Internet: la gestion du «point .cm» préoccupe

YAOUNDE - 30 DEC. 2009
© Laurent ABAH | Cameroon Tribune
     6 Réactions
Depuis quelque temps certains navigateurs et des spécialistes responsables de la sécurité sur le réseau déconseillent l’utilisation des sites du « point.cm » dédié au Cameroun...

De nombreux internautes camerounais peuvent en témoigner, ils ont eu au moins une fois la désagréable surprise en visitant nombre de sites gouvernementaux utilisant le « .cm » d’avoir l’alerte « site dangereux ». Dans le même temps, et même si du côté de l’ANTIC en charge de la gestion de ce point de souveraineté on ne le confirme pas, des sites n’ayant rien à voir avec le domaine dédié au Cameroun y ont bien une place confortable. Pour vous en convaincre et après avoir éloigné les enfants aller sur www.nafeng.cm ou encore www.cococ.cm ; www.jianzhi.cm dont les contenus se passent de commentaires. En lançant au moment de mettre sous presse la recherche sur Google pour connaître le nombre de sites ayant l’extension « point.cm » on est halluciné du résultat 786. 000 alors que l’ANTIC n’annonce que 19.592 officiellement répertoriés. Péril en la demeure ? Sans aucun doute. La situation préoccupe. Elle préoccupe d’autant plus que l’enregistrement d’un site sur un domaine de niveau élevé comme c’est le cas du « point.cm » est soumis à payement et au contrôle et est de la seule responsabilité du gestionnaire du nom du domaine.

L’autre inquiétude est l’annonce des nouvelles dispositions prises de gestion des noms de domaines par l’ICANN dès Juin 2010. Contrairement à la pratique actuelle qui veut que les noms de domaines soient exclusivement avec l’alphabet romain, l’Internet Corporation for Assigned Names and Numbers annonce l’ouverture des noms de domaine Internet aux autres langues arabes, chinois, Japonais. La réforme est présentée par le président du conseil d'administration de l'ICANN, Peter Dengate Thrush, comme « le plus grand changement technique sur Internet depuis son invention il y a 40 ans ", le PDG de l’ICANN, Rod Beckstrom ajoute même que " Ce n'est que la première étape, mais c'est une étape extrêmement importante et un changement historique en direction de l'internationalisation de l'Internet ». Du coup la question de base est de savoir ce que va devenir la gestion du « point.cm » avec l’application de cette directive alors que la maîtrise de la gestion ne semble pas rassurante dans la situation actuelle.

Prudence
L’urgence d’assurer la gestion sécurisée de la ressource « .cm » est essentielle car certains spécialistes estiment que le danger est lié à la proximité du « .cm » de « .cn » dédié à l’espace géographique chinois. La demande étant très forte, il y a des appétits qui se manifestent. Le domaine «.cm» étant attrayant, c’est comme «une mine d’or» qui pourraient procurer des satisfactions éloignées des intérêts, de l’honneur et de l’image du Cameroun. Des ententes secrètes scellées quelque part sur la toile pourraient peut-être justifier les dérives observées qui ne sont peut être pas forcément le simple fait « d’innocents pirates ». A ce stade, il est peut être temps de commander en urgence un audit technique et financier de la gestion du « .cm » ; de reprendre le contrôle total de cette ressource nationale, avec une gestion suivant les règles de l’art en adoptant une charte de nommage consensuelle, étant donné que la charte actuelle avec les doubles extensions (genre .com.cm pour les entités commerciales) ne semble pas indiquée.



Dr Ebot Ebot Enaw:
«The Proximity of «CM» Exposes Us to Hackers»

By Brenda YUFEH

Dr Ebot Ebot Enaw, General Manager of the National Agency for Information and Communication Technologies (ANTIC).
The Internet domain name .CM (Cameroon) is classified amongst the most dangerous in the world, why?
On the 2nd of December 2009, the Information Security Enterprise, McAfee, published its 2009 annual report on “Mapping the Mal Web”. This report revealed that the .cm (Cameroon) zone was ranked first amongst the five Country Code Top Level Domains (ccTLD) with the greatest risky registration, having a risk level of 36.7 per cent. The report indicated that the Zone file of the .cm domain has 688,861 domain names of which 82,087 were tested and 57,210 found to be risky. According to our records as at the date of the publication of this report 19,592 domain names had been registered in the zone file of the .cm domain maintained simultaneously on the CAMTEL and ANTIC servers. These servers are the only authoritative servers for the .cm zone recognised by the worldwide internet regulator-the Internet Cooperation for assigned names and numbers (ICANN). There is a significant disparity between the figures provided by McAfee in their report and the figure on our servers; their figures are about 35 times more than the actual figures on our servers (CAMTEL and ANTIC). In a bid to obtain clarification from McAfee as to the origin of their figures, we wrote to the CEO of McAfee on December 9, 2009 requesting for information on these alleged registration. Requested information includes; the list of the alleged 688,861 registered domain names as well as the identity and locations of the servers hosting these domain names. We still await the reply of McAfee which will enable us have a better understanding of the origin of their figures on which their findings are based. As far as we are concerned the data on which their findings are based is incorrect. Technically it is not possible for unauthorised registrations to be made, which explains why we are kind of surprised by McAfee’s findings.


Cameroon's domain .CM is not protected enough as there seems to be other Internet users with the appellation .CM. Why?

The rules and regulations put in place by the Internet regulator (ICANN) requires that generic domain names should be sold to potential buyers on a first come first serve basis, while trademarks are sold to the owners of the trademarks, irrespective of their geographic location in the world. Many internet users in Cameroon have .com and .fr email addresses. Some content providers have websites with .com extension. Likewise many users worldwide prefer the .cm extension. It is a free choice. A domain name simply identifies a computer on the Internet. Internet communication uses Internet Protocol (IP) numbers which are not human friendly. For easy recognition of the identity of computers, a Domain Name System (DNS) was established to resolve the IP addressing to more human friendly names. Thus, the domain name gives a computer a name. However the content and the activities carried out on that computer are the responsibility of the owner of the computer. That not withstanding, in selling domain names we get buyers to agree that they will not use these domain names to carry out activities that might compromise the security of the Internet. We have the contact details of all the 19,592 owners of .cm domains. The servers (ANTIC, CAMTEL) hosting the “.cm” zone file are secure. However, it is important to state that security is relative since even the most secured servers located in countries which invest a lot on Internet security, get hacked every day. These servers run the Red Hat Enterprise Advanced Platform 5, operating system which is one of the most secure platforms in the world. Additional security measures have been implemented on these servers which for security reasons we can not make known to the public. Security problems may crop up on the servers of owners of “.cm” names as is the case with every other country code Top Level Domain (TLD) name. The proximity of the “.cm” domain to other popular Top Level Domains such as “.com” and “.cn” based in China exposes us to hackers or ill intentioned users of the Internet. The Government is taking seriously the issue of data security.

What are some of these security measures?

Within the framework of the Central African Backbone programme (CAB) the World Bank is going to finance the formulation of a .cm management policy document. The terms of reference for these studies has been prepared by the National Agency for Information and Communication Technologies (ANTIC) and submitted to the World Bank which will launch an International call for tenders early next year. This policy document will address all issues relating to the management and security of the .cm zone and will go a long way to reinforce the security of the .cm zone. The opening of domain names to the public has led us to go further in applying ICANN's best practice which requires a Registry to collaborate with Registrars. Registrars are IT companies specialized in selling domain names as they are capable of managing, in a short time, a multitude of registration requests. This permits ANTIC to be efficient in its role of registry. Registrars are not necessarily in the same country with the registry and they also maintain a copy of the domain names they sell on behalf of the registry on their servers. The registry is the only authority that has the total number of domain names for that domain.

It is said that Cameroon's domain is hosted elsewhere. Why?

That is simply not true. The authoritative Domain Name System for the “.cm” zone is maintained on ANTIC and CAMTEL servers, with the CAMTEL server serving as the Master server and the ANTIC server serving as the Hidden Master. Both servers have identical copies of the zone file which get updated several times a day. In addition to the authoritative servers mentioned above the “.cm” zone, like every other zone, has secondary servers, one of these servers is hosted by the International Telecommunication Union (ITU). All these servers contain the same information provided above which can be verified anywhere, anytime.