SlideShare a Scribd company logo

CIRA - Protect your Business

Download as PPTX, PDF
Cybera Inc.
Cybera Inc.

While much attention is given to website attacks, domain name hijacking and attacks on the Domain Name System (DNS) are often overlooked. The Canadian Internet Registration Authority (CIRA) tracks and monitors trends on the Canadian and global Internets and provides technology for organizations to help protect their online presence. This talk will provide an overview of domain name and DNS security risks before delving into how domain names are hijacked and the DNS exploited. Presenters will help administrators understand the technology that can be used to help combat hackers, including: - Best practices for securing a domain name portfolio and preventing domain name hijacking - Analysis of typical DNS configurations seen across Canadian municipalities and their associated risks - Methods for strengthening the DNS using Anycast technology - Case studies from recent attacks, describe how they were mitigated, and how they could have been avoided altogether.

Business
1 of 32
DOMAINS (andtheDomainNameSystem)
Why are we looking at this The DNS is as old as WWW so why do we need to learn about it?
Because of this Because of this
And because of this Source: Arbor Networks Digital Attack Map (digitalattackmap.com)
First A stark reality
94% of Higher education websites are exposed to DNS outages 100% are candidates for DNS hijacking
WHO IS CIRA? • The Canadian Internet Registration Authority (CIRA) manages a 100% up time service - the .CA domain name registry for over 2.4 million domains • Provide DNS for .CA, answering 3 billion DNS queries per month • CIRA is a non-profit member-driven organization of 75 employees and an elected 12-person board • CIRA supports the growth of a strong and reliable Internet for all Canadians by investing in Internet projects, and helping to represent Canadian Internet interests around the world The organization responsible for a critical part of the Internet infrastructure, is expanding its services to help organizations secure their DNS systems in Canada
In short  Manage the .CA domain  Provide infrastructure and services  Do good things for the Internet
Agenda • Best practices for protecting your domain name • Best practices for protecting your domain’s DNS • What is happening with new gTLDs (and why it matters to your domain)
Domain Name Protection Owning a domain requires good parenting skills
Domain Hijacking • Domain hijacking could be the act of a hacker using social engineering to trick the technical support workers at a registrar (like GoDaddy, Webnames, Domains at Cost, etc.) into making critical changes to the DNS. • OR…It can be done by the malicious act of someone within your organization
It looks like this…
…or this
Recent Domain Name Hijackings • The dancing banana appeared on the City of Ottawa website (apparently) in response to the arrest of a person who had been arrested for SWATting and other nuisance cyber crimes • The smoking lizard appeared on Air Malaysia’s website just as it was trying to recover from two high profile crashes. What is common with these? They are not traditional targets. They aren’t Microsoft, they aren’t e-commerce sites and they aren’t banks.
The responsibility for locking the domain rests with the IT Administrator • Domain locking is a manual process in a cloud world because it provides the highest level of protection – Not an application – Not a vendor • Highest security Lock Flag placed on your domain that prevents any changes. Turned on and off by CIRA (or other Registries).
Registry Lock • When Registry Lock is applied to a domain name, no attributes of the domain are changeable and no transfer or deletion transactions can be processed against the domain name, with the exception of renewals. .CA, .com, and others all offer this service. • If the Registrant wishes to make any changes to their domain, the Registrant must first work with their Registrar, who will in turn work with the .CA Registry. • The .CA Registry will respond to any lock and unlock requests in under one hour (typically under 5 mins), on a 24x7 basis, so accessing your .CA domain name is not an administrative burden. Registrant Requests unlocking Registrar Key contacts use admin protocols to authenticate with CIRA CIRA Unlocks the domain for the proscribed period of time
Four top tips for managing your domain 1. Conduct a good domain name audit 2. Know your Registrar(s) 3. Keep your .CA contact information current 4. Don't lose control: Renew your domain name We learn a lot by managing a technical support desk. These tips are based on the hundreds of calls we field every day.
Good domain hygiene Oops!
Other Tips and Tricks 1. Don’t let a supplier register your domains 2. Select the right Registrant and Administrative Contacts 3. Avoid free email services 4. Password selection and storage 5. Use security tools provided by your Registrar 6. Whitelist the domain names for your service providers (eg GoDaddy) These sound simple, they are important, and they cause problems to somebody every single day
BESTPRACTICES FORTHEDNS (theAchillesheeloftheInternet)
What does the DNS mean to an Education IT Administrator DNS website email courses schedules accounting maintenance E-learning Assignment submissions conferences Researcher profiles Coop programs Faculty microsites Satellite campuses
EXTERNAL DNS IS VULNERABLE • Failures – equipment, network, power etc. • DDoS attacks – 10% of all attacks are directed at the DNS – DNS resources can be flooded in any type of attack • High latency – global lookups, local DNS servers Authoritative external DNS infrastructure is vulnerable to failures, attack and performance issues
DNS IS MISSION CRITICAL • During a DNS outage websites, web applications, and email are down • DNS outages result in brand damage and/or lost revenue – Losses range from hundreds to millions of dollars per hour – Damage to reputation is another cost • DNS lookups contribute to website performance – 40% of people abandon a website after only 3 seconds – Amazon calculated that a 1 second increase in page load time would result in $1.6 billion in lost revenue per year – Google calculated 400ms delay in returning search results would result in 8 million less searches per day DNS is a mission critical service that requires 100% uptime and low latency
STRENGTHEN DNS WITH ANYCAST Unicast – Traditional DNS deployments • Nameservers are implemented on single nodes, each with a unique IP address Anycast – Adding resiliency to your DNS • Nameservers are implemented on a multiple geographically distributed nodes that share a single IP address • Layer 3 routing sends packets to the geographically nearest nameserver • Built in redundancy, failover and load distribution UNICAST ANYCAST
CHALLENGES WITH ANYCAST Anycast is expensive to setup and operate • High capital expense, high operating expense, complex to manage • Commercial offerings are available as a service • CIRA saw that no commercial organizations were providing a solution for Canada’s Internet
A GLOBAL ANYCAST DNS SERVICE THAT PUTS CANADA AND CANADIAN TRAFFIC FIRST Location Cloud Miami, FL 1 Los Angeles, CA 1 London, UK 1 Hong Kong, CN 1 Calgary, AB 1 Montreal, QC 1 Toronto, ON 1 Winnipeg, MB 1 Location Cloud Vancouver, BC 2 Montreal, QC 2 Toronto, ON 2 Halifax 2
University Customer Example 1000 Queries Per Minute 40M Queries Per Month 60% Canadian 20% US 20% Europe
Summary on Anycast DNS • If you aren’t currently using anycast, then it is worth an investigation • CIRA delivers an anycast solution called D-Zone that several Canadian universities have added to their infrastructure • We are on the show floor and interested in getting every institution in this room on board – it takes less than ten minutes to set up and if it saves one outage, “the service pays for itself many times over”
In summary • Follow-the tips and tricks to avoid administrative headaches and mitigate the risk of bad actors bringing down your applications or embarrassing your institution • Unicast is old. Get an anycast DNS solution to improve the performance, resilience, and DDoS protection for your site Protecting your domains and websites requires the consistent application of best practices – like parenting
D-ZONE Anycast DNS • Contact Mark Gaudet or Shawn Beaton for more information on participating in an enterprise trial of D-Zone Anycast DNS. Mark Gaudet Manager, Business Development Canadian Internet Registration Authority ( CIRA ) Tel: (613) 237-5335 x 223 Cell: (613)-799-5789 www.cira.ca CIRA is inviting CANHEIT participants to evaluate D-Zone Sign up today and receive wireless Bluetooth headphones. (no commitment)

Recommended

Do Universities Dream of Big Data
Do Universities Dream of Big DataDo Universities Dream of Big Data
Do Universities Dream of Big Data
Cybera Inc.
 
Open access and open data: international trends and strategic context
Open access and open data: international trends and strategic contextOpen access and open data: international trends and strategic context
Open access and open data: international trends and strategic context
Cybera Inc.
 
Predicting the Future With Microsoft Bing
Predicting the Future With Microsoft BingPredicting the Future With Microsoft Bing
Predicting the Future With Microsoft Bing
Cybera Inc.
 
Are MOOC's past their peak?
Are MOOC's past their peak?Are MOOC's past their peak?
Are MOOC's past their peak?
Cybera Inc.
 
Privacy, Security & Access to Data
Privacy, Security & Access to DataPrivacy, Security & Access to Data
Privacy, Security & Access to Data
Cybera Inc.
 
Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...
Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...
Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...
Cybera Inc.
 
Analytics 101: How to not fail at analytics
Analytics 101: How to not fail at analyticsAnalytics 101: How to not fail at analytics
Analytics 101: How to not fail at analytics
Cybera Inc.
 
Cyber Summit 2016: Technology, Education, and Democracy
Cyber Summit 2016: Technology, Education, and DemocracyCyber Summit 2016: Technology, Education, and Democracy
Cyber Summit 2016: Technology, Education, and Democracy
Cybera Inc.
 

Recommended

Do Universities Dream of Big Data
Do Universities Dream of Big DataDo Universities Dream of Big Data
Do Universities Dream of Big Data
Cybera Inc.
 
Open access and open data: international trends and strategic context
Open access and open data: international trends and strategic contextOpen access and open data: international trends and strategic context
Open access and open data: international trends and strategic context
Cybera Inc.
 
Predicting the Future With Microsoft Bing
Predicting the Future With Microsoft BingPredicting the Future With Microsoft Bing
Predicting the Future With Microsoft Bing
Cybera Inc.
 
Are MOOC's past their peak?
Are MOOC's past their peak?Are MOOC's past their peak?
Are MOOC's past their peak?
Cybera Inc.
 
Privacy, Security & Access to Data
Privacy, Security & Access to DataPrivacy, Security & Access to Data
Privacy, Security & Access to Data
Cybera Inc.
 
Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...
Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...
Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...
Cybera Inc.
 
Analytics 101: How to not fail at analytics
Analytics 101: How to not fail at analyticsAnalytics 101: How to not fail at analytics
Analytics 101: How to not fail at analytics
Cybera Inc.
 
Cyber Summit 2016: Technology, Education, and Democracy
Cyber Summit 2016: Technology, Education, and DemocracyCyber Summit 2016: Technology, Education, and Democracy
Cyber Summit 2016: Technology, Education, and Democracy
Cybera Inc.
 
Cyber Summit 2016: Understanding Users' (In)Secure Behaviour
Cyber Summit 2016: Understanding Users' (In)Secure BehaviourCyber Summit 2016: Understanding Users' (In)Secure Behaviour
Cyber Summit 2016: Understanding Users' (In)Secure Behaviour
Cybera Inc.
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cybera Inc.
 
Cyber Summit 2016: Research Data and the Canadian Innovation Challenge
Cyber Summit 2016: Research Data and the Canadian Innovation ChallengeCyber Summit 2016: Research Data and the Canadian Innovation Challenge
Cyber Summit 2016: Research Data and the Canadian Innovation Challenge
Cybera Inc.
 
Cyber Summit 2016: Knowing More and Understanding Less in the Age of Big Data
Cyber Summit 2016: Knowing More and Understanding Less in the Age of Big DataCyber Summit 2016: Knowing More and Understanding Less in the Age of Big Data
Cyber Summit 2016: Knowing More and Understanding Less in the Age of Big Data
Cybera Inc.
 
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cybera Inc.
 
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
Cybera Inc.
 
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing DataCyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Cybera Inc.
 
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
Cybera Inc.
 
Opening the doors of the laboratory
Opening the doors of the laboratoryOpening the doors of the laboratory
Opening the doors of the laboratory
Cybera Inc.
 
Open City - Edmonton
Open City - EdmontonOpen City - Edmonton
Open City - Edmonton
Cybera Inc.
 
Unlocking the power of healthcare data
Unlocking the power of healthcare dataUnlocking the power of healthcare data
Unlocking the power of healthcare data
Cybera Inc.
 
Checking in on Healthcare Data Analytics
Checking in on Healthcare Data AnalyticsChecking in on Healthcare Data Analytics
Checking in on Healthcare Data Analytics
Cybera Inc.
 
I didn't know i was a geomatics company
I didn't know i was a geomatics companyI didn't know i was a geomatics company
I didn't know i was a geomatics company
Cybera Inc.
 
Integrating Geospatial into the Everyday
Integrating Geospatial into the EverydayIntegrating Geospatial into the Everyday
Integrating Geospatial into the Everyday
Cybera Inc.
 
From the Traditional to the Virtual
From the Traditional to the VirtualFrom the Traditional to the Virtual
From the Traditional to the Virtual
Cybera Inc.
 
Where is EdTech Heading?
Where is EdTech Heading?Where is EdTech Heading?
Where is EdTech Heading?
Cybera Inc.
 
Digital Social Innovation and the Impact of Data Analytics
Digital Social Innovation and the Impact of Data Analytics Digital Social Innovation and the Impact of Data Analytics
Digital Social Innovation and the Impact of Data Analytics
Cybera Inc.
 
Delivering our Data Driven Future
Delivering our Data Driven FutureDelivering our Data Driven Future
Delivering our Data Driven Future
Cybera Inc.
 
Jordan Engbers - Making an Effective Data Scientist
Jordan Engbers - Making an Effective Data ScientistJordan Engbers - Making an Effective Data Scientist
Jordan Engbers - Making an Effective Data Scientist
Cybera Inc.
 
Calgary OpenStack Meetup January 2015
Calgary OpenStack Meetup January 2015Calgary OpenStack Meetup January 2015
Calgary OpenStack Meetup January 2015
Cybera Inc.
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
anilsa9823
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
anilsa9823
 

More Related Content

More from Cybera Inc.

Cyber Summit 2016: Understanding Users' (In)Secure Behaviour
Cyber Summit 2016: Understanding Users' (In)Secure BehaviourCyber Summit 2016: Understanding Users' (In)Secure Behaviour
Cyber Summit 2016: Understanding Users' (In)Secure Behaviour
Cybera Inc.
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cybera Inc.
 
Cyber Summit 2016: Research Data and the Canadian Innovation Challenge
Cyber Summit 2016: Research Data and the Canadian Innovation ChallengeCyber Summit 2016: Research Data and the Canadian Innovation Challenge
Cyber Summit 2016: Research Data and the Canadian Innovation Challenge
Cybera Inc.
 
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cybera Inc.
 
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
Cybera Inc.
 
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing DataCyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Cybera Inc.
 
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
Cybera Inc.
 
Opening the doors of the laboratory
Opening the doors of the laboratoryOpening the doors of the laboratory
Opening the doors of the laboratory
Cybera Inc.
 
Integrating Geospatial into the Everyday
Integrating Geospatial into the EverydayIntegrating Geospatial into the Everyday
Integrating Geospatial into the Everyday
Cybera Inc.
 
Where is EdTech Heading?
Where is EdTech Heading?Where is EdTech Heading?
Where is EdTech Heading?
Cybera Inc.
 
Jordan Engbers - Making an Effective Data Scientist
Jordan Engbers - Making an Effective Data ScientistJordan Engbers - Making an Effective Data Scientist
Jordan Engbers - Making an Effective Data Scientist
Cybera Inc.
 

More from Cybera Inc. (20)

Cyber Summit 2016: Understanding Users' (In)Secure Behaviour
Cyber Summit 2016: Understanding Users' (In)Secure BehaviourCyber Summit 2016: Understanding Users' (In)Secure Behaviour
Cyber Summit 2016: Understanding Users' (In)Secure Behaviour
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
 
Cyber Summit 2016: Research Data and the Canadian Innovation Challenge
Cyber Summit 2016: Research Data and the Canadian Innovation ChallengeCyber Summit 2016: Research Data and the Canadian Innovation Challenge
Cyber Summit 2016: Research Data and the Canadian Innovation Challenge
 
Cyber Summit 2016: Knowing More and Understanding Less in the Age of Big Data
Cyber Summit 2016: Knowing More and Understanding Less in the Age of Big DataCyber Summit 2016: Knowing More and Understanding Less in the Age of Big Data
Cyber Summit 2016: Knowing More and Understanding Less in the Age of Big Data
 
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
 
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
 
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing DataCyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
 
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
 
Opening the doors of the laboratory
Opening the doors of the laboratoryOpening the doors of the laboratory
Opening the doors of the laboratory
 
Open City - Edmonton
Open City - EdmontonOpen City - Edmonton
Open City - Edmonton
 
Unlocking the power of healthcare data
Unlocking the power of healthcare dataUnlocking the power of healthcare data
Unlocking the power of healthcare data
 
Checking in on Healthcare Data Analytics
Checking in on Healthcare Data AnalyticsChecking in on Healthcare Data Analytics
Checking in on Healthcare Data Analytics
 
I didn't know i was a geomatics company
I didn't know i was a geomatics companyI didn't know i was a geomatics company
I didn't know i was a geomatics company
 
Integrating Geospatial into the Everyday
Integrating Geospatial into the EverydayIntegrating Geospatial into the Everyday
Integrating Geospatial into the Everyday
 
From the Traditional to the Virtual
From the Traditional to the VirtualFrom the Traditional to the Virtual
From the Traditional to the Virtual
 
Where is EdTech Heading?
Where is EdTech Heading?Where is EdTech Heading?
Where is EdTech Heading?
 
Digital Social Innovation and the Impact of Data Analytics
Digital Social Innovation and the Impact of Data Analytics Digital Social Innovation and the Impact of Data Analytics
Digital Social Innovation and the Impact of Data Analytics
 
Delivering our Data Driven Future
Delivering our Data Driven FutureDelivering our Data Driven Future
Delivering our Data Driven Future
 
Jordan Engbers - Making an Effective Data Scientist
Jordan Engbers - Making an Effective Data ScientistJordan Engbers - Making an Effective Data Scientist
Jordan Engbers - Making an Effective Data Scientist
 
Calgary OpenStack Meetup January 2015
Calgary OpenStack Meetup January 2015Calgary OpenStack Meetup January 2015
Calgary OpenStack Meetup January 2015
 

Recently uploaded

Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
anilsa9823
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Delhi Call girls
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
ritikaroy0888
 

Recently uploaded (20)

Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 

CIRA - Protect your Business

  • 1.
  • 3. Why are we looking at this The DNS is as old as WWW so why do we need to learn about it?
  • 5. And because of this Source: Arbor Networks Digital Attack Map (digitalattackmap.com)
  • 7. 94% of Higher education websites are exposed to DNS outages 100% are candidates for DNS hijacking
  • 8. WHO IS CIRA? • The Canadian Internet Registration Authority (CIRA) manages a 100% up time service - the .CA domain name registry for over 2.4 million domains • Provide DNS for .CA, answering 3 billion DNS queries per month • CIRA is a non-profit member-driven organization of 75 employees and an elected 12-person board • CIRA supports the growth of a strong and reliable Internet for all Canadians by investing in Internet projects, and helping to represent Canadian Internet interests around the world The organization responsible for a critical part of the Internet infrastructure, is expanding its services to help organizations secure their DNS systems in Canada
  • 9. In short  Manage the .CA domain  Provide infrastructure and services  Do good things for the Internet
  • 10. Agenda • Best practices for protecting your domain name • Best practices for protecting your domain’s DNS • What is happening with new gTLDs (and why it matters to your domain)
  • 11. Domain Name Protection Owning a domain requires good parenting skills
  • 12. Domain Hijacking • Domain hijacking could be the act of a hacker using social engineering to trick the technical support workers at a registrar (like GoDaddy, Webnames, Domains at Cost, etc.) into making critical changes to the DNS. • OR…It can be done by the malicious act of someone within your organization
  • 13. It looks like this…
  • 15. Recent Domain Name Hijackings • The dancing banana appeared on the City of Ottawa website (apparently) in response to the arrest of a person who had been arrested for SWATting and other nuisance cyber crimes • The smoking lizard appeared on Air Malaysia’s website just as it was trying to recover from two high profile crashes. What is common with these? They are not traditional targets. They aren’t Microsoft, they aren’t e-commerce sites and they aren’t banks.
  • 16. The responsibility for locking the domain rests with the IT Administrator • Domain locking is a manual process in a cloud world because it provides the highest level of protection – Not an application – Not a vendor • Highest security Lock Flag placed on your domain that prevents any changes. Turned on and off by CIRA (or other Registries).
  • 17. Registry Lock • When Registry Lock is applied to a domain name, no attributes of the domain are changeable and no transfer or deletion transactions can be processed against the domain name, with the exception of renewals. .CA, .com, and others all offer this service. • If the Registrant wishes to make any changes to their domain, the Registrant must first work with their Registrar, who will in turn work with the .CA Registry. • The .CA Registry will respond to any lock and unlock requests in under one hour (typically under 5 mins), on a 24x7 basis, so accessing your .CA domain name is not an administrative burden. Registrant Requests unlocking Registrar Key contacts use admin protocols to authenticate with CIRA CIRA Unlocks the domain for the proscribed period of time
  • 18. Four top tips for managing your domain 1. Conduct a good domain name audit 2. Know your Registrar(s) 3. Keep your .CA contact information current 4. Don't lose control: Renew your domain name We learn a lot by managing a technical support desk. These tips are based on the hundreds of calls we field every day.
  • 20. Other Tips and Tricks 1. Don’t let a supplier register your domains 2. Select the right Registrant and Administrative Contacts 3. Avoid free email services 4. Password selection and storage 5. Use security tools provided by your Registrar 6. Whitelist the domain names for your service providers (eg GoDaddy) These sound simple, they are important, and they cause problems to somebody every single day
  • 22. What does the DNS mean to an Education IT Administrator DNS website email courses schedules accounting maintenance E-learning Assignment submissions conferences Researcher profiles Coop programs Faculty microsites Satellite campuses
  • 23. EXTERNAL DNS IS VULNERABLE • Failures – equipment, network, power etc. • DDoS attacks – 10% of all attacks are directed at the DNS – DNS resources can be flooded in any type of attack • High latency – global lookups, local DNS servers Authoritative external DNS infrastructure is vulnerable to failures, attack and performance issues
  • 24. DNS IS MISSION CRITICAL • During a DNS outage websites, web applications, and email are down • DNS outages result in brand damage and/or lost revenue – Losses range from hundreds to millions of dollars per hour – Damage to reputation is another cost • DNS lookups contribute to website performance – 40% of people abandon a website after only 3 seconds – Amazon calculated that a 1 second increase in page load time would result in $1.6 billion in lost revenue per year – Google calculated 400ms delay in returning search results would result in 8 million less searches per day DNS is a mission critical service that requires 100% uptime and low latency
  • 25. STRENGTHEN DNS WITH ANYCAST Unicast – Traditional DNS deployments • Nameservers are implemented on single nodes, each with a unique IP address Anycast – Adding resiliency to your DNS • Nameservers are implemented on a multiple geographically distributed nodes that share a single IP address • Layer 3 routing sends packets to the geographically nearest nameserver • Built in redundancy, failover and load distribution UNICAST ANYCAST
  • 26. CHALLENGES WITH ANYCAST Anycast is expensive to setup and operate • High capital expense, high operating expense, complex to manage • Commercial offerings are available as a service • CIRA saw that no commercial organizations were providing a solution for Canada’s Internet
  • 27. A GLOBAL ANYCAST DNS SERVICE THAT PUTS CANADA AND CANADIAN TRAFFIC FIRST Location Cloud Miami, FL 1 Los Angeles, CA 1 London, UK 1 Hong Kong, CN 1 Calgary, AB 1 Montreal, QC 1 Toronto, ON 1 Winnipeg, MB 1 Location Cloud Vancouver, BC 2 Montreal, QC 2 Toronto, ON 2 Halifax 2
  • 28. University Customer Example 1000 Queries Per Minute 40M Queries Per Month 60% Canadian 20% US 20% Europe
  • 29. Summary on Anycast DNS • If you aren’t currently using anycast, then it is worth an investigation • CIRA delivers an anycast solution called D-Zone that several Canadian universities have added to their infrastructure • We are on the show floor and interested in getting every institution in this room on board – it takes less than ten minutes to set up and if it saves one outage, “the service pays for itself many times over”
  • 30. In summary • Follow-the tips and tricks to avoid administrative headaches and mitigate the risk of bad actors bringing down your applications or embarrassing your institution • Unicast is old. Get an anycast DNS solution to improve the performance, resilience, and DDoS protection for your site Protecting your domains and websites requires the consistent application of best practices – like parenting
  • 31.
  • 32. D-ZONE Anycast DNS • Contact Mark Gaudet or Shawn Beaton for more information on participating in an enterprise trial of D-Zone Anycast DNS. Mark Gaudet Manager, Business Development Canadian Internet Registration Authority ( CIRA ) Tel: (613) 237-5335 x 223 Cell: (613)-799-5789 www.cira.ca CIRA is inviting CANHEIT participants to evaluate D-Zone Sign up today and receive wireless Bluetooth headphones. (no commitment)

Editor's Notes

  1. Many of you are familiar with CIRA the Canadian Internet Registrarion Authority. We are the registry for Canada’s top level counry domain .CA. There are approximately 2.4 million doman names. As part of running the registry we provide 100% uptiime DNS for .CA and answer approximately 3 billion queries per month.
  2. 1) Conduct a good domain audit Many organizations hold a lot more domains than they know. They can be ordered by the marketing department, individual professors, departments, etc. Each one needs to be managed and each one is a potentially embarrassing situation for the organization if they are hacked. 2) Know your Registrar – all modifications to your .CA domain name happen through your Registrar The domain registry is maintained by .CA,but all .CA websites are managed through commercial providers called Registrars. Registrars are your main point of contact for the registration and management of your .CA. domain. It is a good idea to consolidate your domains with one or two registrars to make management easier. Not sure who your Registrar is? You can check at http://whois.cira.ca/.  3) Keep your .CA contact information current Keeping your .CA registration information current is extremely important so you can continue to receive notices about your .CA domain name. Up-to-date contact information identifies the holder of a .CA domain name. Ensuring your contact information is complete helps safeguard your .CA registration, guaranteeing that changes to your .CA can only be initiated by you. Learn more about how to manage the contact information for your .CA.  4. Don't lose control: Renew your domain name Your .CA domain can be renewed any time prior to its expiry date. Alternatively, many Registrars offer an auto-renewal service to automatically renew your .CA domain name on its expiry date. Ask your Registrar if it offers this service.
  3. In 2010 the Dallas Cowboys forgot to renew their domain name – the same day they were announcing the firing of head coach Wade Phillips. There are other examples including India’s largest travel site that lost tens of millions in business and lost a partnership with the State Bank of India for a custom credit card deal. A US bank with over 1700 branches and 2400 ATMs lost their domain and so no customers could do online banking. Waaay back, Microsoft forgot to renew passport.com – critical to all their online applications. The buyer was very nice and gave it back to Microsoft who rewarded him with a $500 cheque - which he then auctioned on ebay with the proceeds going to charity.
  4. 1. Always register your domain name yourself Registrants should always complete their own domain name registration. Do not allow third parties such as web design firms to complete the registration on your behalf. This ensures the domain name is registered in the right name and that you have access to your account to manage the domain. Why is this so important? Some companies will register domain names for clients and do so in their own names. This becomes a problem when the clients and companies part ways and clients discover they no longer have access to the account managing their domain name. This leaves the company who registered the domain in control of the domain name, with the ability to deactivate the website. 2. Select the right Registrant and Administrative Contacts   When you register your domain name, you will be asked to provide contact information for that registration. The most important of these are the administrative and Registrant contact. CIRA and your Registrar only communicate with the Registrant and the administrative contact. Correspondence is sent to the email addresses you provide for those contacts. If the person listed is not the individual responsible for administering the domain name registration, or if the email address is incorrect, expiry and renewal notifications from CIRA or the Registrar will not be received. These notices are critical to ensure continued access to your .CA domain name. 3. Avoid free email services  When providing an email address to list on your domain name and Registrar account, avoid using free email services such as Hotmail or Yahoo. Typically the level of security you receive when using an email address provided by your ISP or hosting company will exceed that of a free email service. 4. Password selection and storage  Select a password for your Registrar account that you haven’t used for any other system or service. It is also recommended you use a strong password (minimum six characters, containing at least one upper case character, one lower case character, a number and a special character). Never provide this information to third parties, including your hosting company. The password should be changed on a regular basis. If you receive an email from your Registrar that contains your password do not store this email in your email client. Passwords should be stored in password keeper software. 5. Use security tools provided by your Registrar   Many Registrars have tools to help you manage your domain name securely, such as setting security questions for your account. These tools are often optional but can help keep your account more secure. Auto-renewal is another tool offered by many Registrars which will help ensure your domain name remains registered and active. Auto-renewal provides your Registrar with the authorization to automatically renew your domain name when it is due for renewal, helping to avoid issues where a domain name is accidentally allowed to expire. 6. Whitelist the domain name for your service providers  Add your Registrars and other service providers, such as your hosting company’s domain name, to your email whitelist or friends list. This will prevent anti-spam software from filtering important messages regarding your domain name.
  5. DNS based DDOS Taking down an DNS server removes and business from the internet DDOS attacks can be aimed at a DNS server and/or use DNS as the attack vector DDOS attack stats on the rise Random subdomain attacks – new type of attack where a random list of subdomains is requested from a name server Solution – capacity, bandwidth, monitoring Adding high query capacity makes a DDOS attack harder Monitoring what is going on with the DNS, is required to know when an attack is happening to allow for Prolexic Quarterly Global DDOS Attack Report Shift from application based attack to attacks using network infrastructure protocols such as DNS, NTP Easy to do and lots of tools, misconfigured
  6. External DNS refers to the authoritative name servers that answer queries for public facing websites. During an external DNS outage you basically disapper from the internet. A DNS outage results in brand damage and lost revenue. Here are some examples of big losses. DNS lookups contribute website performance. Some interesting facts about website performance. The bottom line is that External DNS is a mission critical network service.
  7. Anycast is a great technology for strengthening DNS. Why isn’t used more. Implementing an anycast DNS infrastructure is not practical from a cost or complexity of management for most organizatioons. Fortunately there are commercial offerings that are increasing in adoption. CIRA has recently launched a commercial anycast DNS service. We were upgraded our DNS infrastructure for .CA and decided to make the service commercially available. At the time there weren’t any Canadian Anycast Services and this fits within our CIRA mandate of making the Cdn internet safe an secure. I’ll use D-Zone as an example