Security@APNIC

At APNIC, we take Internet security very seriously. In fact, it’s a key part of our Vision Statement.

“A global, open, stable, and secure Internet that serves the entire Asia Pacific Internet community”.

As the Internet has grown and developed to become an indispensable tool for everyone, so too have issues related to Internet security. Several protocols already exist that serve as a foundation for a more secure Internet, some of which APNIC has already adopted. APNIC’s Security best practices encompass:

  • Resource Public Key Infrastructure (RPKI), which is a validation structure for resource certification that helps secure Internet routing. RPKI allows IP address holders to specify which Autonomous Systems are authorized to originate their IP address prefixes.
  • Source Address Validation Everywhere (SAVE) or Best Current Practice (BCP) 38, which is a filtering methods that prescribes the use of valid and legitimately reachable source addresses. This will help to mitigate attacks that make use of spoofed IP addresses such as Distributed Denial of Service (DDoS) attacks.
  • Providing/Updating Incidence Response Team (IRT) references in the APNIC Whois Database to combat network abuse:
    • Security incidents or network abuse requires immediate attention so that it will not develop into a crisis. If you are a Member, we recommend you create or update the IRT object so that you can be reached easily.
  • Domain Name Security Extensions (DNSSEC), which is a set of security extensions to the Domain Name System (DNS) to help prevent attacks that hijack the process of looking up a website.
    • You can implement RPKI and DNSSEC through MyAPNIC, which is a secure website for Member’s to manage their Internet number resources.

Implementing these protocols will help make the Internet a more secure platform for both you and your customers.

Collaboration and capacity building

APNIC engages with many organizations that help make the Internet a more stable, secure, and open platform. This includes Computer Emergency Response Teams (CERTS), Computer Security Incident Response Teams (CSIRTS), and the judicial sector. APNIC participates in various meetings and events related to cyber security and presents on topics such as RPKI, DNSSEC, and network abuse.

APNIC provides training to network operators on Internet infrastructure security fundamentals, helping them to learn how to configure and manage security protocols on their Internet number resources.

Visit training.apnic.net to learn more about RPKI, DNSSEC, Routing and Network Security training.

Law enforcement engagement

APNIC also engages with Law Enforcement Authorities (LEAs), and works proactively with them to create a better understanding of how the Internet registry system operates, in particular, focusing on the publicly available information in the APNIC Whois Database.

APNIC staff attend various regional events related to law enforcement, and provide training to LEA stakeholders to build capacity and understand what law enforcement can achieve by utilizing this whois information.

APNIC also handles requests for information from LEAs and has a procedure for handling such requests.

Reporting security incidents

We do our best to make sure our infrastructure and Internet-based services are securely established and managed, however, we do not handle abuse reports or security incidents that involve our Members. However, you can search the APNIC Whois Database to find the relevant point of contact.

If you would like to report a security vulnerability related to APNIC’s infrastructure or services, such as the APNIC website or MyAPNIC, please contact helpdesk@apnic.net.

Want to know more?

Please contact helpdesk@apnic.net if you have any queries.