Tag Archives: Security

CIRA Provides Canadians With Free DNS Firewall To Enhance Security And Privacy

Canada’s ccTLD registry, CIRA, has made the internet a bit safer and more private this week with the launch of CIRA Canadian Shield – a free DNS firewall service that will provide online privacy and security to individuals and families across Canada.

Continue reading CIRA Provides Canadians With Free DNS Firewall To Enhance Security And Privacy

Webinar: How DomainTools and Splunk>Phantom Work in Harmony so you can SOAR

Cybersecurity as an industry is seeing an ever-widening skills gap. As roles go unfilled, practitioners find themselves increasingly unable to meet the needs of their organizations in terms of security posture and maturity. Security Orchestration, Automation, and Response has the ability to help organizations with security processes, automation of specific actions, and intelligently inform teams, with the end goal of efficiency.

With the new features that DomainTools has built into Splunk Phantom, organizations are able to leverage this integration for purpose-built work with the Iris Investigate API. The rich Iris dataset is available not only for ad-hoc research on specific incidents in Splunk Phantom, but also for automated actions in Splunk Phantom playbooks.

In this webinar, learn:

  • How organizations are leveraging DomainTools for Splunk Phantom for Incident Response, IoC Hunting, Network Access Control, and Intelligence Sharing
  • How to get the Single Pane of Glass in Splunk Phantom with DomainTools’ Domain and DNS-based adversary intelligence
  • Where to leverage Domain Risk Score to automate workflows

Join Mark Kendrick, Director of Product Integrations at DomainTools, for this 30 minute webinar on 16 May.

To register, go to: domaintools.com/resources/webinars/how-domaintools-and-splunkphantom-work-in-harmony-so-you-can-soar

New .AT-Report Explains How Austrian Registry Is Working On A Secure Domain Industry

Security is a big topic, not just for domain names, but for the networks that connect, for companies that collect data and many others. In the domain name world domain hijacking, phishing and DNS spoofing are just some of the many risks the industry is facing and is the focus of the latest .at-report from the Austrian registry nic.at.The report looks at what threats internet users are facing and what precautions registries and registrars can take in order to contribute to a stable and trustworthy World Wide Web.Registries are responding to these kinds of scenarios with a full range of security measures. These include the report notes creating services that are designed to provide an additional layer of security for domains and the domain name service such as Anycast Nameserver networks, DNSSEC and the Registry Lock.Registries must be on top of their game from a security point of view and adopt effective information security management systems (ISMS). The report describes how nic.at ISMS successfully acquired ISO 27001 certification this year, putting them in the vanguard of European domain registries.Registrars and their resellers are also involved in the process when it comes to domain security – a priority for the nic.at ISM team, and a focus of its support activities. Measures include keynote talks as well as national security drills in which various IT-related emergency scenarios are simulated and made available to registrars.The report also looks at what is happening at SWITCH, the registry for .ch (Switzerland) and .li (Liechtenstein) by interviewing Michael Hausding, a Security Engineer at SWITCH. It also explains registry locks and how they help make domain names more secure, at how Anycast and DNSSEC make life hard for DNS attackers and the importance of the ISO 27001:2013 security certification nic.at has received.For more information on the above and to download the report, go to:

European ccTLD Registries Address Security Issues With ISO27001: CENTR News

CENTR small logoSecurity is an ongoing issue for the domain name system and TLD registries are at the forefront of dealing with it.

So in 2011 CENTR, on its members’ request, created a Security Working Group for ccTLDs to share security best practices and discuss ways to mitigate security risks, the latest CENTR News highlights.

At a recent workshop in Brussels and for the second time a workshop was dedicated to one topic only, the ISO 27001 security standard.

“Over the past few years I got a lot of questions from colleagues from other ccTLDs about ISO 27001,” Bert ten Brinke, Security Officer with SIDN, Chair of the CENTR Security working group and expert in the field of ISO 27001 told CENTR News. “After a short inventory, the idea was born to organise a workshop completely focused on ISO 27001.”

“ISO forces you to build a process to deal with security risks within and around your organisation and its core tasks,” reported CENTR News. “When everyone involved starts to operate according to this process an organisation’s security will become less dependent on individual employees. Bert ten Brinke feels this is the main reason why ISO 27001 increases the chance of a better secured registry.”

“There are alternative standards that can be useful for ccTLDs and it’s of course possible to build your own processes follow your own standards. But by doing so, you’ll risk having to explain your standard over and over again. Official standards don’t have that issue. They are already accepted and used by a whole community.

“For companies there are a lot of security standards which can be used. Examples are: the American COBIT (Control Objectives for Information and Related Technology), which is an IT governance framework that addresses every aspect of IT and the originally British ISO 27001(International Organization for Standardization). COBIT lays more focus on Risk Management and following Bert ten Brinke it is more difficult to implement than the ISO27001 standard.”

“It is important to build a standard according to your organisation and not the other way around”. This is Bert’s main advice for ccTLDs that are considering implementing systematic security processes by means of an official standard. Furthermore, in order to start implementing security processes in a successful way the full support of the CEO or Managing Director is crucial.

“An ISO certificate is an engagement for the future. When you are certified ISO27001 for the first time this is only the beginning. Each year you have to proof that you are ‘worth’ the certificate and after three years, you have to recertify. For most companies it’s a never ending circle of security improvement.

On registry to recently acquire ISO27001 certification was nic.at, the registry for .at domain names. The announcement was made at the recent Domain Pulse conference held in Salzburg, Austria, and Richard Wein, General Manager, said the certification was proof of the registry’s dedication to security of .at domain names.

Elsewhere in the February 2014 edition of CENTR News, there are articles on CENTR preparations for the next Internet Governance Forum meeting to be held in Istanbul in September. Plus an update on DNSSEC in Europe, which shows there are two-thirds (67%) of registries that have implemented the security standard and a quarter (26%) planning its implementation, which are the findings of a survey of 26 ccTLD registries.

Plus there is a Q&A with Nominet Brand Manager Becky Bradburn and a European ccTLD update.

To download the latest CENTR News, go to https://centr.org/news/european-cctld-news-february-2014.

Second Level Registrations And Other Changes Coming To .UK In 2014

Nominet logoThere are major changes to the .uk ccTLD are coming in 2014 including registrations at the second level, enhanced security, a revised Registrar Agreement and a proposed Data Quality policy is open for comment, the .uk registry, Nominet announced yesterday (20 November).

The change that will catch the public’s eye is registrations at the second level which will mean registrants will be able to register theirname.uk as well as the existing theirname.co.uk.

“In an industry that is seeing an unprecedented level of change with the upcoming introduction of over a thousand new top level domains, we’re hard at work to ensure innovation in .uk keeps UK web users and businesses ahead of the curve,” said Nominet CEO Lesley Cowley.

“At the same time, we’re holding ourselves to a higher standard – expanding the choices available to our customers, upping the bar for security, data quality and the way we engage with our registrars to ensure everyone registering, managing or visiting a website with a domain ending in .uk can be proud to be part of a strong, trusted community.”

The change to add second level registrations will occur in the northern summer of 2014. Over ten million existing .uk customers will be offered the shorter equivalent of their current address, with five years to decide whether they want to use it in addition to, or instead of the domain they already have.

To deal with disputes in the small number of cases where different registrants may have registered, for example, the .co.uk and .org.uk domain, the shorter domain will be offered to the .co.uk registrant.

The wholesale price, that is the price charged to registrars, for the new domains will be £3.50 per year for single year registrations and £2.50 per year for multi-year registrations. This is the same price as a current co.uk domain, ensuring the cost of a domain name will remain a very small proportion (around 1.5% for a small business) of the cost of being online.

All Nominet’s existing domains (.co.uk, .org.uk, .net.uk, .me.uk, .plc.uk, .ltd.uk and .sch.uk) will continue to run as normal.

Nominet is planning a major programme of communication and outreach with its customers to ensure people are aware of the changes, and intends to announce a definitive launch date by February 2014.

Another ccTLD, .nz, has also announced plans to introduce registrations at the second level in 2014.

.UK Security

In other changes, Nominet announced that in Q1 2014 they will be launching new tools to help registrars further enhance the security of their domain portfolios, including a domain-locking tool to protect high value domains from social-engineering attacks.

From Q2 2014, registrars will be offered the opportunity to adopt additional security controls when accessing Nominet’s registry systems, to give the domains they manage a stronger second line of defence against hacking.

Nominet is also exploring ways to work alongside others in the internet community to help businesses address the increasing challenge of cyber-security and take advantage of opportunities to build a trusted online presence.

Work is underway to develop a tool aimed at helping anybody who has a .uk web presence identify when security-related issues are adversely affecting their domain, with a view to encouraging the take up of additional website security features.

A separate initiative is exploring how Nominet can work alongside others in the internet community to offer practical help to small businesses concerned about cyber-security.

Nominet has also developed a data visualisation and analysis tool to assess the behaviour of the domain name system. This has already helped prevent a global exploit of the domain name system and Nominet hopes to deploy this technology in a number of ways to help keep the internet safe.

Registrar Agreement

Another change is to the Registrar Agreement. A final draft of Nominet’s new Registrar Agreement has been published with amendments based on consultation feedback. These include a new, clear policy regarding Nominet’s commitment and expectations around data quality, as well as a decision not to introduce tag fees at this time.

Registrars and other interested stakeholders are invited to submit comments by 20 December 2013. The final version of the agreement is expected to be agreed in early 2014 and registrars will then be given 30 days notice before it comes into force.

Data Quality

As part of their ongoing commitment to raising the standard of information held for .uk registrations, Nominet’s proposed data quality policy has been published [pdf]. It sets out data quality requirements and commitments for Nominet and its registrars moving forward.

Anyone interested in this issue is invited to give their feedback on the proposed policy by 20 December 2013. Feedback will be published (where permission has been granted) in the New Year.

SIDN, ISPs & SURFnet Launch AbuseHUB To Tackle Botnets


[news release] During the ECP’s annual congress at the AFAS Circustheater in Scheveningen, the Abuse Information Exchange officially launched the AbuseHUB. The HUB is a system for the central processing of information about botnet infections in the Netherlands, designed to speed up the detection of infected computers and to bring internet users faster and better help dealing with viruses. The new set-up means botnets can be tackled more effectively and internet security in the Netherlands can be further enhanced. The AbuseHUB is an initiative by seven internet service providers, SURFnet and SIDN, realised with financial support from the Dutch Ministry of Economic Affairs and SIDN.

Number of infections is high and rising
Botnets are networks of computers that, unknown to their owners, have been infected with a virus or other malware, enabling someone else to control them. Botnets are widely used for sending spam and mounting cyber-attacks. In most cases, botnet software barely affects the infected computer. Consequently, the owners are often unaware that anything is wrong. However, the activities of botnets can cause a lot of harm and inconvenience to others. Research by Delft University of Technology suggests that, over a year, between 5 and 10 per cent of consumers in the Netherlands suffer a botnet infection. Abuse IX is determined to get that figure down.

Strength in numbers
Abuse Information Exchange is a joint initiative by the internet service providers KPN, SOLCON, Tele2, UPC, XS4ALL, Zeelandnet and Ziggo, plus SIDN. Established in 2012, the association is a spin-off of ECP – the Platform for the Information Society. The newly formed organisation was strengthened further when SURFnet joined a short while later. Since then, the partners have been busy designing the AbuseHUB, which has been realised by software developer Ibuildings. After thorough testing, the AbuseHUB is now ready for use. Today marks its official launch. “The AbuseHUB will collate and analyse botnet infection reports and send the findings to the affiliated organisations,” explained Gert Wabeke, Chairman of the Abuse Information Exchange. “So, for example, the internet service providers will have an up-to-date picture of reported infections in their network, enabling them to take swift, targeted action to deal with the botnets. That means that we can limit the damage done by the botnets and cut costs.”

Large-scale support
Roelof Meijer, SIDN’s CEO: “To a considerable extent, internet security is down to the individual user. However, it also depends on the involvement of the internet industry and the government. The strength of this initiative is that it comes from within the sector and therefore enjoys a lot of support. We saw the same with the Notice and Take Down Code, which was developed and implemented by the sector of its own volition. The Netherlands is ahead of the game in that respect. We are proud that SIDN has been able to contribute to this initiative by providing technical management of the AbuseHUB. What’s more, through our role as administrator of the .nl domain, we have a lot of information that can be very useful to Exchange members in the fight against botnets. It’s good that we can now make even more effective use of our data. That contributes to the security of the .nl domain and of the internet in the Netherlands. So everyone benefits.”

This SIDN announcement was sourced from:

Indian Center for DNS Security Announced – ICANN and CDAC will launch research center to thwart security threats to DNS

ICANN logo[news release] ICANN today (16 October) announced, in partnership with the Center for Development of Advanced Computing (CDAC), plans to coordinate on the creation of a Center of Excellence in Domain Name System Security in India.

The Center of Excellence is anticipated to work alongside ICANN security staff to design research projects intended to solve critical Domain Name System (DNS) security issues, such as thwarting cyber attacks. The center is also envisioned to be home to a state-of-the-art research laboratory to evaluate and test security solutions.

“This center will play a central role in ensuring the security and stability of the Domain Name System,” said Fadi Chehadé, ICANN President and Chief Executive Officer. “The Internet has become one of the world’s most valued resources and it is deserves nothing less than full global cooperation and collaboration in developing concrete solutions to combat threats to the DNS.”

Fadi Chehadé, along with Dr. Rajat Moona, Director General of CDAC, will sign a letter of intent regarding the building of the center during a signing ceremony at the Internet, Mobile & Digital Economy Conference (IMDEC) IMDEC is a conference organized by the Federation of Indian Chambers of Commerce and Industry (FICCI) in association with the Ministry of Communications and IT. The topic of the conference is Internet to Equinet: Empowering a Billion OnLine”. Minister Kapil Sibal, Indian Minister of Communications and Information Technology, will oversee the signing ceremony.

The Center for Development of Advanced Computing is the research and development arm of India’s Department of Electronics and Information Technology, a part of India’s Ministry of Communications & Information Technology.


For more information about FICCI, please visit:

For more information about the Center for Development of Advanced Computing, please visit:

ICANN: Paul Mockapetris to Serve as Senior Security Advisor to Generic Domains Division

ICANN logoICANN today announced that Paul Mockapetris, inventor of the Internet’s Domain Name System (DNS), has agreed to serve as Senior Security Advisor to the Generic Domains Division and its President, Akram Atallah.

“The Domain Name System has met the needs of the Internet for secure and reliable service and growth in size and function,” said Mockapetris. “I’m looking forward to helping ICANN continue that tradition.”

Mockapetris created the DNS in the 1980s while at the University of Southern California’s Information Sciences Institute. He also has been an active member of the Internet Engineering Task Force since its inception, serving as its chairman from 1994-1996. Paul Mockapetris was also recently named chairman of ICANN‘s Strategy Panel on Identifier Technology Innovation.

This ICANN announcement was sourced from:

ICANN: DNS Security, Stability, and Resiliency Update Added to APWG eCrime 2013 Agenda

ICANN logoThe Antiphishing Working Group (APWG) will host its 10th anniversary meeting 16-19 September in San Francisco. The working agenda for eCrime 2013 continues a trend of focusing greater attention on abuses or misuses of DNS and registration services. During the two-day eCrime Congress, members and attendees will consider the evolution of crimeware, behavioral vulnerabilities and human factors that faciliate eCrime, the roles of Registrars, Registries and DNS in managing phishing attacks, public health approaches to managing eCrime, and reports of current counter-eCrime efforts and successes.

On 19 September, ICANN‘s Security Team will host a DNS Security, Stability, and Resiliency Update on policies and discussion topics of particular interest to the APWG members, including a review of the 2013 Registration Accreditation Agreement (RAA), a presentation on Abuse Recidivism in Domain Registrations, a report on the recommendations [PDF, 92 KB] from the ICANN Expert Working Group on Whois, and a progress report on the IETF working group that is developing a successor Whois protocol (WEIRDS).

Registration and further information can be found here.

This ICANN announcement was sourced from:

US Advertising Body Rants Again Against Coming New gTLDs

They ignored the planning for the introduction of new gTLDs for years. But the Association of National Advertisers has been shaken from its torpor in the last year or so, constantly complaining and saying the end of the world will be nigh if more gTLDs are introduced.The latest complaint from the US-based organisation that represents some of the globe’s largest advertisers jumps on the back of a Verisign report and a letter from PayPal to ICANN saying new gTLDs are not ready to be implemented.The Verisign report outlined a number of areas of “work that is currently not done, and should be completed before any new gTLDs can be deployed in a safe and secure manner.”And the PayPal letter also highlights “significant security issues [that] related to delegating gTLDs that are currently in wide use as de facto, private TLDs as identified by the ICANN Security and Stability Advisory Committee.”The ANA complaint refers to ICANN moving “relentlessly forward toward the April 23rd launch date, while ignoring the concerns voiced by those within and outside ICANN’s own operations.”The ANA complains that “ultimately, ICANN’s premature launch of gTLDs will yield cybersquatting and phishing, among many other cybercrime threats that jeopardise brand and consumer protections. Adequate steps have not been taken to protect Internet users, and we are headed toward uncharted waters with major danger to consumers, brandholders, and the Internet itself. The only prudent action for ICANN now is to delay this arbitrary domain name roll-out until it has fixed these very serious problems.”It is hard to take the ANA complaints seriously given they almost totally ignored participating in the years of planning that went into the introduction of new gTLDs. And when they finally awoke to their introduction, the ANA had to be reminded they had actually made one submission in the process. I guess one is better than none.