Protect advance your org
1 / 30

Protect & Advance Your .ORG - PowerPoint PPT Presentation

  • Uploaded on

Protect & Advance Your .ORG. Lance Wolak, Director of Marketing, Public Interest Registry with Special Guest, Ram Mohan – CTO for Afilias Ltd. 20 March 2008 – 3:30pm EST. Trends in the .ORG Community Domain Protection Strategies Internationalized Domain Names Are they for you?

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Protect & Advance Your .ORG' - alana-huff

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Protect advance your org

Protect & Advance Your .ORG

Lance Wolak, Director of Marketing,

Public Interest Registry

with Special Guest, Ram Mohan – CTO for Afilias Ltd.

20 March 2008 – 3:30pm EST

Protect advance your org

Trends in the .ORG Community

Domain Protection Strategies

Internationalized Domain Names

Are they for you?

DNS Security

Securing Your Core Internet

Trends in the org community

Protect & Advance Your .ORG

Trends in the .ORG community

About org
About .ORG

  • One of the original top-level domains (TLDs), .ORG has become the registry of choice for organizations dedicated to serving the public interest

  • .ORG is where people turn to find credible information, get involved, fund causes and support advocacy.

Do you see these trends
Do You See These Trends?

  • Being “Green” is good again

  • Green has become amoniker for a larger trend, caring about people, environment, and making a difference.

  • Online social networks playing a key role in communications and fundraising

Do you see these trends1
Do You See These Trends?

Convergence and dis-intermediation in media:

  • Organizers can now connect and communicate directly with participants

  • Individuals and small organizations can perform and accomplish like large organizations

One Laptop Per Child


A growing community of people working to create a connected, educated, enlightened future for the world's most essential resource—its children. Nicholas NegroponteFounder and ChairmanOne Laptop Per Child

Org and global trends
.ORG and Global Trends

Well Represented on .ORG

Green Movement / Environmental


Social Networking

Corporate and Individuals “Doing Good”

.ORG is considered the international brand of “Doing Good”

Your .ORG address makes this international brand your brand

“People down here call it ‘the fight of their lives’.”

- Brad PittMIR Founder

Domain protection strategies

Protect & Advance Your .ORG

Domain protection Strategies

Your org name is an asset
Your .ORG Name Is An Asset

  • The value of a .ORG address is unlike that of any other domain

  • However many .ORG domain names expire - for a variety of reasons.

  • If allowed to expire, it can be taken over by another organization, and maybe not in keeping with the original owner’s intent.

    • The process of third parties obtaining expired domain names has become sophisticated, automated, and increasingly popular.

    • The consequences to the original .ORG domain holders can be serious!

Protect your brand and your org identity
Protect Your Brand andYour .ORG Identity

  • Consider purchasing .ORG domain names for more than just your company name:

    • Register a .ORG for your major products and services

    • Register a .ORG for your major campaigns/public service efforts

  • Consider the consequences if another individual or organization reserved the names:

    • Conflicting information presented to the public?

    • Damaging content presented to the public?

What to do
What To Do?

  • Don’t lose control of the .ORG assets - be sure to renew your domain names on schedule.

  • Protect your brand and trademarks through new domain name registrations

  • Verify protection of all your domain names

6 steps to verifying protection of your org names
6 Steps to Verifying Protection of Your .ORG Names

1. Verify Registration of your .ORG

  • A simple visit to the WHOIS database at .ORG’s Web site ( is a good first step. There you can view: the name of the registrant, administrative contact, and technical contact for your .ORG domains. You can also find the name of the registrar through which your .ORG domain was registered.

    2. Verify and update your .ORG Administrative Contacts

  • Consider making it organizational policy to regularly verify and update .ORG domain name information.

    3. Check that email contact data is valid

  • If you can’t be reached by e-mail, it’s possible your domain name will expire without your knowledge. Therefore, it’s essential that the e-mail addresses on file with your registrar be current.

6 steps to verifying protection of your org names1
6 Steps to Verifying Protection of Your .ORG Names

4. Consolidate your domain name management

  • Today it’s easier than ever to transfer domain names from one registrar to another registrar, which helps simplify management of .ORG domain names.

    5. Register your .ORG for the maximum term length

  • .ORG domain names can be registered or renewed in one transaction for up to 10 years. Consider reserving yours for the maximum period of time.

  • Request a Lock on your domain name

    • Prevent unauthorized transfer of your domain name to a third party.

  • Internationalized domain names idn

    Protect & Advance Your .ORG

    Internationalized domain names (IDN)

    Why do you care

    • For all companies, from local businesses to global enterprises, establishing a presence on the Internet is essential.

    • IDNs allow companies to effectively reach markets in their customers' local language.

    • IDNs help companies protect their online brand identity.

      • IDNs enable you to extend and protect your online identity in local markets around the world.

      • Reach your target markets in your customers' preferred language and script by eliminating the need to translate or transliterate your brand into English characters for use as an Internet address.

    Securing your core internet infrastructure using dnssec
    Securing Your Core Internet Infrastructure Using DNSSEC

    Protect & Advance Your .ORG

    Ram Mohan


    • Getting Started

      • Why Care About DNS

      • What Can Go Wrong

    • A Survival Guide

      • Why Techies Created DNSSEC

      • What Can Happen Without DNSSEC

    • Why Should Non-Profits Care

      • Consequences

      • What You Can Do

    • Q&A Session

    Why care about the dns
    Why Care About the DNS

    • Do You Care About Web & Email?

      • DNS decides if your site can be reached

      • DNS determines if your email can be delivered or read

    • Do You Care About Outages?

      • DNS mismanagement can result in “Internet outages” even if your Internet connection is working

    • Do You Care About Security?

      • DNS unsecured can allow visitors to your site to be hijacked

        When downtime is not an option

        Secure DNS makes a huge difference

    What the dns does for you
    What The DNS Does For You

    • Tells machines where to go when you:

      • Type in a web address

      • Send an email

    Name Server





    Name Server


    Do I already have the answer?

    - Send the answer back to resolver

    Else, contact Domain Name Server

    Find the IP address

    Send it back

    Am I online?

    Where should I go to get my answer?

    - My local Internet Service Provider

    Why attack the dns
    Why Attack the DNS

    • Anti-Spam and anti-phishing technologies

      • Technologies that use the DNS to mitigate spam and phishing: $$$ value for the ‘Bad Guys’, stolen identity

    • NewsTickers, RSS feeds

      • Usually no source authentication but supplying false news information via a news ticker or via a news feed can have $$$ benefit for attacker

    • ENUM

      • Mapping telephone numbers to services in the DNS

        • As soon as there is some incentive

    • Adapted from: “DNS Security Technical Overview”, Russ Mundy, 2005

    Protect advance your org

    What Can Go Wrong

    • Forgery

      • The DNS data being returned to your ISP can be forged

        • Especially easy on a wireless network

        • Result: You are transported where you did not mean to go

    • Poisoning

      • The DNS data can be modified

        • Causes your ISP’s cache to have valid but wrong information on where to go

    • Eavesdropping

      • Can intercept your DNS data and just “listen” before passing on

    • Other things that can go wrong:

      • Alteration of zone data - Impersonation of master/cache - Unauthorized updates

    2005 isp attack
    2005 ISP Attack

    • In March-April 2005, users of an ISP had specific spyware, spam and pay-per-click trojans, from redirection sites

    • The ISP’s cache had hundreds of DNS names spoofed…






        Source: Allison Mankin

    Dnssec explained
    DNSSEC Explained

    • DNSSEC is the Internet’s answer to DNS Identity Theft

      • It protects users from DNS attacks

      • It makes systems detect DNS attacks

    • Almost everything in DNSSEC is digitally signed

      • Allows authentication of the ORIGIN of the DNS data

      • Ensures INTEGRITY of the DNS data

    • Digitally signed = “Public Key Cryptography”

      • Secret Private Key, Open Public Key

      • DNS Messages are scrambled using the Private Key – the Public Key is needed to unscramble it [a.k.a. “SIGNING”]

      • You now know WHO sent the message (since private key is unique)

    • If data is MODIFIED, mangled, or otherwise compromised en-route…

      • The signature is no longer valid

        DNSSEC = DNS Security Extensions

    The chain of trust
    The Chain of Trust

    If I trust a public key from someone, I can use that key to verify the signature … and authenticate the source

    • Make sure the root zone key can be trusted

      • Pointers in the root zone point to lower zones (com/org/info/de etc)

      • Each pointer is validated with the previous validated zone key

    • Only the key for the root zone is needed to validate all the DNSSEC keys on the Internet

    • How to update these keys and propagate them are not done yet

    What you can do
    What You Can Do

    • Talk to your web site host provider or technical provider about “Signing your zone” with a DNSSEC key

      • This will automatically protect visitors to your website from being hijacked

      • It will increase the perception and reality of security for your organization

    • Sign up with PIR to become a secured DNS pioneer

      • Eliminate DNS identity theft

      • Ensure safety for your clients

      • Improve your branding

    Technical reading participation
    Technical Reading & Participation

    • What to read:

      • Introductions:

      • Tutorials:

      • How to deploy:

      • Other material:



    • Technical Mailing Lists:

      • - operators and developers working on dnssec

      • - DNS protocol development

      • - operational DNS issues

      • - European Technical Security working group

      • - European DNS working group

    Technical details behind dnssec
    Technical Details behind DNSSEC

    • AUTHENTICATES every set of DNS data – this is called a DNS Resource Record set, or RRs

      • (A records, MX records, DNAMEs, etc, etc)

    • Authenticates absence of DNS data

      • does not exist

    • Creates four new DNS record types

    • Validates using Chain Of Trust

    • Each answer is signed

    • DNSSEC:

      • Provides no CONFIDENTIALITY of DNS data

      • No protection against Denial of Service attacks

    • SSL, IPSec are not enough