Internet security upgrade on course

Internet network. FILE PHOTO | FOTOSEARCH  

By MUTHOKI MUMO

More by this Author

Summary

• Internet users want to trust that the answers they get, the sites that load on their screens, are correct.
• ICANN says that this is simply part of good security practice in the same manner an email user changes their passwords to guard against hackers.
• In 2010, ICANN came up with a solution to resolve this problem by setting up a system to provide a chain of trust for Internet users.

Every time you type an address into your browser you are essentially asking a question to the Internet. The answer is the website that loads seconds later.

Internet users want to trust that the answers they get, the sites that load on their screens, are correct. This may not always be the case, because Internet infrastructure was not designed with security as a primary concern, it is possible for a hacker to intercept your question and give you an answer that may look correct but is essentially wrong.

So, for instance, an Internet user looking for her bank’s online portal might be redirected to a malicious site where her password or even credit card details might be stolen. “The Internet has evolved over time. It used to be a much safer neighbourhood. Now more and more bad guys are coming up with interesting ways to take advantage,” said Mr David Conrad, the Chief Technology Officer (CTO) of the International Corporation for Assigned Names and Numbers (ICANN).

Come October 11 and ICANN will carry out a major overhaul of this system. For the first time since the inception of the Domain Name System Security Extension (DNSSEC), a new cryptographic key pair will be put in place to help ensure the integrity of Internet traffic.

ICANN says that this is simply part of good security practice in the same manner an email user changes their passwords to guard against hackers.

“The general best practice for managing passwords is that you don’t want to not change your password for a while because the longer you leave your password, the more likely it is that someone can guess it,” Mr Conrad told Digital Business.

The stakes are high. About 750 million Internet users could be affected. However, Mr Conrad says if everything goes smoothly then Internet end-users should notice no difference.

On the other hand, if Internet service providers (ISPs) and network operators who have enabled DNSSEC are running old software, their clients may be left in an Internet blackout. ICANN is now on a campaign, urging ISPs and network operators to update their systems and trial their ability to run on the new system using a test bed on the corporation’s website.

Although ICANN says there have been no breaches, it is adamant that the October exercise is essential for continued security of the Internet.

Caught Unawares

Mr Conrad is concerned not about your average hacker, but bigger actors, up to nation-states, getting their hands on the key pair. Therefore, the corporation sees this exercise almost like a drill for a worst-case scenario.

“There has been no hint of compromise, no hint that there is any risk but we want to ensure that the infrastructure allows us to change the key should we ever need to in sort of panic mode,” says Mr Conrad.

How much of the Internet ecosystem will be left out in the cold come October remains to be seen.

“To be truly secure, we need everyone to be on board with DNSSEC. But there are people out there for whom this is not a priority. Raising awareness of the roll over and mobilising everyone is also an expensive undertaking,” said Mr William Makatiani, chief executive of cyber security firm, Serianu.

Of particular concern are smaller enterprises that often rely on outside consultants to set up their IT infrastructure. These businesses may be caught unawares come October. ICANN is a non-profit organisation tasked with coordination and maintenance of various forms of Internet infrastructure.

In 2010, ICANN came up with a solution to resolve this problem by setting up a system to provide a chain of trust for Internet users. At the very top of this chain is a cryptographic key pair which essentially makes sure that Internet users get the correct answers to their questions.