Home / Blogs

Co-Operation to Make the Domain Business More Secure

In order to provide more security for the Domain Name System (DNS), a group of large domain-name registries and registrars has got together with IT security providers and government agencies to launch a new workgroup: the “Registry Internet Safety Group” (RISG). The announcement was made by the Public Internet Registry, which operates the .org domain, and its backend provider Afilias. The group’s aims were presented by Afilias’ CTO Ram Mohan at the opening of this year’s Systems IT trade show. On the one hand, security incidents can be communicated quickly within the group, explained Mohan. On the other, the workgroup is also to develop its own regulations for ensuring optimum operational security in the domain registry business.

So far, other members of RISG include the big Neustar registry (.biz and .us) as well as the Dutch, Chinese and UK country-code domain registries. Furthermore, there are a number of major US registries as well as security providers Cyveillance, Symantec and Shinkuro and the US’ FBI. According to Mohan, a national European police authority has also expressed an interest. One big US corporation is still missing, however: registry market leader VeriSign.

As an example for “best practice” procedures, Mohan mentioned the promotion of separate passwords for the individual domains within a portfolio. Until now, the same password has often been used for all the domains held by one customer. This makes all the domains vulnerable if the customer’s account is compromised. The example also demonstrates why the new alliance goes beyond the existing institutions, said Mohan. “Symantec or Syveillance can send a password through their systems to find out whether it has made an appearance there”, he explained. However, the security providers are not part of ICANN (the Internet Corporation for Assigned Names and Numbers), he said.

RISG’s second field of duty is to provide a kind of CERT for the registry business. As soon as a partner discovers a new attack on the DNS, the relevant information is forwarded to all the other partners. The initiators hope that this way they can faster counteract cache poisoning attacks—which compromise the data in the temporary memory of web servers.

RISG was recently introduced at a meeting of the Council of European National Top Level Domain Registries (CENTR). Initial responses to the launch have been tentative. One observer asked, “Is this another committee which defines standards and keeps its competitors out?” “Perhaps this is a little bit of ‘security by press release’”, said another, but did concede that even that could be helpful.

This post has been reproduced here with kind permission from Heise Online.

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API