get a Demo

 

Learn More:

What DNS Security Does A Typical Enterprise Need?

DNS Defense Cloud 

DNS Defense 

 

Video Transcript
0:28 Protect your network
1:29 Issues?
3:00 Man-in-the-middle
4:17 Designations
4:41Existence of Russian controlled entities 
5:08 Sanctions
5:35 No more plausible deniability
5:57 Case example
6:37 Public policy; Business risks

My name is Paul Mockapetris. I'm Chief Scientist at ThreatSTOP. I'm here with Tom Byrnes, the CEO and Ofir Ashman, our head of security. 

Today's subject, we're going to talk about public policy, DNS policy, and risk or how to get to one-click compliance.
0:28 Protect your network

Protecting your network today has a new dimension. You have all the traditional worries about malware, spam, and DDOS, and techniques for dealing with that. Your firewalls, DNS filtering, antivirus, etc. 

Public policy I.E your government adds some new dimensions. One of those is sanctions enforcement. So for example, the United States has 20 different sanction types. One of those we're going to be using as an example is Russia and the Ukraine. In addition to all of those sanctions, there also is an increasing set of legal issues that's coming up. Right now Sony in Japan is suing a pirate website and trying to turn off access to the pirate website via DNS filtering in Germany. This is not a new idea but it's still out there.

1:29 Issues?
So what we want to do first of all is talk about what the issues are. There's a dynamic geography going on back in February when Russia invaded the Ukraine. Not only did their tanks roll in, but their I.T. guys joined the battle and rerouted traffic in the areas that they overran back through Russia, so that you could be talking to somebody in Melita poll and you thought that it's a Ukraine ISP and you're all safe, but in reality, that traffic is being funneled back through Russia.

Crimea has been that way for a long time. So what you need to do in particular if you're worried about, say doing commerce with people in those areas, is how to figure out who the good guys are and where the boundary is today.

We think the only good solution here is a solution that automates that because of the changing conditions. So one of the things you do is you take a look at how the traffic is being routed; it's a technical issue, and if traffic is coming from the Ukraine but it's being routed through Moscow, you might or might not want to actually do that, look at that traffic, and you might or might not want to do business with people who might or might not have a gun at their heads.

3:00 Man-in-the-middle
Why is this man-in-the-middle for all the traffic being taken back through Moscow? Why is it so significant? Well, if the traffic is going through Russian infrastructure shown here with the Z, or a similar method with BGP hijacking. The man-in-the-middle is free to inject new traffic shown here as the arrows coming out of the Russian infrastructure, so you can jack traffic that looks like it's coming from the good guys.
It's also free to meddle with the traffic that's passing through, DDOS attacks, lots of possibilities here, and you might say, well, okay, I have DNS SEC and I have the certificates, and I have http, but in point of fact, DNS SEC is not deployed in some large services like for example, Outlook, and certificate attacks from the hundreds of root certificate. Authorities is another well-known method, so you really would rather not have this possibility and be exposed to it.

4:17 Designations
Complicating it, the designations that have been made by different countries for different kinds of sanctions over Russia and these other regimes number in the thousands. So just keeping track of the rules is hard, and you might say, well I don't really have to worry about it. I can ignore it.

4:41Existence of Russian controlled entities 
But the Russian-controlled entities exist not only in Russia, but also in Africa, Cyprus, Kazakhstan. Belarus you might expect, but there's a global issue here with sanctions that when you're talking about controlled entities, Russian or not, we have to be aware of.

5:08 Sanctions
Ignoring these sanctions is not really a choice. The Huawei CFO found that out when she landed in Vancouver, and just recently Graham Bonham Carter, one of the more elite people in the UK found themselves the subject of the Department of Justice action. So no one is really immune here. You have to pay attention to these rules.

5:35 No more plausible deniability
“I don't know”, “I didn't know” doesn't really cut it as a defense. Here we have a company that was pretty much innocent, and as a result of that, they only had to pay four million dollars in sanctions rather than what would have happened if they thought that this is a willful infraction.

5:57 Case example
You might say, well this is all over; the battle lines have stabilized. But just last Friday, April 6th, Microsoft got hit with three million over Russian sanctions and these were sanctions involving Crimea among other places which the Russians took over in 2014.

So the arm of the law will reach back to get you. Three million dollars might not be much to Microsoft but it might be a lot to your business, and again this is where Microsoft turned themselves in and said please forgive us. They said well okay, that'll be three million.

6:37 Public policy; Business risks
So the thing here is that public policy creates business risk. If you don't enforce sanctions, you can be penalized in a number of different ways, fines, you can be denied access to banks, you can go to jail, and the issues right now are that who controls what changes daily. The sanctions change frequently as well, and you also have to be careful about where you're operating from where the sanctions may be different from a different country.

So you really don't want to run the risk of running afoul of these, but keeping track of them is a pretty big problem.