The Internet is navigated via two namespaces; the domain name system (DNS) and the Internet Protocol (IP) numbering system. The system is designed primarily to be fast, open and scalable, not necessarily secure. There are many potential points of failure, including poisoned DNS caches, address spoofing and interference with apparently authoritative routing tables. These can lead to massive financial fraud or the creation and exposure of further vulnerabilities in closed parts of the network.
Securing the Internet creates major challenges for technical experts, users and policymakers alike:
How can we secure the Internet without destroying the openness at its core?
How can we protect users from fraud?
How can we enjoy the benefits of cloud computing and mitigate the risks of data breaches or loss, or threats to service and data integrity and access?
How can security measures be made backwards compatible and ultimately devolving back to a trusted and politically acceptable source?
What sustainable steps can key Internet nodes, such as smaller country code top level domains, take to secure their operations and networks in a way that is economically feasible and protects their national Internet resources?
Rosillo.Net has significant experience in the following areas and provides a full service offering of advice, consulting and bespoke training on:
Domain Name System Security Extensions (DNSSEC); analysis of suitability, implementation, capacity-building and policy implications
Routing security and Resource Public Key Infrastructures (RPKI); using authentication to validate paths and routing
The application of RPKI to adjacent technologies in areas such as energy and banking
Emerging technologies for law enforcement and Internet service providers in the context of relevant legal frameworks
Internet infrastructure hardening and implications for service providers and users