By Tony Connor, Director of Product Marketing, Public Interest Registry
When it comes to the ins and outs of the internet, things can get technical quickly. Hopefully you’ve built up a foundational understanding of the domain industry through the first two posts of this series. In Domain Lingo 101: Let’s Start With The Basics, we learned what a domain name is and a few of the most popular types of domains. The second post in the series, Domain Lingo 101: Who’s Who in the Industry, highlighted the key players in the domain industry and the roles they play in the overall management of the internet.
Now that we’ve covered the fundamental elements of the domain industry, let’s tackle some of the more technical and complex terms, in particular as it relates to domain security online which is a top priority within the domain and internet communities.
DNS – We briefly mentioned DNS in the second post of this series, but for more background, the domain name system (DNS) is a naming system that provides the framework for internet browsing. DNS matches the name of a website (text-based names) to the corresponding address for the website (numeric Internet location also known as an IP address) in order to help make the internet more user friendly. Think of DNS as a cell phone that holds contact information. Instead of memorizing each phone number, all you have to do is type the name that corresponds to the phone number to send a text, or in this case access a website. Your computer takes the text-based name and uses internet DNS servers to perform the translation to the IP of your website.
DNSSEC – DNS Security Extensions (DNSSEC) were created by the domain industry to add more security measures to DNS to help verify and authenticate data. Similar to the digital signature at the bottom of an e-mail, DNSSEC use key cryptography to authenticate DNS response data and ensure it came from the correct sender (DNS server). DNSSEC also provides a level of additional security so the web browser can check to make sure the DNS information is correct and not corrupted.
HTTP – HyperText Transfer Protocol (HTTP) is a communication protocol that establishes a connection with the Web server and sends Hypertext Markup Language (HTML) pages back to the user’s browser. HTTP or “http://” lives at the beginning of the URL and signifies that your URL is valid and that a connection was granted. However, HTTP by itself is not considered secure.
HTTPS – HyperText Transfer Protocol Secure (HTTPS) is a critical defense and serves as an easy process to integrate into your existing system to protect web page authenticity and keep user communications, identity and web browsing secure. If you see “https://” at the beginning of a website (ex. https://pir.org/) you are accessing a secure HTTPS connection. For additional background on HTTPS check out our “What Is All the Hype Around HTTPS” blog post.
Phishing – Phishing is a cybercrime where the target(s) are contacted by email, telephone or text message by someone who is impersonating an organization or individual in order to obtain personal information (i.e., passwords and credit card details). Those affected by phishing can become victims of identity theft.
DDoS attacks – A distributed denial-of-service (DDoS) is a malicious attack that occurs when multiple systems overwhelm a target or an infrastructure with a flood of internet traffic. A DDoS attack can be compared to bumper-to-bumper traffic that prevents you from arriving to your destination. There are so many simultaneous requests for web pages or other responses that your server cannot fulfill them in a timely manner, and therefore will “time out” and not return any pages to the user.
PII – Personally Identifiable Information (PII) refers to information that can be used to find or trace an individual’s identity. PII can be used alone or with other personal information that is linked to a specific individual. Organizations that have access to individual’s PII (whether they are managing, transmitting or storing that information), must take extra precautions to be sure that information stays secure and that they are compliant with privacy requirements.
GDPR – General Data Protection Regulation (GDPR) is a European Union (EU) data privacy regulation that outlines the requirements for how companies process personal data from the EU. Prior to GDPR taking effect on May 25, 2018, the WHOIS Look Up included some PII about registered domain name holders. With the implementation of GDPR, the WHOIS requirements have changed so the WHOIS lookup will now include only non-personal data related to the registered domain name. For more information now that GDPR is here, read our “GDPR: Next Steps for the Domain Industry,” blog post.
Congratulations, you’ve passed Domain Lingo 101! In this series you’ve learned what a domain is, the important players and their roles within the industry, and even explored some of the more technical terms related to the domain name system and online security. Based on this post it may seem like the internet is complex and rife with security and privacy threats, but the good news is that there are many organizations within the domain industry and larger internet community that are working to make sure the internet is a safe and secure place for all. By educating yourself on the ways the internet works, the threats that do exist and the best ways to combat those threats, you’ll be well positioned to harness the transformative power of the internet.
Stay tuned for the next domain blog series called “The Domain Insider’s Guide to the Industry” launching in February, where you’ll learn more about what it’s like to work within various segments of the domain industry.