High-profile websites can fall victim to malicious online actors looking to score propaganda points
VANCOUVER, Feb. 22, 2016 /CNW/ - Today at the national meeting of Canada's Chiefs of Police, the Canadian Internet Registration Authority (CIRA) called on Canada's law enforcement community to protect their domains and DNS from cyber-attacks.
"The DNS is the Achilles heel of the Internet," said Jacques Latour, chief technology officer at CIRA. "When your DNS goes down, your website, your web applications, your email, your web services all fail. It can be devastating to an organization."
Law enforcement agencies, because of their profile in the community, are likely targets for hackers and cyber-criminals.
The Canadian Internet Registration Authority recommends law enforcement immediately take several steps to secure their Internet infrastructure and prevent outages.
- Use an Anycast DNS service: Some legacy web architectures use what is called a unicast DNS. These services offer little redundancy and leave the DNS extremely vulnerable to DDoS attack. Ensure that you have an Anycast DNS solution that can withstand attacks and keep services online.
- Confirm the DNS is properly configured and includes a primary and secondary: Redundancy is important when setting up a world-class DNS configuration, and administrators should confirm that their DNS settings are configured correctly. In testing, CIRA found Canada's DNS availability is startlingly poor, with a lack of redundancy and configuration errors causing 93 per cent of DNS servers in Canada to miss queries over a six month period. For lesser-known websites this may not be an issue, but misconfigurations could leave law enforcement open to attack.
- Use a domain locking service: Any .CA domain can be locked with CIRA to prevent unauthorized changes to the domain settings. This prevents malicious actors from redirecting a domain to a new site with damaging information, a common form of cyber-attack. In 2015 the City of Ottawa's website was redirected to an image of a dancing banana. ISIS sympathizers have also used this tactic to redirect pages to ISIS propaganda.
"As the fist-line of defence against online criminals, we need law enforcement to be leading the way on DNS security," said Latour. "Safe and secure DNS solutions tend to be exceptionally affordable and simple to deploy. I find it troubling that many police forces do not take these simple steps to protect their online services."
Additional resources:
Test your DNS configuration: CIRA offers a simple test that you can use to find critical errors in your DNS configuration. You can access the test for free at dnstests.cira.ca.
Get a free trial of CIRA D-Zone Anycast DNS: CIRA offers a made-in-Canada DNS solution that is ideal for Canadian organizations. IT Managers can learn more about this service with a free trial and sign-up at cira.ca.
About CIRA
The Canadian Internet Registration Authority (CIRA) manages the .CA top-level domain on behalf of all Canadians. A Member-based organization, CIRA also develops and implements policies that support Canada's Internet community, and represents the .CA registry internationally.
SOURCE Canadian Internet Registration Authority (CIRA)
or interview requests: Ryan Saxby Hill, Communications manager, CIRA, [email protected], 613-316-2397
Share this article