Nigeria Internet Registration Association (NiRA)

  • banner1.png
  • banner2.jpg
  • banner3.png

AFRINIC 27 MEETING

AFRICA DNS FORUM 2017, Dar es Salaam, Tanzania

Stakeholders from around the globe, in the African Domain name business gathered last week in Dar Es Salaam, Tanzania, for the 5th edition of the Africa Domain Name System Forum 2017, to discuss the topic: Taking stock of the Africa DNS Industry and planning ahead. The forum held 26th to 28th July 2017.

The forum follows up on the success of previous fora that had taken place in Africa over the past few years – namely (South Africa-2013, Nigeria-2014, Kenya-2015 and Morocco-2016).

Organized by the Internet Corporation for Assigned Names and Numbers (ICANN), the Internet Society (ISOC) and Africa Top Level Domains Organization (AfTLD), this year’s Forum was hosted by the Tanzania Network Information Centre (tzNIC).

This annual event enables Registries, Registrars and other stakeholders share experiences, interact and learn from each other about the Domain Name Industry. This year's event was rewarding as it fostered discussions on cross border collaboration among the registries. NiRA was represented at the event. 

One of the key topics of the Forum was the recent released report https://www.icann.org/news/announcement-2-2017-06-24-en, the first of its kind in the region, which provides a detailed analysis of the DNS market for 54 countries. Among other topics that were discussed are:

  • Legal issues affecting African registries, registrars and resellers
  • Securing the African Domain Name System
  • IPv6 and the role of African registries and registrars
  • Emerging trends in the Domain Name System
  • Enhancing automation of our services
  • Building technical capacity of our registries
  • Addressing Governance and regulatory challenges, and
  • Improving our business and marketing skills

 At the conclusion of AFRICA DNS FORUM 2017, NiRA was recognized with an award for its contribution to DNS business in Africa and for hosting the 2nd edition of DNS forum in Africa.

 

AFRINIC 27: AFRINIC TEAM SITE VISIT in NIGERIA

NiRA played host to the AFRINIC Team that came to inspect facilities in the preparation for the AFRINIC 27 meeting, scheduled to hold 27th November to 2nd December 2017 in Lagos, Nigeria.

Part of the planned agenda for AFRINIC-27 is to call on the International Community to increase access to information and communications technology and strive to provide universal and affordable access to the Internet in developing countries. There will also be a strong call for the implementation of IPv6 in Africa.

The team took the opportunity to attend the first day of the LCCI ECTEL EXPO 2017 and had the opportunity to interact with eminent personalities in the ICT Industry in Nigeria. The team was warmly received at all locations and received the assurance that Nigeria would successfully host AFRINIC-27.

DOMAIN NAME REGISTRATION STATISTICS MAY, JUNE & JULY 2017

The fresh domain registrations for July 2017 was 4,363 whilst the renewals for the same month was 2,143. These are the second highest figures in the year 2017. The figures for these periods in 2017 are still higher than the corresponding 2016 registrations. With increase in the number of accredited registrars, domain name registration and renewals are on the increase.

 

Preparing for 100,000 .ng Domains

It has been a very busy week for the entire NIRA team. From preparing to host the AfriNIC-27 meeting in November 2017, to the various workshops and conferences within and outside the country, pushing the .ng adoption is getting stronger by the day.

We do have something to show for it!

The domain count for the Nigerian Country Code Top Level Domain (ccTLD) continues to make impressive gains, month on month. Considering the fact that not all domains that are registered get renewed at the end of the day, we only reckon with the number of active domains in the registry at any point in time.

It is heart-warming that the number of domains in the registry continues to grow in excess of 2,000 domains monthly. This is due to the hard work of the Registrars and the Resellers, in making sure that .ng continues to be the domain of choice for all Nigerians. Thank you for your hard work in this regard.

At the current rate, the number of active .ng domains will cross the 100,000 mark between October and November 2017. It is a milestone that we will celebrate, and is worthy of being celebrated.

We need to get many more people on board, but some Nigerians still live in denial. They claim that the Nigerian string is too long, and sometimes expensive. I went past the delivery truck of a courier company, which for this message, I will call “Distro”, with the domain name distro-ng.com. If the same company had registered distro.com.ng, it is the same length as distro-ng.com and costs much lower.

You can help us enlighten those who are yet to switch to .ng. Government and Nigerian businesses should be proud to fly our identity. When you see such hybrid domain names like distro-ng.com or distronigeria.com, please drop them an email and ask them whether they have heard of .ng before?  Let us now get the word out there. .ng is for us all, and Nigerians should not hesitate to claim their identity and use it.

Let us step up the campaign!

 

Rev’d Sunday Folayan

President, NIRA Executive Board

 

INFORMATION SECURITY: THREATS AND COUNTERMEASURES

Information, according to Merriam-Webster dictionary, is “the communication or reception of knowledge or intelligence”. It was also put as “knowledge obtained from investigation, study or instruction” and likened to facts, data and intelligence. Information Security (sometimes shortened to IS or InfoSec) is the practice of preventing unauthorized access, use, disclosure, modification, inspection or destruction of digital and non-digital information.

 

There are several techniques or methods of social engineering used to attack sensitive, private and confidential information. Some of these are:

Phishing and Spear Phishing techniques focuses on sending out a lot of generalized e-mails with the expectations that only a few people will reveal private information/data. Spear phishing emails require the attacker to perform additional research on their targets in order to trick them into performing requested activities. 

Voice phishing also called Vishing uses a rogue interactive voice response (IVR) system to recreate a legitimate-sounding copy of a bank or other institution's IVR system. The victims are informed to call in to the bank via a number provided in order to verify information. The victims receive the message vie e-mail and more advanced systems transfer the victim to the attacker/phisher, who poses as a customer service agent or security expert for further questioning of the victim.

Watering Hole: a computer attack strategy where the attacker guesses or observes websites a particular group/organization/industry/region often use and infects one or more of them with malware so that the members get infected. Relying on websites that the group trusts makes this strategy efficient, even with groups that are resistant to spear phishing and other forms of phishing.

Online Baiting exploits human curiosity. Attackers create malware-infected floppy disk, CD-ROMs, or USB flash drives and give them legitimate labels that should make people curious to plug them into systems, leave them in locations where people/targets will find them. Inserting the disk into a computer installs malware, giving attacker’s access to the victim's PC and possibly the target company's internal computer network.

Quid Pro Quo Social Engineering Attack aka “something for something”. This is a strategy where an attacker creates/causes a problem for the victim, then gets across to the victim pretending to be a technical support officer or agent or someone that can offer help, the attacker eventually helps the victim get rid of the problem but in the process request the target input commands that allows the attacker launch malware or gives the attacker access. 

Fortunately there are several ways to prevent or mitigate these attacks and they include:

  • Implement data classification in the organization and grant privileges only on “need to know” basis
  • Identify which information is sensitive and evaluate its exposure to exploiters and breakdowns in security systems.
  • Establishing security protocols, policies, and procedures for handling sensitive information.
  • Training employees in security protocols relevant to their position. If a person's identity cannot be verified, then employees must be trained to politely refuse.
  • Specify and train personnel when/where/why/how sensitive information should be handled
  • Perform unannounced, periodic tests of the security framework.
  • Prevent social engineering and other fraudulent tricks or traps by instilling a resistance to persuasion attempts through exposure to similar or related attempts.
  • Enforce approved regular software updates and patches.
  • Install shredding machines in sensitive areas.
  • Don’t throw away or discard old disks carelessly. Ensure proper procedures are maintained for disposal of old computer systems.
  • Conduct security awareness seminars for all staff and vendors who must work within your network.

Companies should thoroughly monitor their websites and networks and then block any traffic, if malicious content is detected. Most times, employees become the moles and create the loop holes to leak information. It is advised that a non-disclosure agreement be signed annually to keep sensitive information undisclosed and make employees more responsible for its safety. Be wise in handling of information and smarter in disclosing information.