Tag Archives: CIRA

ICANN: EBERO Providers Selected: Continued Protections for Registrants

ICANN today [26 Aug] announced that it has selected China Internet Network Information Center (CNNIC), the Canadian Internet Registration Authority (CIRA), and Nominet as its Emergency Back-end Registry Operator (EBERO) providers.

An EBERO provider is temporarily activated if a generic Top-Level Domain (gTLD) operator is at risk of failing to sustain critical registry functions. Ensuring the availability of these functions protects registrants, also known as domain name holders, and provides an additional layer of protection to the Domain Name System (DNS), and industry ecosystem.

“CNNIC, CIRA, and Nominet all have the experience, staff, and systems required to execute an efficient transition should an EBERO event occur,” said Cyrus Namazi, Senior Vice President of ICANN‘s Global Domains Division. “Their geographic diversity is also a benefit, enabling nearly continuous coverage across multiple time zones, and the ability to provide services in multiple regions in case of local disasters.”

“We are honoured to be among this select group of trusted registry operators. In a short time period, the CIRA Registry Platform and DNS have been recognized as among the most advanced and robust platforms for managing a top-level domain,” said Dave Chiswell, vice president, product development, CIRA. “When we transitioned .CA to our new platform we incurred only eight hours of downtime. Our technology and know-how enable us to migrate a registry quickly and will be essential should our services ever be required in an emergency.”

EBEROs have demonstrated years of experience in operating domain name services, registration data directory services and extensible provisioning protocol services. Additional requirements for the EBERO service are noted in the Request for Proposal published here.

Click here for more information about the EBERO Program.

About ICANN

ICANN‘s mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.

This ICANN announcement was sourced from: https://www.icann.org/news/announcement-2019-08-26-en. It also includes an additional quote from CIRA’s Dave Chiswell.

CIRA Provides Ultimate Domain Name Security Checklist

The importance of keeping ones domain name secure is something that many organisations and people take for granted. With .ca domain names in mind, but also being applicable to all domain name registrants, the Canadian ccTLD manager CIRA has provided a handy Ultimate Domain Name Security Checklist.

CIRA note “it can be easy to forget just how many applications rely on the DNS to function, and how critical domain names are to the entire internet ecosystem.”

“If you manage a .CA domain name, or any other domain name, it is critical to understand just how central they are to both the functioning of your business and the security of your systems. No matter how small your business is or how insignificant some of your domains may be, if they become compromised they can cause headaches that spread throughout your ecosystem. Even old, unused domains can be used by hackers to infiltrate or embarrass your organization.”

The guide has a checklist of the following records domain name registrants should keep and actions they should take:

  • Where is your domain name registered? Take note of the registrar name and their website.
  • Is two-factor authentication enabled? If not, do it.
  • Who is the DNS provider? Is it the registrar default, a third-party provider?
  • Does the DNS provider have two-factor authentication? If they do, enable it. If not, consider finding one that does.
  • Is the Internal Master DNS service not available for queries? This means the DNS is unable to answer requests over any port except to the external/secondary DNS provider.
  • Is the Internal Master DNS service running latest software? If not, find out why.
  • Do you have a secondary DNS provider? A backup DNS helps protect against DDoS attacks, if your domain name is mission critical you should have one.
  • Does your secondary DNS provider have two-factor authentication enabled?
  • Does your secondary DNS provider have Transaction Signatures (TSIG) enabled?
  • What is the TTL (time to live) for your zone file?
  • Does your domain require an Extended Validation (EV) SSL certificate? Is it enabled?
  • What is the renewal date for your SSL certificate?
  • Who is the registrant contact on your domain? Is their contact information up to date?
  • Who is the technical contact on your domain? Is their contact information up to date?
  • Who is the administrative contact on your domain? Is their contact information up to date?
  • Have you whitelisted the emails coming from your registrar and registry so you can get critical security and technical updates?
  • Do you know who has administrative access to your domain registrar? Make a list and keep it updated.
  • What is the renewal date of your domain? Do you have auto-renew enabled?
  • Have you reviewed the policy rules of your registrar and registry?
  • Have you audited your DNS zone records?
  • Do you have your primary zone file backed up, control tested and working?
  • Is your domain locked at the registry?
  • Do you have your domain name registration records on file? Backed up?
  • Do you have your domain name billing records on file?
  • Do you have any trademark and/or public documents associating you with the domain name on file? Backed up?
  • Do you have any legal document relevant to your domain name on file? Backed up?

The original version of the checklist on CIRA’s website was created in HTML allowing for copy/paste directly into Github, Jira, Confluence, or wherever else workflow is managed. CIRA recommend reviewing and updating once a year.

In their post, CIRA acknowledge the “checklist is pretty exhaustive—some would say it’s the ultimate—if you would like dive deeper into domain name security, we suggest you take a look at A Registrant’s Guide to Protecting Domain Name Registration Accounts from ICANN’s Security and Stability Advisory Committee (SSAC).”

“Our friends at Akamai also recently published a great guide: Protecting your domain names: Taking the first steps. It goes into detail on a few of the items in our checklist and has some great insight.”

To copy/paste the original of the checklist, go to the original version on the CIRA website here.

CIRA Publishes Report On Canadian Perspective On Fake News, Privacy, Cybersecurity And Internet Access

The Canadian Internet Registration Authority (CIRA) released a research report last week displaying Canadians’ opinions and experiences regarding the internet and fake news, privacy, cybersecurity and access. Based on a survey of over 1,200 Canadian internet users in December 2018, the report highlights areas of concern, including apprehension around the upcoming Canadian federal election. The report also indicates what Canadians want from industry, the Canadian government and citizens themselves to create a better internet in Canada.

CIRA’s report offers several recommendations to improve Canada’s internet, including enhanced investments by the Canadian government, actions around cybersecurity and privacy that Canadian businesses can take right away and opportunities for Canadian citizens to improve the internet they rely on every day.

“With the rise of misinformation online and threats to digital privacy and cybersecurity, Canadians are demanding more of government, industry and others when it comes to Canada’s internet,” says CIRA’s CEO Byron Holland. “The question that remains is how best to give Canadians what they want, while maintaining the open, interoperable internet that has become ubiquitous in the lives of most Canadians.”

The report comes out in the lead up to the upcoming
Canadian Internet Governance Forum, taking place this week in Toronto, where internet stakeholders from across the country will meet to discuss these key issues. CIRA is a sponsor, co-organiser and participant.

“There are some basic actions that can be taken today to increase Canadian privacy and security online,” says Jacques Latour, CIRA’s chief security officer. “Canadian businesses must learn and follow privacy laws and make cybersecurity a priority. Governments must invest and participate in local infrastructure such as Canadian internet exchange points to keep data local, and Canadians must learn to spot and avoid personal cyber threats such as phishing emails.”

“With a federal election around the corner, fake news is a real concern and Canadians agree,” says David Fowler, CIRA’s vice president of marketing and communications and vice-chair of MediaSmarts board of directors. “Canadians see social media companies, the government and journalists as key players to halt misinformation online. But citizens themselves have a role to play and increased investments in media literacy will help Canadians spot fake news and thereby thwart its influence.”

To read the full report visit cira.ca/betterinternet.

Some of the key facts on Canadian internet users highlighted by CIRA are:

Of Canadian internet users:

Social media and fake news

· 75% say they come across fake news at least sometimes

  • 57% have been taken in by a fake news item.

· 70% are concerned that fake news could impact the outcome of the next federal election.

Privacy

· 72% are willing to disclose some or a little personal information in exchange for a valuable/convenient service.

· 87% are concerned that businesses with access to customers’ personal data willingly share it with third parties without consent.

· 86% believe it is important that government data, including the personal information of Canadians, be stored and transmitted in Canada only.

Cybersecurity

· 87% are concerned about a potential cyberattack against organizations with access to their personal data.

· Only 19% say they would continue to do business with an organization if their personal data were exposed in a cyberattack.

· 78% are concerned about the potential security threats related to the Internet of Things.

Access

· 69% believe the high cost of internet services, including for mobile data, is hurting Canada’s economy and prosperity.

· 83% believe that universal access to high-speed internet is important for Canada’s overall economic growth and prosperity.

· 70% agree that the Canadian government should be doing more to support public access to high-speed internet.

Internet governance

· 75% say they only know a little or hardly anything about the topic of global control and regulation of the internet.

· 50% are concerned that the global internet could fracture into regional blocks that adopt very different regulatory principles and policies.

  • 66% support the principles of net neutrality.

CIRA Adds .CL and .SG As Clients of Their D-Zone Anycast DNS Service

CIRA announced Monday it has added 2 new ccTLD partners for its D-Zone Anycast DNS service – Singapore (.sg) and Chile (.cl), taking to 10 ccTLDs that use the service, as well as adding 2 new global nodes in Brazil and Japan – as the company best known as the manager of the Canadian ccTLD .ca continues  to spread its wings.

The addition of Singapore Network Information Centre (SGNIC), the country code top level domain manager for .sg and NIC Chile, who manages .cl, adds 180,000 and 570,000 domain names under management respectively to its service.

CIRA now has 25 nodes across the globe providing a robust network that powers D-Zone Anycast DNS for their ccTLD customers which answers approximately 180 million DNS queries per day for its TLD customers to help provide greater resiliency to their networks.

The 10 ccTLDs that now use CIRA’s D-Zone Anycast DNS are .cl, .cr (Costa Rica), .dk (Denmark), .nl (Netherlands), .nu (Niue), .nz (New Zealand), .pt (Portugal), .se (Sweden), .sg and of course Canada’s .ca. D-Zone Anycast DNS answers queries for nine percent of all global ccTLDs domain names.

DNS Anycast technology deploys identical DNS servers in different locations often in different countries. It means that when a node is taken offline, due to maintenance or for nefarious reasons, the end user doesn’t notice and DNS services continue. During a cyberattack, with nodes deployed around the world one node can bear the brunt of an attack leaving others unscathed. For businesses, DNS Anycast services can be deployed to improve performance of websites and load times for web pages. With multiple nodes, the customer is closer to a node and performance improved.

“We were looking for DNS partner with a global reputation and solid infrastructure. We found that partner in CIRA and look forward to a productive relationship,” said Queh Ser Pheng, General Manager of SGNIC.

“CIRA’s global reputation in the ccTLD community provided us with the confidence that we could trust them with our DNS. Our customers demand the highest standards of uptime and security and D-Zone Anycast DNS helps us deliver that,” said Eduardo Mercader Orta, Director of Operations, NIC Chile.

“CIRA is proud to partner with ccTLDs to provide a stable, secure, high performance DNS. Starting with DNS, our relationships have expanded to be true partnerships that include collaboration and information sharing with our ccTLD peers around the globe,” said Mark Gaudet, DNS Program Manager, CIRA.

CIRA Canadian Cybersecurity Survey identifies disconnect between awareness and actions

The Canadian Internet Registration Authority (CIRA) has released its 2018 CIRA Cybersecurity Security Survey which provides an overview of the Canadian cybersecurity landscape.

For the survey, CIRA, the .ca country code top level domain (ccTLD) registry, surveyed 500 individuals with responsibility over IT security decisions at small and medium-sized businesses across Canada to learn more about how they are coping with the increase in cyber threats. The sample included both business owners and employees who manage information technology.

“A key element of building a better online Canada is ensuring Canadians have safe, secure internet access,” said Byron Holland, president & CEO, CIRA. “Through our experience in managing the .CA domain for Canadians, we hope to help lend our expertise in safeguarding Canada’s internet so that Canadian businesses can thrive online.”

In partnership with CIRA’s technology partner, Akamai Technologies, the full report has been released to coincide with Small Business Week in Canada.

“Training and awareness are critical to ensuring your business is cyber-secure,” Jacques Latour, chief security officer, CIRA. “No matter how great your IT team is, anyone with a network-connected device can be the weak point that brings your business down.”

The report’s key findings are:

  • 40 per cent of respondents experienced a cyberattack in the last 12 months. One in ten experienced 20 or more attacks.
  • Among larger businesses with 250-499 employees, the number who experienced an attack increases to 66 per cent
  • 67 per cent of respondents outsource at least part of the cybersecurity footprint to external vendors.
  • While 59 per cent of respondents said they stored personal information from customers, 38 per cent said they were unfamiliar with PIPEDA.
  • One-third of respondents indicated that the most significant impact of a cyberattack is the time and resources required to respond to the incident.
  • 88 per cent of respondents were concerned with the prospect of future cyberattacks, which resulted in 28 per cent suggesting they would add cybersecurity staff in the next year
  • Although 78 per cent were confident in their level of cyber threat preparedness, 37 per cent didn’t have anti-malware protection installed and a shocking 71 per cent did not have a formal patching policy – exposing these organizations to massive security holes
  • Only 54 per cent of small businesses provide cybersecurity training for their employees even though the most common form of malware seen by our respondents, phishing attacks (42 per cent), directly exploit employees as a point of weakness

Read the full report: https://cira.ca/2018-cybersecurity-survey-report

CIRA Explains Why Registering ccTLD Domains Benefits the Local Internet Community

Registering domain names in a country code top level domain often has benefits to that country’s local internet community. In the case of Canada’s ccTLD, Byron Holland, President and CEO of CIRA who manages .ca, recently explained how in a post on the company blog. Continue reading CIRA Explains Why Registering ccTLD Domains Benefits the Local Internet Community

CIRA partners with Akamai to enhance cybersecurity solutions for Canadians

Today, the Canadian Internet Registration Authority (CIRA) announced it has signed an agreement with Akamai Technologies to license Akamai’s DNS security-enabling solutions to power D-Zone DNS Firewall.

This partnership, which builds upon the previous agreement between CIRA and Nominum (acquired by Akamai in 2017), will allow CIRA to continue to expand its leadership position in DNS-based cybersecurity solutions in Canada, and also provides Akamai the opportunity to expand its Canadian presence.

Key facts

  • D-Zone DNS Firewall is powered by Akamai’s DNS Infrastructure and Security and Personalization Services (SPS) solutions, and blocks 1 million domains every month for customers in Canada.
  • In less than a year, CIRA has added more than 800,000 active users to its D-Zone DNS Firewall service.
  • D-Zone DNS Firewall has been received enthusiastically in institutional sectors such as education, health care, and municipalities and is gaining momentum among small and medium-sized businesses in Canada.
  • The recent launch of the D-Zone DNS Firewall e-store provides small businesses with the ability to get up and running with comprehensive malware protection in minutes.
  • The DNS plays a key role in a comprehensive defense-in-depth cybersecurity strategy as 91 percent of all malware uses the DNS for command and control. DNS protection neutralizes malware.
  • CIRA recently published its first annual Canadian Internet Security Survey to further solidify its position as a cybersecurity thought leader in Canada.

Executive quotes

As the world’s largest and most assigned cloud delivery platform, we seek out partners that share our commitment to safe, stable, secure digital experiences. CIRA is a recognized leader in providing those experiences, and we look forward to working with them to bring important and valuable Internet security services to Canada.

Richard Blatt, Business Development Director, Akamai Technologies

As the stewards of the .CA domain, we understand that only by thinking globally can we help build a better online Canada. The majority of threats come from outside our borders, which is why we have combined Akamai’s global cloud security platform with CIRA’s unique knowledge of the Canadian cybersecurity landscape to build a product that protects organizations of all sizes and sectors from malware and ransomware.

Dave Chiswell, VP of product development, CIRA

Additional resources

About the Canadian Internet Registration Authority

The Canadian Internet Registration Authority (CIRA) manages the .CA top-level domain on behalf of all Canadians. CIRA also develops technologies and services—such as D-Zone DNS Firewall—that help support its goal of building a better online Canada. The CIRA team operates one of the fastest-growing country code top-level domains (ccTLD), a high-performance global DNS network, and one of the world’s most advanced back-end registry solutions.

About Akamai

As the world’s largest and most trusted cloud delivery platform, Akamai makes it easier for its customers to provide the best and most secure digital experiences on any device, anytime, anywhere. Akamai’s massively distributed platform is unparalleled in scale with over 200,000 servers across 130 countries, giving customers superior performance and threat protection. Akamai’s portfolio of web and mobile performance, cloud security, enterprise access, and video delivery solutions are supported by exceptional customer service and 24/7 monitoring. To learn why the top financial institutions, e-commerce leaders, media & entertainment providers, and government organizations trust Akamai please visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter.

This CIRA announcement was sourced from:
https://cira.ca/press-releases/cira-partners-akamai-enhance-cybersecurity-solutions-canadians

SIDN Signs Up For nic.at Anycast Network RcodeZero In More Industry Consolidation

The Dutch and Austrian ccTLD managers, SIDN and nic.at, have signed a cooperation agreement under which all domains managed by SIDN will additionally be hosted on the nic.at anycast network RcodeZero DNS. The agreement was announced by SIDN’s CEO Roelof Meijer and nic.at CEO Richard Wein on the sidelines of the ICANN meeting in San Juan, Puerto Rico.

“We are very happy and proud to offer our technical services to the third largest European ccTLD,” says Richard Wein, CEO of nic.at. The agreement covers the almost 6 million domains registered under .nl, .amsterdam, .aw and .politie and sees SIDN becoming the biggest customer of the RcodeZero TLD DNS network. A network which already hosts twelve different TLDs at thirteen highly available redundant locations all over the world.

Roelof Meijer, SIDN’s CEO, explains the reasons why they decided for RcodeZero DNS: “First of all, it was important for us to have a partner under EU jurisdiction and data protection law. Secondly, we were impressed by nic.at’s technical know-how and flexibility, as well as their readiness to develop their product further based on our needs.” In recent years, SIDN has constantly been improving and optimising its DNS infrastructure with anycast partners to guarantee the best possible availability of .nl domains.

RcodeZero DNS will soon be expanded with additional nodes in Australia and South America to provide better performance and lower latency for customers in those areas, too. However, RcodeZero DNS, had other attractions for a technician, as confirmed by Marc Groeneweg, Coordinator of DNS Ops Team at SIDN: “It’s important for us to have comprehensive statistics and real-time DNS traffic information to further analyse our infrastructure, as a basis for continued improvement of our infrastructure.“

The technical work of integrating all Dutch domains into the network has just been completed and the set-up is now ready for public production.

The agreement is a sign of further consolidation and expansion within the top level domain registry industry, using their experiences in areas such as security among others. In the security area, a big issue for business worldwide, the domain name business is one of the leading providers of online security solutions. Some registries, such as nic.at and SWITCH, the Swiss registry operator, also run CERTs.

Others, such as CIRA, the Canadian ccTLD manager, has been active in recent months signing agreements with Uniregistry, DNS.PT (Portugal’s .pt) and InternetNZ (New Zealand’s .nz) to provide global domain name system services. SIDN itself has acquired a controlling stake in Connectis, one of the Netherlands' leading suppliers of secure log-in solutions and redesigned SPIN, their open-source system for protecting the internet and end-users against insecure IoT devices in home networks. And DENIC, the German (.de) ccTLD manager, has been approved as an authorised New gTLD Data Escrow Agent to offer both to ICANN-accredited registrars and registries an escrow service which fully complies with the European legal framework.

CIRA Accelerates Innovation for Non-Profits with Amazon Web Services

Canadian Internet Registration Authority CIRA logo[news release] As part of its ongoing mission to build a better online Canada, the Canadian Internet Registration Authority (CIRA) today announced that it is the first Canadian public sector incubator to take advantage of the broad programs available from Amazon Web Services (AWS) for Canadian public sector startups.

Projects from CIRA’s Community Investment Program will now have access to a variety of AWS programs to help scale up online activities and accelerate the delivery of new products and services.

The Community Investment Program gives back by funding innovative community projects to build a stronger, safer and more accessible internet for all Canadians. The program has built new infrastructure, helped grow Canada’s capacity in digital literacy, enabled non-profits to deliver online services, and better equipped academic researchers to address emerging digital issues.

Key Facts

  • Since launching in 2014, the Community Investment Program has distributed $4.2M in funding to more than 100 projects.
  • The Community Investment Program is entering its fifth year and will be accepting new project applications on January 15.
  • With the AWS Canada Region in December 2016, AWS can host Canadian data in Canada which is essential for many public sector applications.
  • This relationship bolsters the existing $1 million in annual Community Investment Program funding provided by CIRA with in-kind technology and support services that can add up to five per cent to the value of the program.

Executive quotes

We are thrilled that Amazon Web Services is supporting our vision to build a better online Canada. Our Community Investment Program is at the heart of our mandate, and the AWS programs will allow our partners to continue to bring forward innovative projects that improve access, security, and quality of the internet in Canada.

Byron Holland, president & CEO, CIRA

We are passionate about supporting the Canadian startup community, and are proud to help the Community Investment Program by offering the right tools for the right jobs that allow public sector startups to scale and invent.

Jeffrey Kratz, General Manager, Latin America, Canada & Caribbean Regions, Amazon Web Services

Additional resources

For more information on the Community Investment Program visit: https://cira.ca/community-investment-program

About CIRA

The Canadian Internet Registration Authority (CIRA) manages the .CA top-level domain on behalf of all Canadians. A Member-based organization, CIRA also develops and implements policies that support Canada’s internet community, and represents the .CA registry internationally.

This CIRA news release was sourced from:
https://cira.ca/cira-accelerates-innovation-non-profits-amazon-web-services

CIRA Adds .SX To The TLDs It Provides Registry Services For

Canadian Internet Registration Authority CIRA logoCanada’s ccTLD registry, the Canadian Internet Registration Authority (CIRA), has now added .sx (Sint Maarten) to its Fury Registry Platform. CIRA has been on a bit of a “acquisition” role recently with this week’s adding to a number of similar recent announcements.

Wednesday’s announcement says SX Registry SA, who operates the .SX country code top level domain on behalf of the Sint Maarten government, is now running on CIRA’s Fury Registry Platform.

“While we chose the Fury platform due to its advanced features and stability, what truly amazed me was how seamless the migration was,” said Normand Fortier, CEO, SX Registry SA. “As a business person and especially as a registry, I cannot afford downtime, and the CIRA transition team exceeded my most optimistic expectations.”

CIRA describes their Fury Registry Platform as a next-generation TLD management platform with features and functionality designed for the modern TLD business. Fury features a modern interface with role-based access to key registry functions that provide flexibility in pricing, promotion, and domain management to help operators run their business and grow their registry.

Another of the benefits that CIRA touts is Fury’s tags feature—an industry first—enables operators to apply advanced business rules to individual domains or domain groupings to make adjustments to pricing and promotions in real-time.

The migration to Fury took less than 30 days, and was executed seamlessly by the CIRA transition team. Another to have migrated to Fury was .KIWI who adopted the platform last year.

“We developed the Fury Registry Services Platform with the flexibility and agility to manage any modern TLD business,” said Dave Chiswell, Vice President of Product Development, CIRA. “The TLD market is rapidly evolving, and accompanied by the support of CIRA, the FURY platform provides operators with a set of next-generation tools to compete and win.”

The consolidation of registry services is a bit of a global trend as registry operators look for partners to provide services rather than provide bespoke services every time. CIRA has been aggressive in seeking partners and in late October announced Uniregistry and SIDN had signed on to receive CIRA’s D-Zone DNS services for their TLDs. These announcements have followed announcements in February of 2 other joint ventures with the New Zealand and Portuguese ccTLD registries, InternetNZ and Associação DNS.PT, to deliver Anycast DNS services.

Domain Pulse has previously reported of SIDN who manages the .nl (Netherlands) ccTLD with more than 5.7 million domains under management, has itself been branching into other services. Speaking at the Domain Pulse conference in Vienna in February SIDN’s Michiel Henneke said the registry has been experimenting with opportunities in similar areas.

“DNS is required for e-billing so SIDN became a co-creator of a DNS billing service in the Netherlands, but there are few other markets that are as attractive when it comes to revenue as domain names and the e-billing service is just a small part of revenue. We’ve also taken over an e-identity company with 12 million users, so we believe this will be a significant contributor to future revenue.”