Re: Insecure Internet in Africa & Mauritius

From: Loganaden Velvindron <loganaden_at_gmail.com>
Date: Wed, 4 Nov 2015 15:30:51 +0000

On Mon, Nov 2, 2015 at 4:00 PM, S Moonesamy <sm+mu_at_elandsys.com> wrote:
> Hi Logan,
>
> I read http://logan.hackers.mu/2015/10/insecure-internet
>
> "One of the major limitations of DNSSEC is that the question/response is
> not
> encrypted. A 3rd party can monitor my DNSSEC messages, and build a
> profile
> about my surfing habits, such as the time I usually check my Bank
> account."
>
> My very simple response to the above is yes.

Thank you :)


>
> "PKI can be leveraged by ISPs to prevent accidental or intentional
> prefixes from being hijacked."
>
> Shouldn't that be RPKI?

Correct. RPKI helps with route origin validation on the internet.

>
> "How much is Africa investing into not only improving Internet
> connectivity,
> but also securing our Internet ? (BCP-38 anyone ?)"
>
> What does BCP 38 have to do with securing the internet?

BCP-38 is an approach to securing the Internet against DDOS attacks,
by mandating filtering at ISP level, and prevent spoofing of IP
addresses.


>
> "The local banks are discouraging me from getting my statements via mail.
> They send it to me by email. However, that email is not encrypted/
> digitally signed."
>
> From https://www.sbmgroup.mu/products.php?pid=39&suf1=pb&lang=en#faqs
>
> "The e-Statement service delivers your periodic bank statement as a
> password protected PDF attachment to your registered e-mail address."
>
> Which local banks send the statement by email without applying any security
> measure?

MCB


>
> "What about the Cyber/Internet Institutions that have a mandate and a
> budget in Africa & Mauritius ?"
>
> The National Computer Board has a budget. I am not sure whether it is
> within its mandate to "seriously look into improving the security of our
> internet". I'll ask you, as member of the ICT Advisory Council, the
> following: is there an institution in Mauritius which has a mandate to look
> into internet security?

CERT-MU is mandated to do that. Going through their mission statement:

Three main goals :

 Handle security incidents and monitor security problems occurring
within public and private sectors.
 Provide guidance to providers of critical information infrastructure
to adopt best practices in information security.
 Warn and educate systems administrators and users about latest
information security threats and suggest countermeasures by means of
information dissemination.


>
> Regards,
> S. Moonesamy
>
Received on Wed Nov 04 2015 - 15:31:05 PST

This archive was generated by hypermail 2.3.0 : Wed Nov 04 2015 - 16:18:03 PST