Security at APNIC
Security is essential to the stability and trustworthiness of the Internet. Whether you’re operating a network, building Internet infrastructure, or responding to incidents, protecting the Internet is critical to your work — and to the stability of the global Internet.
This section of the APNIC website is designed to help you strengthen your security posture. It brings together practical tools, guidance, and support across four key areas:
- Making your network more secure: Find practical training, expert advice, and technical resources to help you strengthen your own network’s security and resilience.
- Making the Internet more secure: Learn how APNIC works with the community to improve the security of the global Internet — through gathering threat intelligence, infrastructure services, and collaborative initiatives.
- Making APNIC more secure: Learn about APNIC’s own security practices, how we protect our services and infrastructure, and what that means for Members and the community.
- Handling security incidents: Get guidance on reporting, responding to, and learning from security incidents, including how APNIC can assist and where to find additional support.
Each tab contains resources to help you build skills, improve infrastructure, collaborate with others, and respond to threats — all with the goal of making the Internet safer for everyone.
Making your network more secure
Securing your network is one of the most effective ways to contribute to a safer Internet. This section provides practical support to help you improve your network’s security posture — whether you’re building foundational skills or implementing advanced protections.
You’ll find resources to:
- Build your skills with training: Learn best practices and technical approaches through the APNIC Academy’s training courses and workshops.
- Receive expert advice with technical assistance: Get help from APNIC’s specialists to address specific security challenges in your network.
- Monitor for malicious traffic with DASH: Use APNIC’s DASH tool to detect and respond to suspicious activity coming from within your network.
- Do your part with whois: Keep your resource registration data accurate and up to date in the APNIC Whois Database to support transparency and accountability.
- Secure your routing with Resource Public Key Infrastructure (RPKI): Secure your routing infrastructure with RPKI by creating cryptographic attestations for your Internet number resources.
Each section offers actionable guidance and tools to help you protect your infrastructure and respond to threats effectively.
Build your skills with training
APNIC Academy offers a range of training opportunities to help you strengthen your network security skills and stay ahead of evolving threats. Whether you’re new to Internet security or looking to deepen your expertise, you can access:
- Instructor-led and self-paced courses covering topics such as RPKI, DNSSEC, routing security, and incident response.
- Online learning, including webinars, video tutorials, and hands-on Virtual Labs for practical experience.
Training is designed for network operators, educators, and anyone responsible for managing Internet infrastructure. Courses are regularly updated to reflect the latest security challenges and technologies.
Find training at the APNIC Academy
Receive expert advice with technical assistance
If you need help applying security best practices to your network, APNIC offers one-on-one technical assistance to Members through the APNIC Academy. This service connects you with APNIC specialists who can provide tailored advice on a range of topics, including:
- RPKI and resource certification
- DNSSEC and reverse Domain Name System (DNS) delegation
- Whois and Internet Routing Registry (IRR) management
- Routing security
- Infrastructure security measures
Technical assistance is available online or in person (where appropriate), and is free for APNIC Members. You can book a session based on your preferred topic, language, and time zone.
Secure your routing with RPKI
As an APNIC Member, you can use Resource Public Key Infrastructure (RPKI) to protect your network from accidental misconfigurations and route hijacks by creating Route Origin Authorizations (ROAs) through MyAPNIC. APNIC offers hosted and self-hosted deployment options, and provides tools, training, and validator services to help you implement Route Origin Validation (ROV) and maintain accurate ROAs. These steps strengthen your routing security and contribute to a more trustworthy Internet.
Monitor for malicious traffic with DASH
DASH, the APNIC’s Network Heath Dashboard, is a monitoring and alerting platform available to all APNIC Members. It brings together several services that address common operational and security issues faced by network operators, allowing Members to take timely action to protect their infrastructure and maintain Internet stability.
DASH offers the following services:
- Routing status helps Members detect inconsistencies between their announced Border Gateway Protocol (BGP) routes and RPKI or IRR data. The service flags many routing issues, such as invalid route origins, missing IRR objects, or potential route hijacks, and supports near real-time alerts.
- Suspicious traffic draws on data from the APNIC Community Honeynet Project, which analyses traffic from more than 400 honeypots deployed globally. It identifies when a Member’s network is originating suspicious traffic, often a sign of infected or compromised systems.
- Potential security vulnerabilities enables Members to review and act on vulnerabilities detected on their networks, such as open services which might be exploited to amplify DDoS attacks.
- Bogons monitors for unallocated or reserved prefixes being announced or propagated, which can indicate network misconfiguration or missing filters.
- The MANRS readiness score measures how closely a Member’s network align with the routing security best practices promoted through the MANRS initiative.
By identifying and addressing issues early, DASH helps you protect your infrastructure and reduce the risk of contributing to broader Internet threats.
Do your part with whois
Whois data is a foundational tool for Internet security and incident response. By maintaining accurate records in the APNIC Whois Database and using whois responsibly, APNIC Members can help make their networks more secure and support the broader security community.
Maintain accurate contact information
Keeping whois records up to date ensures that the relevant people operating your network can be reached quickly when issues arise. This includes:
- Regularly reviewing and updating your contact details.
- Including role-based email addresses (for example, noc@, abuse@) where appropriate.
- Creating and maintaining an Incident Response Team (IRT) object, which contains contact information for reporting network abuse.
IRT references are mandatory in the APNIC Whois Database and play a key role in enabling collaboration and timely incident response.
Use the APNIC Whois Database responsibly
Whois data must be interpreted correctly to avoid misattribution and confusion. When using the APNIC Whois Database:
- Confirm the actual resource holder before initiating contact
- Avoid assuming APNIC is responsible for abuse based on registry references
- Use whois as a tool for coordination, not enforcement
Take advantage of APNIC tools
APNIC provides services to help Members manage and use whois data effectively:
- MyAPNIC: A secure portal for managing your whois records and other registry data
- Whois Search: A public interface for querying IP and ASN registration details
- Training and resources: Available through the APNIC Academy to help you understand and use whois securely and responsibly.
Maintaining accurate whois data is not just a registry requirement — it’s a key part of good network hygiene and responsible Internet stewardship.
Making the Internet more secure
Improving the security of the Internet is a collaborative effort. APNIC works with researchers, security-focused organizations, and other community partners to strengthen global infrastructure, share data, and foster open dialogue around emerging threats and solutions.
This section highlights APNIC’s collaborations on Internet-wide security, including:
- Engaging with community partners on security concerns: Collaborating with groups that share a focus on Internet security, including Computer Emergency Response Teams (CERTs), Computer Security Incident Response Teams (CSIRTs), law enforcement, and policy makers.
- Providing secure network routing infrastructure with Resource Public Key Infrastructure (RPKI) and Domain Name System Security Extensions (DNSSEC): Supporting the deployment of cryptographic tools that protect routing and domain name systems from hijacking and manipulation.
- Gathering threat intelligence about the security of the Internet with the Honeynet Project: Using honeypots and other techniques to study malicious activity and inform the community.
- Hosting important community conversations about security: Facilitating discussions through events, publications, and platforms that bring stakeholders together to share insights and coordinate responses.
Each section offers a window into how APNIC works with the community to make the Internet more secure — and how you can get involved.
Engaging with community partners on security concerns
Cybersecurity is a concern shared by many in the Internet community. APNIC parners with the security community including security coordination organizations, law enforcement agencies, and policy makers to support a more secure Internet through collaboration, capacity building, and informed decision making.
Providing secure network routing infrastructure with RPKI and DNSSEC
Resource Public Key Infrastructure (RPKI) helps secure Internet routing by allowing network operators to cryptographically verify which networks are authorized to announce specific IP address ranges and Autonomous System Numbers (ASNs). Learn more abour RPKI.
Domain Name System Security Extensions (DNSSEC) helps protect the integrity of DNS data and prevent attacks like spoofing and cache poisoning. Learn more about DNSSEC.
Gathering data about the security of the Internet with the Honeynet Project
The APNIC Honeynet Project is a global initiative to collect and share threat intelligence about malicious activity targeting networks, using honeypot sensors deployed across the Asia Pacific and beyond. It helps APNIC Members and the wider community understand threats in their networks, improve incident response, and strengthen Internet security.
Hosting important community conversations about security
Security is a shared responsibility, and improving it depends on open, informed discussion. APNIC supports a range of forums where people working on Internet security can share insights, raise concerns, and collaborate on solutions.
If you’re interested in Internet security or have expertise to share, consider joining these conversations:
- Security-discuss mailing list: A public forum for discussing security issues relevant to the APNIC community.
- Routing Security Special Interest Group (SIG): A platform for discussing routing security challenges, solutions, and policy developments.
- Security-related posts on the APNIC Blog: Articles and analysis from APNIC staff and community contributors on current security topics.
- Security sessions at APNIC Conferences: Regular sessions focused on security trends, technologies, and community initiatives. These are open to all and often include presentations, panel discussions, and opportunities to connect with others working in the field.
These platforms are open to anyone with an interest in Internet security, whether you’re a network operator, researcher, policy maker, or part of a CERT or CSIRT. Your voice and experience can help shape a more secure Internet.
Making APNIC more secure
APNIC is committed to protecting its own systems and services to ensure reliability and trust for Members and the wider community. This section outlines how you can help keep APNIC’s services secure and how to report potential issues.
Report a bug or vulnerability
We value the hard work of the security research community, and welcome responsible disclosure of any vulnerabilities in our products and services. Report a bug or vulnerability.
Enable multifactor authentication (MFA) when accessing APNIC services
To increase the security of all MyAPNIC Login users and account data, APNIC has enforced mandatory multifactor authentication (MFA) for all users that require access to APNIC services online such as MyAPNIC.
Handling security incidents, remediation, or abuses involving APNIC Members
APNIC is a stakeholder in the global Internet and carefully tracks trends and developments in cybersecurity. Our core role is operating the Internet number registry for the Asia Pacific region, with adjacent expertise in secure infrastructure and building cybersecurity skills. However, incident response and law enforcement are not part of our role as a Regional Internet Registry (RIR).
APNIC does not:
- Take enforcement action on network abuse
- Monitor or track threat actors
- Remediate vulnerabilities on Member infrastructure
- Prevent specific types of attacks (for example, spam, phishing, malware, DDoS)
We support the community by maintaining accurate registration data, including Incident Response Team (IRT) contacts in the APNIC Whois Database. Members are responsible for keeping this data up to date. If contact attempts fail or the issue requires active intervention, national Computer Emergency Response Teams (CERTs), Computer Security Incident Response Teams (CSIRTs), or law enforcement agencies may be better positioned to assist.
You may also find support from external resources such as:
- Asia Pacific Computer Emergency Response Teams: Coordinates regional CSIRTs to respond to large-scale or cross-border incidents. They facilitate trusted communication, joint drills, and collaborative response across the Asia Pacific.
- ShadowServer Foundation: Offers free, actionable threat intelligence and daily reports based on global scans and malware analysis. They help identify malicious activity and support remediation efforts, especially for network operators and national CSIRTs.
- Team Cymru: Provides deep visibility into global threat infrastructure and telemetry. Their no-cost community services and threat intelligence feeds help security teams detect, track, and disrupt advanced threat actors.
- Forum of Incident Response and Security Teams: A global network of trusted CSIRTs that enables coordinated response to international incidents. FIRST members share expertise, tools, and best practices to improve incident handling and resilience.