1 / 35

.ng Adoption and Cyber-Security Issues

.ng Adoption and Cyber-Security Issues. A presentation by: Abdul-Hakeem B. D. Ajijola info@consultancyss.com. @ the Nigerian Internet Registration Association (NiRA) Workshop for Federal MDAs Thursday, 14 August 2014.

faxon
Download Presentation

.ng Adoption and Cyber-Security Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. .ng Adoption and Cyber-Security Issues A presentation by: Abdul-Hakeem B. D. Ajijola info@consultancyss.com @ the Nigerian Internet Registration Association (NiRA) Workshop for Federal MDAs Thursday, 14 August 2014

  2. Domain Name: A set of strings – 2 at least – separated by a dot. The last string is the TLD. • http://mashable.com/2012/03/15/dot-com-domains-infographic

  3. http://mashable.com/2012/03/15/dot-com-domains-infographic

  4. .com, • .net, • .biz, • .info and • .org • unrestricted and unreserved for specific types of sites • http://mashable.com/2011/06/19/how-many-websites/#view_as_one_page-gallery_box1583

  5. 42,000 domain names have so far been registered in Nigeria . • http://mashable.com/2012/03/15/dot-com-domains-infographic

  6. http://mashable.com/2012/03/15/dot-com-domains-infographic

  7. Domain Name System (DNS) • The key component of naming system that translates a name nira.org.ng into an IP address 74.50.49.158 • It has its origins in the Unix file system • Effectively cyber real estate • http://docstore.mik.ua/orelly/networking_2ndEd/dns/figs/dns4_0101.gif

  8. Nigeria Domain Names • gtld: Generic TLD referring to all domains other than ccTLD. com, net, org, edu, mil are the historical extensions. Others were adopted later: aero, biz, coop, info, museum, name, pro in 2000, then asia, cat, jobs, mobi, tel, post, mail, travel after a call in 2004. Now Africa • ccTLD: Country Code TLD referring to the ISO Country Codification. ccTLDs are considered as a property of national administrations • .ng – Nigeria Domain root • com.ng – open domain, commercial entities and businesses • org.ng – semi-open domain, non-commercial organizations • gov.ng – closed domain, governmental organizations • edu.ng – degree awarding institutions • net.ng – ISP infrastructure • sch.ng - Secondary Schools • name.ng - open domain • mobi.ng - open domain, suitable for mobile devices • mil.ng - closed domain (Nigerian Military Establishments only)

  9. http://mashable.com/2012/03/09/domain-names-101/

  10. Instead of fuming over ncc.gov.ng, consider: • copyrite.gov.ng and • communications.gov.ng • http://mashable.com/2012/03/09/domain-names-101/

  11. http://mashable.com/2012/03/09/domain-names-101/

  12. http://mashable.com/2012/03/09/domain-names-101/

  13. Reliable infrastructure and data integrity • equipment failure, • information misuse • Threats: • distributed denial of service DDOS, • application weaknesses – zero day attacks • social engineering attacks, • zone transfer, • internal and external poisoning • single point of failure • routing hijack • DNS rebinding • Data security and integrity: • disgruntled employees • monetary gain • social engineering Risks

  14. Cybersquatting/ Domain squatting: • Registering domain names with the intent of exploiting the ‘rightful’ owners • The cybersquatter then offers to sell the domain to the person or company who owns a trademark contained within the name at an inflated price (Ransome) • Typosquatting: • Registering domain names that are typo-graphical errors of their target domains, which usually host Web sites with significant traffic e.g. facebooik.com, wkipedia.com, twtter.com, nra.com.ng, nita.com.ng • Domain slamming: • The internet service provider (ISP) or domain name registrar attempts to trick customers of different companies into switching from their existing ISP/ registrar to the scamming ISP/ registrar, under the pretense that the customer is simply renewing their subscription to their old ISP/registrar. Threats

  15. http://www.sunbeltsoftware.com/alex/gblog/typosquatting_20page.pnghttp://www.sunbeltsoftware.com/alex/gblog/typosquatting_20page.png

  16. Series of cyber-attacks started on 27 April 2007 • Cause: Relocation of the Bronze Soldier of Tallinn and war graves • Types of Attack: Defacement, Dos and DDoS Estonia

  17. August 7, 2008 cyber-attacks were launched against Georgian Government websites • Cause: Disputes over South Ossetia, an autonomous and de jure demilitarized Georgian region on the border of Georgia and Russia. • Types of attack: Defacement, Dos and DDoS, Distribution of Instructions and Malicious Software (“war.bat”) Georgia • An image from the Web site of the Georgian Parliament after it had been defaced showing Georgian President Mikheil Saakashvili together with leaders of the Nazi regime • http://kafee.wordpress.com/2008/08/13/cyber-attack-google-and-the-georgian-war/ • Consider Nigerians relationships in the last 12 months with South Africa, Libya & Mali

  18. In January 2011, several government websites were attacked • Cause: Civil Resistance • Types of Attack: DoS and DDoS, defacement • Sites attacked: President, Prime Minister, the Ministry of Industry, the Ministry of Foreign Affairs, Ministry of Justice and the Stock Exchange Tunisia

  19. Stuxnet • http://threatinfo.trendmicro.com/vinfo/web_attacks/WA_images/WA_Worm-Exploit.jpg

  20. Malware Hosting Site • A drive-by download site is a website that hosts one or more exploits that target vulnerabilities in web browsers and browser add-ons. Users with vulnerable computers can be infected with malware simply by visiting such a website, even without attempting to download anything

  21. Security Challenges

  22. Tunisian Experience • Attack Central Bank Clearing house – no cash/ no funds transfers • Attack “cctld” – no website/ no email • Attack critical infrastructure and databases e.g. Telecoms

  23. Be Safe Be Smart Cyber-security starts with you protecting yourself

  24. Passwords: Your password is your signature

  25. Prevention • Social engineering: tricking people is the easiest way to steal domains • Send a dummy email requesting transfer of domain • Your .com/.org/.net domain is only as secure as your mailbox • Use a domain registrar with good security. • Domain theft is extremely common -- webmaster, IT employee or outside vendor who is in control of the domain registrant account, or has access to the registrant login with the registrar.  After a falling out, the ex-partner, employee, consultant, webmaster or web hosting company transfers the domain name from the true owner to their own control.  The first step in preventing domain theft is to control your domain registrant login account with your registrar of choice. • Employee, www.xxxxstateuniversity.edu.ng • The person who has stolen your domain name can shut down your website instantaneously and also your email

  26. Dealing with Domain slamming – ISP Dishonesty • Never share any of your account or personal information with a company that claims to be renewing your domain name. If it were a legitimate renewal the company should already have this information. • Contact your current service provider. Don’t use the contact information from the solicitation as this will probably result in exposing yourself to a trained salesman bent on getting you to transfer your domain name services. • Keep informed about who your current registrar is and when your domain names are coming up for renewal so that when these dishonest solicitations appear you can confidently disregard them. • If you have been victimized by this practice, contact your current registrar as soon as possible so that they may reject the transfer request. Also contact your bank or credit card company to stop the payment. This will further ensure that the transfer does not go through.

  27. Countermeasures • Authoritative DNS Server • A DNS server that contains the mappings between domain names and IP addresses. Domain owners control the information that is stored in the DNS. They may either provide this information to someone that hosts their DNS data for them or they may run an authoritative server themselves. DNS data stored in authoritative servers is often called “zone” data. • Cache Poisoning Attack • Because DNS is central to navigation on the Internet, attackers have developed a variety of tricks to try and exploit it. Cache poisoning attacks attempt to replace legitimate DNS data with fake DNS data. If an attacker can replace DNS data, it can control where users go on the Internet leading to all kinds of problems. For instance, if an attacker can insert a fake record for a bank’s website, they could secretly intercept the bank’s traffic. • Detect and Defend • When an attacker launches a cache poisoning attack, they attempt to bombard a DNS server with fake answers to DNS queries hoping to get their answer accepted by correctly guessing certain values. Detect and defend systems easily defeats this brute force method. When such a server sees answers to DNS queries and the query parameters don’t match, it switches to a TCP connection and requeries the authoritative server. This prevents the attack from being successful.

  28. Dealing with DDoS • Requires a combination of attack detection, traffic classification and response tools, aiming to block traffic that they identify as illegitimate and allow traffic that they identify as legitimate. • Firewalls • Switches and Routers have mechanisms to limit particular data rates from suspect sources • Intelligent hardware placed on the network before traffic reaches the servers and identifies them as priority, regular, or dangerous • Intrusion-prevention systems (IPS) are effective if the attacks have signatures associated with them • Blackholing and sinkholing • With blackholing, all the traffic to the attacked DNS or IP address is sent to a "black hole" (null interface, non-existent server, ...) • Sinkholing routes to a valid IP address which analyzes traffic and rejects bad ones. • Clean pipes: All traffic is passed through a "cleaning center" via a proxy, which separates "bad" traffic (DDoS and also other common internet attacks) and only sends good traffic beyond to the server

  29. Cyberspace Policy: First things first • Lack of knowledge is darker than nightAfrican Proverb • Review current and emerging ICT trends and assess their possible impact on our security with a view to anticipating and proactively outlining policy initiatives, technical solutions and security coordination requirements for the mitigation of identified threats, and exploitation of opportunities, posed by such technologies and trends

  30. Conclusion • Nigeria is building an electronic future upon capabilities, processes and infrastructure that we have not mastered how to protect • Our .ng ccTLD must be secure, trustworthy, robust and reliable to drive the desired knowledge economy • By the year 2020 an MSME based Cyber Security Solutions economic sub-sector should be in place principally driven by suitably empowered knowledge workers below 35 years of age • Human experience demonstrates that it is not technology, infrastructure or finance per-se, but attitude predicated on correct knowledge that positively develops mankind, societies and economies • Combining solutions and not simply running after technology • combinations of hi-tech, low-tech and no-tech

  31. Merci, de votre attention Thank you, for your attention info@consultancyss.com

More Related