APTLD & MYNIC JOINT SURVEY

Transcription

1 INTERNET SECURITY & CCTLDS SURVEY RESULTS 24 th June 2008, Tuesday ccnso meeting, Paris, France

2 Survey Objectives Survey Summary:- For APTLD members to examine the roles and responsibilities of cctlds in Internet security. This survey is on security-related issues when it comes to the registration and renewal of domain names, with a particular focus on fast flux & phishing. The objective of this survey is to facilitate an exchange of information share best practices Assess how cctlds can cooperate & work closely with their respective CERTs on preventing & tackling phishing incidents Assess how cctlds can improve on the security level for customers of domain names Assess what are the security issues currently faced by cctlds 2

3 Q1 No 31.8% Do you have restrictions on who can register a name? Yes 68.2% 3

4 Q2 No, 28.6% Do you or your Registrar or Reseller validate the details of registrants? Yes, 71.4%

5 Q3 Others 13.6% Every Twelve Hours or Less Every Four Hours or Less Every Hour or Less 13.6% 9.1% How often do you update your zone file? 27.3% Dynamically 36.4%

6 Q4 Registrants 52.4% Resellers 28.6% Registrars 52.4%

7 Q5 What does Internet Security mean to you? Protecting the Registry System 100% Protecting Registrants' Information 95.5% Protecting Domain Names 72.7%

8 Q6 Q6 No 9.1% Yes, 90.9%

9 Q7 By fax & letter 35.3% Registrant address & password 29.4% Username & password 82.4%

10 Q8 Yes, 29.4% No, 70.6%

11 Q9 11

12 Q % Request via telephone 54.5% Request via fax or letter Request Online & autogenerated to registrant address 72.7%

13 Q11 Via hard copy verification through fax, 15.4% Via verification 84.6%

14 Q12 Yes, 100%

15 Q13 No 28.6% Yes 71.4%

16 Q14 Via fax 86.7% Via 26.7% Via online form with username & password 33.3%

17 Q % The cctld checks directly with the company or business registry 70.6% Through supporting documents (relevant company or business registration certificates) provided via fax or mail by the registrant 23.5% No verification

18 Q16 IP addresses 71.4% Primary & Secondary Nameservers 85.7% TC's password 57.1% TC's mailing address, fax & telephone numbers and address 78.6% BC's password 50% BC mailing address, fax & telephone numbers and address AC's password 71.4% 78.6% AC mailing address, fax & telephone numbers and address Registrant mailing address, fax & telephone numbers 85.7% 92.9%

19 Q17 Q17 IP addresses Primary & Secondary Nameservers 91.7% 100% TC's password 66.7% TC's mailing address, fax & telephone numbers and address 91.7% BC's password BC's mailing address, fax & telephone numbers and address AC's password AC mailing address, fax & telephone numbers and address Registrant mailing address, fax & telephone numbers and address 41.7% 41.7% 33.3% 50% 41.7%

20 Q18 Supporting documents (relevant company or business registration certificates) provided by fax or mail by new Registrant 75% 91.7% Written authorization from existing Registrant

21 Q19 Registrant via AC 70.6% Reseller 23.5% Registrar 70.6% Registry 76.5%

22 Q20 Letter request via fax & postal mail 50% AC address and password 28.6% AC username and password 28.6% Registrar-Lock 21.4% EPP authinfo codes 42.9%

23 Q21 Yes, 10% No, 90%

24 Q22 A (address) 100% Name servers 33.3%

25 Q23 No 45% Yes 55%

26 Q24 We haven't had names used for phishing, 35.7% Domain names registered by phishers, 64.3%

27 Q25 Impersonation that leads to unauthorized transfer of domain name from rightful registrant to another party, 6.7% Unauthorized DNS configuration changes to Name servers, 6.7% We haven't had any form of Domain Hijacking 86.7%

28 Q26 Q26 Suspend/Delete the domain name 38.5% Notify CERT 15.4% Notify regulatory authority 46.2% Notify registrar 61.5% Notify registrant 53.8%

29 Q27 Members of the public 53.8% Government agents (e.g. regulatory authority) 38.5% Victims (end-users) 61.5% Affected companies (e.g. genuine banks or financial companies impersonated by the phishers) CERTs 53.8% 76.9% Registrar 23.1% Registrant 30.8%

30 Q28 Investment 16.7% Shopping 25% Banking 91.7%

31 Q29 Q29 50% Part of the URL e.g. abcbank.tld/w eb/bank.html Homograph of ASCII domain name e.g. "bank.tld" w here the letter "a" has been faked w ith Russian substitute 20% 40% On subdomain level of the TLD e.g. phishing.abcbank.tld Typo-error of the domain name e.g. "abcbakn.tld" instead of "abcbank.tld" 70% Variations of the domain name e.g. "abcdbank.tld" instead of "abcbank.tld" 40%

32 Q30 Q30 Q30 Directive from regulatory or government authority 76.9% 76.9% Court order Don't suspend/delete at all 7.7%

33 Q31 No, 11.8% Yes, 88.2%

34 Q32 Support legislation against spamming/phishing 50% Cooperate and work closely with CERTs 44.4% Deploy DNSSEC for domain names delegation 22.2% Adopt anti-phishing tools at network level 16.7% Educate registrants on protecting their passwords and address 44.4% Educate registrants on maintaining the accuracy of their contact information 55.6% Hide WHOIS display of BC address 27.8% Hide WHOIS display of AC address 33.3% Strengthen identity verification of Registrant 61.1%

35 Conclusion: Top 5 critical security issues in cctlds mind 2. Spam 5. Cybercrime DDOS attacks 4. Protection of Personal Data 4 3 APTLD & MYNIC JOINT SURVEY 3. Fast Flux & Double Flux

36 22 RESPONDENTS FROM 19 APTLD MEMBERS & ccnso for Phishing survey Presentation by MYNIC Berhad