08 December 2009

DNS

Posts relating to the category tag "DNS" are listed below.

08 December 2009

Your UK Web Site Can Be Shut Down

The use of particular top-level country domain names (e.g. .co.uk or .com) does add an element of trust to a visitor's impression of the site. On Thursday, the Metropolitan Police's Central e-Crime Unit (PCeU) closed 1,219 web sites selling fake designer goods.

Photograph of a painted wooden shop shutter with the word 'CLOSED' painted on itWhilst I'm not suggesting that any readers of this blog were operating these sites, it is worth bearing in mind the sanctions that can be applied by the government for illegal trading. In this case, Nominet who maintain the register for .uk domains, were asked to take down the domain names to protect consumers and companies selling legitimate goods.

If the fake sites had not been on .co.uk domain, they may have been less able to con consumers into parting with their money and not receiving anything or buying counterfeit products, and the PCeU would have had a harder time taking action. Providing sufficient evidence has been gained, it appears these measures were appropriate in the circumstances.

Posted on: 08 December 2009 at 11:31 hrs

Comments Comments (0) | Permalink | Send Send

16 October 2009

Warning: Punctuation Marks Can Damage Your Web Site

It seems a missing full stop brought down every web site hosted on a domain ending with .se (the top-level domain for Sweden) on Monday evening.

Partial picture of Table 4/T.50, the basic 7-bit code table, from the ITU-T Recommendation T.50

The .SE registry had apparently performed an incorrect software update but actually a script (program written by a human) had failed to add a terminating full stop (.) to the DNS records in the .se zone. Tested? I guess not.

It reminded me of Google's mishap in May when it flagged every site as potentially harmful by simply adding an extra forward slash (/) character to a file.

And, simple punctuation mistakes can invalidate the HTML of your web page, or stop your application's scripts from running. In July Microsoft created a security flaw in Windows by the addition of an extra ampersand (&) character.

Tim Berners-Lee is still wishing he hadn't put two forward slashes in every URL.

The mighty power of a punctuation mark.

Posted on: 16 October 2009 at 15:24 hrs

Comments Comments (0) | Permalink | Send Send

29 September 2009

IP Address Restrictions and Exceptions

It's common for access to some web sites to be restricted to users from particular Internet Protocol (IP) addresses. This is usually in addition to some other identification and authentication method. But other IP addresses are often added to this "allow list" and these should not necessarily be trusted in the same way.

Photograph of a sign with an exclamation mark on a yellow triangle that reads 'Caution - Traffic management Trial - DO NOT MOVE' on a construction site boundary's wire barrier

In a typical scenario, a web site hosted on the internet that is used to administer another web application might be restricted to the company's own IP addresses. Then the developers say they need to check something on the live site, or another server needs to index the content, or someone wants to work from home for a while, or the site needs to be demonstrated at a client's location. All these additional IP addresses are added to the "allow list". These restrictions may be being applied at a network firewall, traffic management system, at the web server, in the application itself, in intrusion detection systems or in log analytical software, or in many of these. These are difficult to manage and in time there will be many IP addresses that no-one knows why they are allowed unless they are carefully documented, and subject to a fixed time limit when they are confirmed again by an appropriate person or removed. These extra addresses are quite often hard for someone else to guess.

However, there is another area where IP addresses are added to "allow lists", and this is for remote monitoring and testing services. These might be checking uptime, response times, content changes, HTML validation or security testing. The service providers publish the IP addresses of the source systems so that companies can specifically allow access to their web sites. Since the number of these services is relatively small, it's not too difficult to find which one might give access to areas of a web site or web application that the public (and malicious people) should not be able to get to. The particular danger here is that the IP addresses might be excluded from monitoring and logging, and therefore even a diligent web site manager might not realise for example the uptime monitoring service is making unusual, or excessive, requests.

Although it is not likely a malicious person is using this "trusted" address unless routing has been compromised as well, problems can go undetected, from what might seem to be a legitimate source. The IP address may have been typed incorrectly, or worse, the restrictions/exceptions may not have been implemented correctly allowing more addresses to have the privileged access than intended. Not logging a user's session is privileged access.

Allow traffic through, but be very specific what is allowed and monitor what's going on. Review all the exceptions periodically. Be especially careful about anything that bypasses authentication (such as allowing a search engine to crawl restricted-access content) on an otherwise public site.

Posted on: 29 September 2009 at 10:18 hrs

Comments Comments (0) | Permalink | Send Send

13 November 2008

A Cry for Help Which Made Me Want to Cry

E-consultancy.com has many excellent online marketing and e-commerce resources, and I read the blogs and forums regularly. The following posting appeared on the forum a couple of days ago:

Partial screen capture of posting to the e-consultancy.com forums asking 'Can anyone tell me if there is a way of finding out who hosts your website? We need to find out who is hosting our website any help would be appreciated.'

This cry for help worried me. Although the forum replies were helpful, it did make me wonder how many other web site owners have no idea where their web site is hosted.

If this is really the case here, it probably means the owner doesn't have all the resources to rebuild the site elsewhere and possibly is without back-ups of the data. And what about the intellectual property ownership? It's something which all developers should be discussing with their customers. My first suggestion would have been to contact the development company. A cursory examination of the source code reveals:

Partial screen capture of page source code with a commented out hyperlink to the designers Osmodus

This company even showcases the site:

Partial screen capture showing the Gluttonous Gardener web site featured on the Osmodus portfolio pages

Now, we have no idea of the background and cannot guess if there is anything amiss. But the site is a card payment enabled e-commerce site, and surely the owner has had to comply with the Payment Card Industry (PCI) Security Standards Council's Data Security Standard (DSS)? Knowing where your web site is hosted would be one of the earlier things to discover.

Let's hope it's sorted soon.

Posted on: 13 November 2008 at 14:52 hrs

Comments Comments (0) | Permalink | Send Send

15 August 2008

Is Your Web Site on Virtual Contaminated Land?

When we set up a web site, how much thought should we give to the previous use of the Internet Protocol (IP) address and domain name? Any previous use could spell disaster for a new web site.

When you buy a house your conveyancing solicitor will undertake local searches and review the Home Information Pack. For commercial transactions, organisations will usually undertake some form of due diligence checks including enquiring about previous uses of the site and adjoining properties using old maps and information from the local authority. No-one wants to inherit the liability for contaminated land, for example from a previous gas works, tanning plant or dye manufacturer that occupied the site.

Instead of chemical threats, web sites need some virtual due diligence, when setting up a new site or moving to a new hosting company or domain. It may also be an issue if your hosting company is changing their IP address ranges and this affects your servers. The threats are to your organisation's reputation if it becomes associated with something contrary to its beliefs, objectives or might upset its customers, clients or users. It could also lead to a lack of availability if the address is blocked by spam or web filtering gateways.

The Domain Name Service (DNS) is responsible for translating between human-friendly domain names (e.g. www.clerkendweller.com) and and machine-friendly IP addresses (e.g. 217.33.198.55). If a hosting company loses a client, they are very likely to re-allocate their web site's IP address to a new customer.

For a new IP address on your existing domain (e.g. a server move), my recommendation is to obtain details of:

  • How long the IP address has been allocated to the hosting company
  • All domains assigned to the IP address previously
  • Details of the organisations who own those domains
  • Check what is hosted on 'nearby' IP addresses i.e. in the same address block
  • Check what else is listed on the same domain name servers and the company who operates them

For a new web domain, check:

  • Ownership history
  • Current and prior internet usage (web, email, ftp, etc)
  • Check the IP addresses for both of these (as above)

Then, evaluate whether there is anything you might not want to be associated with or has been excluded by web/email filtering/firewall systems due to what it has been used for or the content it contained. Check other server IP addresses as well (e.g. your mail server) if this is changing as well. Also check what else is hosted on 'nearby' IP addresses in the same range.

For a new web domain, use tools like Netcraft, Site Advisor, The Way Back Machine and Google searches to investigate prior use. Check with suppliers of web filtering gateways and providers of reputational services whether the domains are blacklisted.

For mail, the Spam and Open Relay Blocking System (SORBS) and Spamhaus list potentially problematic spam sources and open mail relays. There are many more similar searchable spam lists listed at dr.moensted. You may also want to check whether Hotmail, GMail and AOL treat the IP or domain as a source of spam.

If you are purchasing an existing domain name, as opposed to registering one from scratch, check its previous and current use. Some companies serve advert pages for domains they own but are not allocated to a web site - be very wary of these.

If your hosting company won't help with this enquiry, go elsewhere.

Posted on: 15 August 2008 at 10:15 hrs

Comments Comments (1) | Permalink | Send Send

DNS : Web Security, Usability and Design
http://www.clerkendweller.com/dns
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/dns
Requested by 38.107.191.118 on Thursday, 11 March 2010 at 14:36 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2008-2010 clerkendweller.com