In early May 2020, the Open Standards Everywhere (OSE) project held a series of virtual training sessions for Internet Society Chapters. Over 70 Chapter representatives from around the world learned, in English, French, or Spanish, how to improve the overall security and availability of their Chapter’s websites and web servers by enabling IPv6, HTTP/2, TLS, and DNSSEC.
To assess everyone’s progress we tested each Chapter’s website before and after the training sessions using internet.nl and http2.pro. As a result of the OSE training sessions, many Chapters were able to significantly increase their website’s compliance. But one Chapter in particular, ISOC Kolkata, was able to take its website from 32% compliance to a whopping 100%. We caught up with ISOC Kolkata member Rittika Ratawa, who was nominated by the Chapter to attend the training, to find out more.
The Internet Society: What changes did you make to isockolkata.in as a direct result of the OSE virtual training session?
Rittika: After the training session, the Chapter made several changes. Firstly, we changed our DNS service provider as the one we had been using did not offer DNSSEC services or IPv6. Then we enabled DNSSEC by providing the DS records to our registrar. We configured our website to use HSTS in the .htaccess file and deployed TLS 1.3 using our Content Delivery Network’s (CDN) proxy service. Finally, to improve email security, we added an SPF record to help prevent email spoofing, enabled DKIM so our emails are now encrypted, and enabled DMARC to help manage spam.
Why is it important for Internet Service Providers (ISPs) and Content Delivery Networks (CDNs) in your region to be aware of the protocols, standards and concepts that were discussed during the OSE virtual training session?
It’s very important for ISPs and CDNs – and everyone else really – to implement and maintain common security practices. We also need to make sure that everyone knows that there are open standards in use so that we can collectively contribute to a more robust and secure online ecosystem and also create a sense of trust for end users. For some of the things that we needed to do to bring the Chapter’s website into compliance, it was as simple as asking our CDN and DNS service provider/registrar to make some changes on their end and the OSE training sessions equipped us with the knowledge to do that.
IPv6 improves website availability and reachability and DNSSEC and HTTP/2 improve security. How are these Internet standards improving access, availability, and security for the Kolkata Chapter’s members and Internet users in India in general?
In India, Reliance Industries’ Jio network offers high speed Internet across India through its 4G network and fiber service. Its IPv6 network, for example, has vastly increased Internet access and opened up access to millions of people across the country. Now, almost 90% of Jio’s 4g LTE subscribers connect to the Internet via IPv6. And, there are so many reasons why it’s crucial for everyone to ensure that their websites and web servers are more secure. One compelling reason is financial: the cost of a substantial DNS attack in India now stands at around $800,000. If we can all work together to reduce such attacks by ensuring that our servers and sites conform to the latest security standards, we can help mitigate these financial impacts.
How have you and other members of the ISOC Kolkata Chapter benefited from the activities that the Chapter is involved in?
The ISOC Kolkata Chapter is a pioneering force in many local, regional, and national technical activities which are impacting not only the West Bengal region but also the entire country.
For the last six years the Chapter has advocated for more critical Internet Infrastructure to be installed across the country to support a resilient Internet backbone. As a result of a concerted community effort, the number of root server instances in India has increased hugely. With the support of local organizations and ICANN, the Chapter hosted India’s first L-Root server instance in 2015. To help minimize the latency for the smaller ISPs, the community also began working on IIFON-Kolkata-IX – a community Internet exchange point – in 2016 to help keep Internet traffic local and costs low.
The Chapter is also involved in Internet operation research alongside engineering students and researchers from different colleges and organizations and hosts capacity building programs with the help of the Internet Society, APNIC, ICANN, Government agencies, and community supporters. To date – and to name just a few – the Chapter has participated in and collaborated on IPv6 and DNS/DNSSEC Workshops hosted by APNIC and ICANN and is one of the founding members of the India School of Internet Governance (INSIG). In 2019, after there were security issues with hosting the South Asia Network Operators Group (SANOG) 34 meeting in Sri Lanka, the Chapter stepped in at the last minute and offered to host it. Within four months, the event had been re-planned and executed – a great volunteer-led initiative!
The Chapter is also heavily involved in capacity building initiatives and is helping regional organizations with the implementation of the open standards that support regional languages on the Internet. One such initiative is developing support for and promoting the IETF’s Email Address Internationalization (eai) Working Group’s Request For Comments (RFCs). And, in 2015, the Chapter was awarded a Beyond the Net Grant to set up the India IETF Capacity Building Program.
As a college student and proud Chapter member, I have been privileged to take part in many of these activities mentioned above as well as the OSE training sessions. The Kolkata Chapter often conducts workshops and sessions at my college and I have also been able to attend many other Chapter-related workshops and events across the region.
Rittika Ratawa is a final year student studying for a B.Tech in Information Technology at the MCKV Institute of Engineering in Kolkata, India and is an active member of the Internet Society Kolkata Chapter. With thanks also to Anand Raje, Internet Society Kolkata Chapter Chair.
Do you want to learn how to make your web server as secure as possible while using the latest open security standards? Find out more about the OSE project and what you can do to improve your website’s security and availability.
Image: Rittika Ratawa, middle row, fifth from right, during the Kolkata Chapter-hosted SANOG-34 event in 2019