Whois - Addressing the Asia Pacifc

39
Issue Date: Revision: Whois that? Addressing the Asia Pacific Adam Gosling Internet Policy Development Consultant, APNIC PRFP-9 29 June 2016, Port Moresby, Papua New Guinea

Transcript of Whois - Addressing the Asia Pacifc

Page 1: Whois - Addressing the Asia Pacifc

Issue Date:

Revision:

Whois that? Addressing the Asia PacificAdam Gosling

Internet Policy Development Consultant, APNIC

PRFP-9

29 June 2016, Port Moresby, Papua New Guinea

Page 2: Whois - Addressing the Asia Pacifc

Agenda

• What is APNIC?

• APNIC’s role in Cybersecurity

• Delegation and Registration

• Whois Improvements

• Policy SIG discussion

Page 3: Whois - Addressing the Asia Pacifc

What is APNIC?

Page 4: Whois - Addressing the Asia Pacifc

What is APNIC?

• The Regional Internet number Registry for the Asia Pacific region

• A neutral, independent, not-for-profit, open membership organization

• A Secretariat with ~ 70-75 staff

• Operating since 1993

• Based in Brisbane, Australia

4

Page 5: Whois - Addressing the Asia Pacifc

5

APNIC’s Vision

A global, open, stable and secure Internet that serves the entire Asia

Pacific community

Page 6: Whois - Addressing the Asia Pacifc

What APNIC does

• Number resource management– IPv4 & IPv6, ASN

• Whois Database – public register– Technical & abuse tracking & troubleshooting– Protect against address hijacking

• Information dissemination– APNIC Conferences & events– Publications & Research

• Capacity Building– Training, Technical assistance, & Development

Page 7: Whois - Addressing the Asia Pacifc

How do we work?

• Events – APNIC / APRICOT Conferences and Regional meetings– Network Operators Groups (NOGs) and Security Conferences

• Training and Technical Assistance Services– https://training.apnic.net

• Collaboration – With International, Regional

& Local Organizations

• Blog & Social Media – https://blog.apnic.net

• Outreach campaigns – Ready to ROA!

Page 8: Whois - Addressing the Asia Pacifc

APNIC Events

8

201516 economies: PK,

BD, LK, MM, KH, TH, MY, SG, PH, ID, SB, JP, MN, GU, LA, MG

Attendance• Conferences:

1,364• Member outreach

events: 614

ARM, Philippines

APNIC 40

APRICOT 2015

APNIC 40

APRICOT 2016

2016 so far• Conference: 531

(NZ)• Member outreach

events: 186 (NP); 14 (TH)

Page 9: Whois - Addressing the Asia Pacifc

9

APNIC Training

2016(to date)

• 24 F2F courses held in 15 locations

• 616 F2F trainees

• 456 trainees in 57 eLearning sessions

• Video archives: 101 videos; 377,541 views

Page 10: Whois - Addressing the Asia Pacifc

10

Technical Assistance

TAS - Thailand TAS - Bangladesh

Support for scalable and resilient networks and best practices in

network operations

• Distribution and registration of resources• Supporting reverse DNS delegation• Managing whois and IRR• Resource Certification• IPv6 deployment• Internet infrastructure security

www.apnic.net/tas

2016 outreach (to date)Indonesia (2 Members)

Page 11: Whois - Addressing the Asia Pacifc

11

NOG Outreach

BTNOG 1 SANOG 24

MMNOG

SGNOG 2015

MMNOG 2015

www.apnic.net/nog

2016: JANOG (Jan), PHNOG (Jan), SANOG (Jan), bdNOG (Apr)

… and many more to come!

• Technical and APNIC updates

• Hostmaster consultations

• Training sessions

• Sponsorship and logistical support

bdNOG 5

Page 12: Whois - Addressing the Asia Pacifc

12

RIPE Atlas anchor deployment in Maldives – Dhiraagu staff

Community Development

Supported 5 RIPE Anchor deployments; distributed 120

RIPE Atlas probes

24 fellowships for APNIC 40 including 6 youth fellowships;

24 for APRICOT 2016

Supporting new L-root (ICANN) server instance in

Apia, Samoa

Working with NSRC in New Caledonia and Samoa on IXP

support

SANOG

Probe hosts in the Philippines

MoU signing for L-root

SANOG 27

Page 13: Whois - Addressing the Asia Pacifc

13

The APNIC Development Program

Supports the growth of the Asia Pacific community by

providing:

• Training and technical assistance

• Infrastructure support

• Grants and awards• Research

Page 14: Whois - Addressing the Asia Pacifc

14

The APNIC Foundation

Established in Hong Kong to support and expand the APNIC

Development Program

Page 15: Whois - Addressing the Asia Pacifc

APNIC’s role in Cybersecurity

15

Page 16: Whois - Addressing the Asia Pacifc

Can APNIC stop network abuse?

• No, because…– APNIC is not an ISP and does not provide network

connectivity to other networks– APNIC does not control Internet routing– APNIC is not a law enforcement agency– APNIC has no industry regulatory power

• What can we do?

Page 17: Whois - Addressing the Asia Pacifc

Collaboration: Working together

17

Adli Wahid

Craig Ng

Participation in NOGs, CSIRTS and LEA events to

educate and learn

Promoting new initiatives & security best practices

among Members

Internet Investigation Training for LEAs: NZ, SG, BN & ID

Page 18: Whois - Addressing the Asia Pacifc

Best Current Practices in Security

• Target Audience – IP Network Operators & Internet Service Providers– Regulators and Policy Makers

• Philosophy– Operationally relevant– Up to date

• Topics– Routing security: Resource Public Key Infrastructure (RPKI) – DNS and DNSSEC – Source Address Validation (SAVE) – Whois Database – IRT records– Establishing CSIRTs

Page 19: Whois - Addressing the Asia Pacifc

19

Security Outreach

Craig Ng

NOGs, CSIRTS and LEA events

PK, CN, HK, KR, JP, PH, SG, MY, ID, AU, LK, MV, TW

Collaboration with JICA and KISA to deliver regional

CERT training

Geoff Huston member of ICANN SSAC

Adli Wahid member of FIRST Board; invited to join INTERPOL Global

Cybercrime Expert Group

www.apnic.net/security

Adli Wahid

Page 20: Whois - Addressing the Asia Pacifc

RPKI

20

RPKI presentations to NOGs and conferences

‘Ready to ROA’ Campaign – hands-on sessions to help

Members create ROAs

Shirts, stickers, web content to promote campaign

Regional RPKI adoption grown rapidly in past 15 months – 0.8% to 3.24% and rising

www.apnic.net/roa

• 10 face-to-face and eLearning RPKI training courses delivered in 2015

• Offline simulation of production system• Create and revoke ROAs, observe

changes to routing state in lab

Page 21: Whois - Addressing the Asia Pacifc

Delegation and Registration

21

Page 22: Whois - Addressing the Asia Pacifc

Delegation Hierarchy Diagram

22

Allocated to APNIC: Maint-by can only be changed by IANA

Allocated to Member: Maint-by can only be changed by APNIC

Sub-allocated to Customer: Maint-by can only be changed by Member

Page 23: Whois - Addressing the Asia Pacifc

The APNIC Whois Database

• Holds IP address records within the AP region• Can use this database to track down the source of

the network abuse– IP addresses, ASNs, Reverse Domains, Routing policies

• Can find contact details of the relevant network administrators – not the individual users– use administrators log files to contact the individual

involved

Page 24: Whois - Addressing the Asia Pacifc

Resource Registration

• As part of the membership agreement with APNIC, all members are required to register their resources in the APNIC Whois database.

• Members must keep records up to date:– Whenever there is a change in contacts– When new resources are received– When resources are sub-allocated or assigned

24

Page 25: Whois - Addressing the Asia Pacifc

Customer Privacy

• Public data– Includes portable addresses (inetnum objects), and other

objects e.g. route objects– Public data: must be visible

• Private data– Can include non-portable addresses (inetnum objects)– Members have the option to make private data visible

• Customer assignments– Can be changed to be public data (public data is an

optional choice)

Page 26: Whois - Addressing the Asia Pacifc

What can you do?

• Use the APNIC Whois Database to obtain network contact information

• APNIC Whois may or may not show specific customer assignments for the addresses in question– But will show the ISP holding APNIC space

• Contact the network responsible and also its ISP/upstream

• Contact APNIC for help, advice, training or support

• Community discussions can be raised in the APNIC conferences, mailing lists, etc.

Page 27: Whois - Addressing the Asia Pacifc

Whois improvements

27

Page 28: Whois - Addressing the Asia Pacifc

Steps we take to ensure Whois accuracy• Member account opening

– verification of corporate existence with corporate registries or regulators (where possible)

• Membership renewal– once a year– email to corporate contact, with payment record– Internet resources revoked if account not paid or

renewed

• Transfer policies– encourage registration of resources– “value” of Internet resources encourage registration

Page 29: Whois - Addressing the Asia Pacifc

Whois Accuracy Project

29

Simplifying contact update process

Assisting with IRT registration process

Clearer information about PoC in IP address object

Guidelines on using and updating

information in whois

Monthly cleanup program on

referenced objects (12 months+)

Easily report invalid contacts

Improving database and

information accuracy to

provide better user experience

Page 30: Whois - Addressing the Asia Pacifc

MyAPNIC Improvements

30

Improving major features of MyAPNIC

Authorized contact management

Bulk Whois record management

Reverse DNS management

Route and ROA management

MyAPNIC speed improvement – 24% faster response time

Simplified whois updates

Page 31: Whois - Addressing the Asia Pacifc

Registration Data Access Protocol

31

Standardizes the query format

Standardizes the response format

Commonly-used technologies

Supports redirection

Internationalization using UTF-8

RDAP Deployed in production 2015

Solves a number of limitations to WHOIS protocol

www.apnic.net/rdap

Page 32: Whois - Addressing the Asia Pacifc

What if Whois info is invalid?

• Customer assignment information is the responsibility of ISPs– ISPs are responsible for updating their customer network registrations

• Tools such as ‘traceroute’, ‘looking glass’ and RIS may be used to track the upstream provider if needed

• Members (ISPs) are responsible for reporting changes to APNIC – Under formal membership agreement

• Report invalid ISP contacts to APNIC– http://www.apnic.net/invalidcontact – APNIC will contact member and update registration details

Page 33: Whois - Addressing the Asia Pacifc

Community Discussion

33

Page 34: Whois - Addressing the Asia Pacifc

Internet Policies

• Policies change to the meet current needs• There is a system in place called the Policy

Development Process– Anyone can participate– Anyone can propose a policy– All decisions & policies documented & freely available to

anyone

• Decisions made in the Policy SIG by consensus of those participating

Page 35: Whois - Addressing the Asia Pacifc

35

Whois data quality improvement

Community discussion

APNIC 41 SIG MeetingSIG discussion on APNIC whois

data quality improvement

Mailing listChairs send call for further

community participation

Secretariat Initiatives

Improved online toolsContinuous improvement of MyAPNIC online services

Services outreachStaff work with individual Members to check whois

What can be done to improve accuracy?Should operators be punished, or lose their resources?

Have your say: www.apnic.net/policy-sig

Page 36: Whois - Addressing the Asia Pacifc

Next APNIC Conference

36

APNIC 42 (with bdNOG 6), Dhaka, Bangladesh29 Sep - 6 Oct 2016

conference.apnic.net/42

Page 37: Whois - Addressing the Asia Pacifc

APNIC Conferences in 2017

• APRICOT 2017 / APNIC 43– Ho Chi Minh City, Vietnam– 20 February to 3 March 2017

• APNIC 44– Taichung, Taiwan– 7 to 14 September 2017

37

Page 38: Whois - Addressing the Asia Pacifc

Coming soon: APNIC Survey 2016

38

We want your views on APNIC!

Survey opens July – more details soon

Page 39: Whois - Addressing the Asia Pacifc

Thank youAdam [email protected]@bout_policy