Sitemap

Žarko Kecić, CTO RNIDS

TLD Operator’s Role In Cyber Security

With the outbreak of the pandemic, many companies rushed to implement digital technologies to keep their business running. Yet, many of them missed an essential step in securing their digital assets against cyber attacks. With increasing numbers of people using the internet and accessing their business environment, bad actors gain a larger field of operation and benefit significantly from a successful attack

The domain name system (DNS) is one of the most critical components of internet infrastructure and, sadly, one of the most neglected. When a portion of the DNS is compromised or unavailable, users cannot reach related online resources and services. That’s because the DNS runs as the address book for the internet and is responsible for translating Internet Protocol (IP) addresses (series of numbers) into human-friendly domain names. Spoiling some elements of the DNS implies entire parts of the internet becoming unreliable or unreachable. It should therefore come as no surprise that DNS is a top target for cybercriminals.

Running a trustworthy ccTLD

As more people and businesses have been moving online, it has been our duty, as a ccTLD registry, to maintain stable and safe access to internet resources. As in any industry, domain name holders want to be sure that their personal information is adequately protected and that they are provided with top-notch services.

As security risks ramp up, TLD registries must implement thorough protection against security threats on two key aspects: databases of contacts and technical information related to registered domain names and the technical DNS infrastructure critical for public domain name resolution.

Over the last few years, certain security measures have been established to reduce vulnerability to known threats and respond to growing attacks. RNIDS and its registrar partners are now more secure, implementing stiff security protocols to prevent any incident involving the registry’s data and its operations. As a result, we haven’t experienced any registry breaches or operational difficulties, but this doesn’t mean there are no attempts. Like any system connected to the internet, we experience constant probing and attacks against our systems.

Is registry assets security enough to gain our users’ confidence?

One of the main threats faced by RNIDS is the compromise of registrants’ accounts used to update domain name information. That enables the attacker to execute unauthorised changes to domain name data by pointing a domain name toward a compromised online service instead of the appropriate content provided by the registrant. Accordingly, RNIDS has enabled three domain name lock mechanisms for registrants of Serbian national domains. By locking their domain names using an appropriate type of domain name protection, registrants allow only authorised persons to perform changes to the domain name.

Locking domain names, to some extent, prevent phishing and malware distributed via lookalike websites. Lookalike sites are regularly used to distribute malware or execute phishing schemes by replicating financial institutions or government portals to collect valuable personal information to drain bank accounts or steal identities.

Locking the domain name solves only part of the DNS security problems. The Domain Name System (DNS) responds without validating the source, which means it is vulnerable to injecting invalid DNS information and redirecting users to malicious content. This happens every day, all over the world. The estimate is that two-thirds of all cyber-attacks are related to the abuse of the DNS used for criminal acts or censorship of content.

DNSSEC (DNS Security Extension) is a technology that provides mechanisms for protection against the modification of DNS responses and redirecting users to online locations that are potentially harmful. For several years, RNIDS has been enabling Serbian national domains to be DNSSEC signed, in order to protect internet users from becoming victims of cybercriminals. This DNS security extension can be used by all domain name holders, but is almost mandatory for financial institutions and companies that do business oline.

DNS infrastructure security

Attacks against DNS infrastructure have increased in frequency and intensity over recent years. The aggregated bandwidth of millions of compromised “zombie” devices in a botnet has proven disastrous, and even well-equipped targets cannot sustain that amount of traffic. The best practice of TLDs to mitigate large-scale DDoS attacks is to utilise multiple globally distributed DNS anycast providers. RNIDS has responded to the problem by implementing changes to network architecture and introducing rate limits on the number of consecutive queries. Our DNS infrastructure comprises a network of public DNS servers in several geographic locations on all continents.

Trust is vital

A vital element of any TLD operator is trust in the reputation and ability of the registry to manage its namespace and enforce its policies. Where domain name registration is suspicious or engaged in illegal activity, RNIDS may audit the registration by triggering the Registrant Information Validation process via a registrar, thus ensuring that a registrant meets RNIDS registration policy requirements. If the registrant fails to verify that the information provided is correct, the domain name is suspended and cancelled, and no longer poses a threat to internet users.

RNIDS systems process more than 500 million DNS queries on a daily basis, and if someone wants to visit the website or send an e-mail on the .rs or .срб domain names, we ensure that they are directed to the right website; or that the message is delivered to the intended mailbox.

RNIDS strives to contribute to a safer environment for all internet users in Serbia. We thus actively organise educational campaigns and professional meetings to share our knowledge on technical, legal and internet protection issues related to domain names, DNS infrastructure and other issues that fall under our area of expertise.

Conclusion

The terms “secure, stable and resilient” have always been associated with TLD operators. From day one, we have been working to maintain the security, stability and resiliency of the systems that support the .rs and .срб domain names. We keep pace with the technology and cyber security trends and ensure that our customers enjoy the benefits of utilising the Serbian domain namespace.

As a TLD operator, RNIDS constantly monitors its systems to detect incidents and mitigate risk. We are aware that new attack vectors and events are constantly popping up and require continuous attention and the implementation of adjustments and different approaches to adequately defend against changing circumstances.

Tatjana Matić, Ministry Of Trade, Tourism & Telecommunications

New Tech For New Jobs

The development of 5G networks and modern technologies will undoubtedly provide a strong impetus to Serbia’s overall development Despite many of the surrounding countries having...

EPSON

Epson: Tech That’s Hot Yet Heatless

Increase your productivity and reduce your environmental impact without compromise by using Epson inkjet printers that use Heat-Free Technology to deliver advanced benefits Epson Heat-Free...

Slobodan Papak, Fixed Services Segment Manager, Yettel

Hipernet Tv Provides The Best Sports Content

Yettel's Hipernet offer includes fixed Internet, the latest generation TV and fixed telephony services. It uses only the optical network, which guarantees excellent Internet...

Goran Stojadinović, A1 Serbia Enterprise Sales And ICT Solutions Director

Strengthening Digital Life & Operations

We didn’t want to stop at the providing of telco services and internet access, rather we wanted to provide our users with full coverage...

Total Revenues Of Video Game Industry In Serbia Amounted To 125 Million Euros In 2021

The video game industry in Serbia employs 3,000 people who work in 130 gaming companies, with total revenues last...

Leaders Of 44 Countries Invited To The First Meeting Of The European Political Community

Representatives of 44 countries have been invited to the first meeting of the European political community, which will be...

Serbian Flag In Times Square

The flag of Serbia with a message about friendship between Serbia and the United States, as well as an...

Vučić At The UN: What Is The Difference Between The Territorial Integrity Of Ukraine And Serbia?

What is the difference between the territorial integrity of Ukraine and the territorial integrity of Serbia, which was violated...

Scientists In China Create World’s First Cloned Wild Arctic Wolf

The successful cloning of the species which is native to the High Arctic tundra of Canada's Queen Elizabeth Islands,...