|
Operating the DNS in Canada
We’re making the Internet safer for Canadians
The Internet has most certainly become an indispensable resource for businesses, governments and consumers. But it has also become a favourite playground for vandals and criminals. Whether it’s an inconvenient virus, an overload of unwanted spam messages, or an outright illicit activity such as fraud or identity theft, there are countless minor and major threats facing Internet users every minute.
CIRA is not a police service or a public safety organization, and has neither the mandate nor the ability to investigate misuse of the Internet or to prosecute those responsible. But we do play a leading role to help thwart ill intentions in cooperation with international groups, our peer registries in other countries and with industry and government security experts. Of note over the past year was our involvement in repairing what became known as the “Kaminsky vulnerability” and our proactive role in mitigating the Conficker C Internet worm.
THE KAMINSKY VULNERABILITY
Dan Kaminsky, the security researcher who first discovered the DNS vulnerability that now bears his name, described it as “a significant threat … that would allow malicious people to impersonate almost any website on the Internet.” Fortunately, Kaminsky is the very opposite of one of those malicious people, and so he quietly sounded the warning, giving Internet software companies and DNS operators like CIRA time to fix the problem. CIRA was one of the first to respond to Kaminsky’s warnings and took a leading role in galvanizing others in a synchronised effort that simultaneously fixed all affected name servers.
CONFICKER THREATENS CCTLDS
The Conficker C Internet worm that appeared in late March of 2009 was a new kind of worm that, for the first time ever, intentionally used certain country-code top-level domains like dot-ca. With very little time to react to an evolving threat, CIRA quickly crafted and implemented a plan that so far has mitigated the use of dot-ca domains to cause damage. We were also the first country-code domain to proactively communicate with its stakeholders about what we were doing. These actions were part of our ongoing contribution to the stewardship and safeguarding of the Internet.
CIRA PLAYED A LEAD ROLE IN INTERNATIONAL
INTERNET SECURITY EFFORTS
this past year. Not only did we make highly-valued contributions to the response
to specific new threats, we hosted a meeting of DNS-OARC, the Domain Name System Operations, Analysis and Research Center. This was an international forum for the sharing of research on DNS usage and for discussion of DNS-related security issues. We also hosted our own first-ever cyber-security session in conjunction with Public Safety Canada’s Canadian Cyber Incident Response Centre, or CCIRC.
WITH NEW CYBER-SECURITY THREATS NOW TARGETING DNS,
registries such as dot-ca need to be more prepared and the DNS community needs to work closely with the cyber-security community to jointly combat these threats. CIRA contributes to these global efforts through both its technical capabilities and its respected position as a world-class registry.
WEBSITE SPOOFING IS WHAT HAPPENS
when a phony site pretends to be a legitimate one. Often used by fraudsters, website spoofing is becoming more sophisticated as vulnerabilities are detected in the domain name system. A potent new security tool called DNS Security Extensions, or DNSSEC, will soon be part of CIRA’s arsenal of weapons to counter spoofing. With trials this year and an implementation scheduled in 2010, users will have much greater assurance that dot-ca websites and email addresses are who they claim to be.
|
