ng adoption and cyber-security issues

.NG ADOPTION .NG ADOPTION AND CYBER-AND CYBER-SECURITY SECURITY

ISSUESISSUESA presentation by:

Abdul-Hakeem B. D. [email protected]

1

@ the

NIGERIAN INTERNET REGISTRATION ASSOCIATION (NIRA) WORKSHOP FOR FEDERAL MDAS

Saturday 22 April 2023

mailto:[email protected]

http://mashable.com/2012/03/15/dot-com-domains-infographic

• Domain Name: A set of strings – 2 at least – separated by a dot. The last string is the TLD.



http://mashable.com/2011/06/19/how-many-websites/#view_as_one_page-gallery_box1583

42,000 domain names have so far been registered in Nigeria .




http://docstore.mik.ua/orelly/networking_2ndEd/dns/figs/dns4_0101.gif

DOMAIN NAME SYSTEM (DNS) The key

component of naming system that translates a name nira.org.ng into an IP address 74.50.49.158

It has its origins in the Unix file system

Effectively cyber real estate



• gtld: Generic TLD referring to all domains other than ccTLD. com, net, org, edu, mil are the historical extensions. Others were adopted later: aero, biz, coop, info, museum, name, pro in 2000, then asia, cat, jobs, mobi, tel, post, mail, travel after a call in 2004. Now Africa

• ccTLD: Country Code TLD referring to the ISO Country Codification. ccTLDs are considered as a property of national administrations

• .ng – Nigeria Domain root– com.ng – open domain, commercial entities and businesses

–org.ng – semi-open domain, non-commercial organizations–gov.ng – closed domain, governmental organizations–edu.ng – degree awarding institutions–net.ng – ISP infrastructure– sch.ng - Secondary Schools–name.ng - open domain–mobi.ng - open domain, suitable for mobile devices–mil.ng - closed domain (Nigerian Military Establishments only)

NIGERIA DOMAIN NAMES

http://mashable.com/2012/03/09/domain-names-101/

RISKS• Reliable infrastructure and data integrity

– equipment failure, – information misuse

• Threats: – distributed denial of service DDOS, – application weaknesses – zero day attacks – social engineering attacks, – zone transfer, – internal and external poisoning – single point of failure – routing hijack – DNS rebinding

• Data security and integrity:– disgruntled employees – monetary gain – social engineering

THREATS• Cybersquatting/ Domain squatting:

– Registering domain names with the intent of exploiting the ‘rightful’ owners

– The cybersquatter then offers to sell the domain to the person or company who owns a trademark contained within the name at an inflated price (Ransome)

• Typosquatting:– Registering domain names that are typo-

graphical errors of their target domains, which usually host Web sites with significant traffic e.g. facebooik.com, wkipedia.com, twtter.com, nra.com.ng, nita.com.ng

• Domain slamming:– The internet service provider (ISP) or

domain name registrar attempts to trick customers of different companies into switching from their existing ISP/ registrar to the scamming ISP/ registrar, under the pretense that the customer is simply renewing their subscription to their old ISP/registrar.

http://en.wikipedia.org/wiki/Internet_service_provider

http://en.wikipedia.org/wiki/Internet_service_provider

http://en.wikipedia.org/wiki/Domain_name_registrar

http://www.sunbeltsoftware.com/alex/gblog/typosquatting_20page.png

ESTONIA• Series of cyber-

attacks started on 27 April 2007

• Cause: Relocation of the Bronze Soldier of Tallinn and war graves

• Types of Attack: Defacement, Dos and DDoS

GEORGIA• August 7, 2008 cyber-attacks were launched against Georgian Government websites

• Cause: Disputes over South Ossetia, an autonomous and de jure demilitarized Georgian region on the border of Georgia and Russia.

• Types of attack: Defacement, Dos and DDoS, Distribution of Instructions and Malicious Software (“war.bat”)

An image from the Web site of the Georgian Parliament after it had been defaced showing Georgian President Mikheil Saakashvili together with leaders of the Nazi regimehttp://kafee.wordpress.com/2008/08/13/cyber-attack-google-and-the-georgian-war/

Consider Nigerians relationships in the last 12 months with South Africa, Libya & Mali

TUNISIA• In January 2011,

several government websites were attacked

• Cause: Civil Resistance

• Types of Attack: DoS and DDoS, defacement

• Sites attacked: President, Prime Minister, the Ministry of Industry, the Ministry of Foreign Affairs, Ministry of Justice and the Stock Exchange

21http://threatinfo.trendmicro.com/vinfo/web_attacks/WA_images/WA_Worm-Exploit.jpg

STUXNET

• A drive-by download site is a website that hosts one or more exploits that target vulnerabilities in web browsers and browser add-ons. Users with vulnerable computers can be infected with malware simply by visiting such a website, even without attempting to download anything

MALWARE HOSTING SITE

SECURITY CHALLENGES

Tunisian ExperienceAttack Central Bank Clearing house – no cash/ no funds transfersAttack “cctld” – no website/ no emailAttack critical infrastructure and databases e.g. Telecoms

Cyber-Cyber-security security

starts with starts with you you

protecting protecting yourselfyourself

BE SAFE BE SMART

Saturday 22 April 2023

PASSWORDS: YOUR PASSWORD IS YOUR SIGNATURE

• Social engineering: tricking people is the easiest way to steal domains– Send a dummy email requesting transfer of

domain– Your .com/.org/.net domain is only as secure as

your mailbox– Use a domain registrar with good security.

• Domain theft is extremely common -- webmaster, IT employee or outside vendor who is in control of the domain registrant account, or has access to the registrant login with the registrar. After a falling out, the ex-partner, employee, consultant, webmaster or web hosting company transfers the domain name from the true owner to their own control. The first step in preventing domain theft is to control your domain registrant login account with your registrar of choice.– Employee, www.xxxxstateuniversity.edu.ng

• The person who has stolen your domain name can shut down your website instantaneously and also your email

PREVENTION

Never share any of your account or personal information with a company that claims to be renewing your domain name. If it were a legitimate renewal the company should already have this information.

Contact your current service provider. Don’t use the contact information from the solicitation as this will probably result in exposing yourself to a trained salesman bent on getting you to transfer your domain name services.

Keep informed about who your current registrar is and when your domain names are coming up for renewal so that when these dishonest solicitations appear you can confidently disregard them.

If you have been victimized by this practice, contact your current registrar as soon as possible so that they may reject the transfer request. Also contact your bank or credit card company to stop the payment. This will further ensure that the transfer does not go through.

DEALING WITH DOMAIN SLAMMING – ISP DISHONESTY

COUNTERMEASURES• Authoritative DNS Server

– A DNS server that contains the mappings between domain names and IP addresses. Domain owners control the information that is stored in the DNS. They may either provide this information to someone that hosts their DNS data for them or they may run an authoritative server themselves. DNS data stored in authoritative servers is often called “zone” data.

• Cache Poisoning Attack– Because DNS is central to navigation on the Internet, attackers have

developed a variety of tricks to try and exploit it. Cache poisoning attacks attempt to replace legitimate DNS data with fake DNS data. If an attacker can replace DNS data, it can control where users go on the Internet leading to all kinds of problems. For instance, if an attacker can insert a fake record for a bank’s website, they could secretly intercept the bank’s traffic.

• Detect and Defend– When an attacker launches a cache poisoning attack, they attempt to

bombard a DNS server with fake answers to DNS queries hoping to get their answer accepted by correctly guessing certain values. Detect and defend systems easily defeats this brute force method. When such a server sees answers to DNS queries and the query parameters don’t match, it switches to a TCP connection and requeries the authoritative server. This prevents the attack from being successful.

DEALING WITH DDOS• Requires a combination of attack detection, traffic

classification and response tools, aiming to block traffic that they identify as illegitimate and allow traffic that they identify as legitimate.

• Firewalls• Switches and Routers have mechanisms to limit particular

data rates from suspect sources• Intelligent hardware placed on the network before traffic

reaches the servers and identifies them as priority, regular, or dangerous

• Intrusion-prevention systems (IPS) are effective if the attacks have signatures associated with them

• Blackholing and sinkholing– With blackholing, all the traffic to the attacked DNS or IP

address is sent to a "black hole" (null interface, non-existent server, ...)

– Sinkholing routes to a valid IP address which analyzes traffic and rejects bad ones.

• Clean pipes: All traffic is passed through a "cleaning center" via a proxy, which separates "bad" traffic (DDoS and also other common internet attacks) and only sends good traffic beyond to the server

CYBERSPACE POLICY: FIRST THINGS FIRST

• LACK OF KNOWLEDGE IS DARKER THAN NIGHT African Proverb• Review current and emerging ICT trends and assess their possible impact on our security with a view to anticipating and proactively outlining policy initiatives, technical solutions and security coordination requirements for the mitigation of identified threats, and exploitation of opportunities, posed by such technologies and trends

• Nigeria is building an electronic future upon capabilities, processes and infrastructure that we have not mastered how to protect

• Our .ng ccTLD must be secure, trustworthy, robust and reliable to drive the desired knowledge economy

• By the year 2020 an MSME based Cyber Security Solutions economic sub-sector should be in place principally driven by suitably empowered knowledge workers below 35 years of age

• Human experience demonstrates that it is not technology, infrastructure or finance per-se, but attitude predicated on correct knowledge that positively develops mankind, societies and economies

CONCLUSION

Thank you, for

your attentio

n

Merci, Merci, de votre de votre attentioattentio

[email protected]

ng adoption and cyber-security issues

Documents