Now we can see how end-to-end security measures by as proposed for/by DNSSEC could be handy. <div><br></div><div>It is common to having to be redirected when one uses Google engines: that is how it should be but, the issue of security and authenticity of the "redirecting to where?" concerns me.</div>
<div><br></div><div>I am not very sure but ISPs need to invest heavily on Security as well: It costs but hey! better safe than saving money. </div><div><br></div><div>The same goes to "Internet Security Advisers/Consultants who provide the service: there a need regular update in skills and re-tooling as it may be necessary since security is becoming a major preoccupation us the usage increases (another cost?)</div>
<div><br></div><div>It is true that the business volume in the continent is still growing (or emerging) mostly targeting clients in the Public Sector (that's how it has been) BUT security and stability is global community issue (big and small are equally affected)</div>
<div><br></div><div> My 2 cents</div><div><br></div><div>Yassin </div><div><br></div><div> </div><div> <br><br><div class="gmail_quote">2009/5/16 Anne-Rachel Inné <span dir="ltr"><<a href="mailto:annerachel@gmail.com">annerachel@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div>
</div>
                                
                                
<div>May 15, 2009 <a href="http://www.infoworld.com/t/authentication-and-authorization/google-blames-dns-insecurity-web-site-defacements-722" target="_blank">http://www.infoworld.com/t/authentication-and-authorization/google-blames-dns-insecurity-web-site-defacements-722</a><br>
</div>
                                        <h1>Google blames DNS insecurity for Web site defacements</h1>
                                        <h2>Traffic to Google sites in Uganda, Morocco and Kenya was disrupted this week</h2>
<div>By Rebecca Wanjiku <span>|</span> Computerworld Kenya</div>
                                        <div>                                        
                                                <div><span><a title="ShareThis via email, AIM, social bookmarking and networking sites, etc."><span><br>
</span></a></span></div></div>
                                        
                                        
<p>Domain Name System (DNS) insecurity caused the defacing of Google
Web sites in Uganda and Morocco, according to a Google spokesperson.</p>
<p>Earlier this week, both Google Uganda and Google Morocco were redirecting traffic to different sites. </p><p><b>[ Learn how to secure your systems with Roger Grimes' <a href="http://www.infoworld.com/blogs/roger-grimes?source=fssr" target="_blank">Security Adviser blog</a> and <a href="http://www.infoworld.com/newsletters/subscribe?showlist=infoworld_sec_rpt&source=fssr" target="_blank">Security Central newsletter</a>, both from InfoWorld. ]</b></p>
<p>"Google was not hacked, the problem occurred at the DNS level where
someone redirected the Internet Protocol to other sites. We contacted
the registry managers in Uganda and Morocco about the DNS attack," said
Jay Nancarrow, Google Global Communications Public Affairs officer.</p>
<p>"Yes, someone got hold of the DNS and interrupted service by
redirecting [the] Google Web site and a few other Web sites," said
Charles Musisi, managing director of Computer Frontiers, the operators
of the .ug domain registry.</p>
<p>Google services in Kenya were also temporarily disrupted, though
Nancarrow said the cause of disruption is yet to be identified. </p>
<p>The Google interruption has led to debate about whether Internet
service providers and registry operators were monitoring the security
threats posed by hackers and other malicious attackers. </p>
<p>"Issues of DNS cache poisoning are common in East Africa. ISPs do
not take security seriously, which makes it easier for malicious
hackers," said Tyrus Kamau, a network security consultant.</p>
<p>John Gichuki, a security expert who has helped set up security
safeguards for companies in East Africa, says that the level of
security depends on the security policies set by the information
security department in an organization. </p>
<p>"ISPs should have security assessments done; physical and
operational security; they should be in a position to monitor traffic
going through their routers and servers," said Gichuki.</p>
<br>_______________________________________________<br>
AfrICANN mailing list<br>
<a href="mailto:AfrICANN@afrinic.net">AfrICANN@afrinic.net</a><br>
<a href="https://lists.afrinic.net/mailman/listinfo.cgi/africann" target="_blank">https://lists.afrinic.net/mailman/listinfo.cgi/africann</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>c/o DFID-Nigeria<br>No. 10 Bobo Street<br>Maitama<br>Abuja<br>Nigeria<br><br>Skype: yassinmshana1<br>Mobile: +234-803 970 5117<br><br>Do You really NEED TO PRINT THIS? Sure?<br>
<br>
</div>