Dutch registry releases scathing report on .nl domain security

News by Roi Perez

SIDN, the Dutch domain registry, has released a report which says banking has less than ideal DNSSEC.

According to new a report by SIDN, the organisation that runs the .nl domain, Dutch domain names don't have adequate DNSSEC security.

The DNSSEC Inventory 2017 (currently only in Dutch) describes the DNSSEC security status of the Netherlands' most important domain names, of which the biggest offenders are the Dutch banking industry.

Forty-six percent of all .nl domains have digital signatures. However, the banking sector (six percent) and ISPs (22 percent) are lagging behind other sectors when it comes to protecting domain names with DNSSEC.

By contrast, government bodies have made great progress in the last three years.

DNSSEC involves the cryptographic protection of domain name information. It makes the internet's 'signpost system' more secure and more reliable. If a domain name is secured with DNSSEC, people who want to visit the associated website are protected against being misdirected to a fraudster's IP address.

Without DNSSEC, there's a risk that, despite entering the right domain name, people will end up on a fake site set up to trick them. DNSSEC also forms the basis for new applications, such as systems for making e-mail safer and easily sharing cryptographic keys for securing internet communications.

With elections to the lower house of the Dutch parliament coming up on 15 March 2017, SIDN decided to include the domain names of political parties, information sites and research bureaus in its inventory. 54 percent of the 74 domains covered by the inventory had DNSSEC security flaws.

A previous inventory in 2014 found that financial service providers, listed companies, government organisations and internet service providers were lagging a long way behind other sectors.

Since then, the number of signed domain names in all the underperforming sectors has risen, but most remain disappointing compared with the pace-setters. Government organisations form an exception, however: they are doing much better than three years ago. Back then, just 11 per cent of government websites were secured. Now the figure stands at 59 percent, putting the government third in the sector league table.

For the DNSSEC Inventory 2017, SIDN analysed more than seven thousand domain names in four general sectors: financial services, the public sector, internet and telecom service providers, and listed companies.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop