Abstract
Currently, there are several security-related standards and recommendations concerning Domain Name System (DNS) and Hypertext Transfer Protocol (HTTP) services, that are highly valuable for governments and their services, and other public or private organizations. This is also the case of Higher Education Institutions (HEIs). However, since these institutions have administrative autonomy, they present different statuses and paces in the adoption of these web-related security services.
This paper presents an overview regarding the implementation of security standards and recommendations by the Portuguese HEIs. In order to collect these results, a set of scripts were developed and executed. Data were collected concerning the security of the DNS and HTTP protocols, namely, the support of Domain Name System Security Extensions (DNSSEC), HTTP main configurations and redirection, digital certificates, key size, algorithms and Secure Socket Layer (SSL)/Transport Layer Security (TLS) versions used.
The results obtained allow to conclude that there are different progresses between HEIs. In particular, only 11.7% of HEIs support DNSSEC, 14.4% do not use any SSL certificates, 74.8% use a 2048 bits encryption key, and 81.1% use the Rivest-Shamir-Adleman (RSA) algorithm. Also, 6.3% of HEIs still negotiate with the vulnerable SSLv3 version.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Direção Geral de Estatísticas de Educação e Ciência - Rede atual de Estabelecimentos do Ensino Superior. https://www.dgeec.mec.pt/np4/38/. Accessed 12 Apr 2021
EURYDICE - National Education Systems. https://eacea.ec.europa.eu/national-policies/eurydice/national-description_en. Accessed 1 July 2021
The top 500 sites on the web the sites in the top sites lists. https://www.alexa.com/topsites. Accessed 5 July 2021
Allen, C., Dierks, T.: The TLS Protocol Version 1.0. RFC 2246, January 1999. 10.17487/RFC2246. https://rfc-editor.org/rfc/rfc2246.txt
Chan, C.l., Fontugne, R., Cho, K., Goto, S.: Monitoring TLS adoption using backbone and edge traffic. In: IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 208–213 (2018). https://doi.org/10.1109/INFCOMW.2018.8406957
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.1. RFC 4346, April 2006. 10.17487/RFC4346. https://rfc-editor.org/rfc/rfc4346.txt
Elgamal, D.T., Hickman, K.E.: The SSL Protocol. Internet-Draft draft-hickman-netscape-ssl-00, Internet Engineering Task Force, April 1995. https://datatracker.ietf.org/doc/html/draft-hickman-netscape-ssl-00. Work in Progress
Freier, A.O., Karlton, P., Kocher, P.C.: The Secure Sockets Layer (SSL) Protocol Version 3.0. RFC 6101, August 2011. 10.17487/RFC6101. https://rfc-editor.org/rfc/rfc6101.txt
Incm: Resolução do conselho de ministros 92/2019 (2019). https://dre.pt/home/-/dre/122498962/details/maximized
Le, T., van Rijswijk-Deij, R., Allodi, L., Zannone, N.: Economic incentives on dnssec deployment: time to move from quantity to quality. In: NOMS 2018–2018 IEEE/IFIP Network Operations and Management Symposium, pp. 1–9 (2018). https://doi.org/10.1109/NOMS.2018.8406223
da República, A.: Lei 62/2007 (2007). https://dre.pt/web/guest/pesquisa/-/search/640339/details/normal?q=Lei. n. \(^{\underline{\rm o}}\) 62/2007
Rescorla, E.: HTTP Over TLS. RFC 2818, May 2000. 10.17487/RFC2818. https://rfc-editor.org/rfc/rfc2818.txt
Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446, August 2018. 10.17487/RFC8446. https://rfc-editor.org/rfc/rfc8446.txt
Rescorla, E., Dierks, T.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, August 2008. 10.17487/RFC5246. https://rfc-editor.org/rfc/rfc5246.txt
Rescorla, E., Schiffman, A.M.: The Secure HyperText Transfer Protocol. RFC 2660, August 1999. 10.17487/RFC2660. https://rfc-editor.org/rfc/rfc2660.txt
Rose, S., Larson, M., Massey, D., Austein, R., Arends, R.: DNS Security Introduction and Requirements. RFC 4033, March 2005. 10.17487/RFC4033. https://rfc-editor.org/rfc/rfc4033.txt
Rose, S., Larson, M., Massey, D., Austein, R., Arends, R.: Protocol Modifications for the DNS Security Extensions. RFC 4035, March 2005. 10.17487/RFC4035. https://rfc-editor.org/rfc/rfc4035.txt
Rose, S., Larson, M., Massey, D., Austein, R., Arends, R.: Resource Records for the DNS Security Extensions. RFC 4034, March 2005. 10.17487/RFC4034. https://rfc-editor.org/rfc/rfc4034.txt
Song, Y.D., Mahanti, A., Ravichandran, S.C.: Understanding evolution and adoption of top level domains and DNSSEC. In: 2019 IEEE International Symposium on Measurements Networking (M N), pp. 1–6 (2019). https://doi.org/10.1109/IWMN.2019.8805011
Suga, Y.: Status survey of SSL/TLS sites in 2018 after pointing out about “search form” issues. In: 2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW), pp. 483–485 (2018). https://doi.org/10.1109/CANDARW.2018.00093
Van Adrichem, N.L.M., Lua, A.R., Wang, X., Wasif, M., Fatturrahman, F., Kuipers, F.A.: DNSSEC misconfigurations: how incorrectly configured security leads to unreachability. In: 2014 IEEE Joint Intelligence and Security Informatics Conference, pp. 9–16 (2014). https://doi.org/10.1109/JISIC.2014.12
Weerasinghe, T., Disanayake, C.: Usage of RC4 cipher in SSL configurations in web portals of Sri Lankan banking/non-banking financial institutes and awareness levels of relevant staff about it. In: 2018 National Information Technology Conference (NITC), pp. 1–6 (2018). https://doi.org/10.1109/NITC.2018.8550064
Yee, P.E.: Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 6818, January 2013. 10.17487/RFC6818. https://rfc-editor.org/rfc/rfc6818.txt
Acknowledgments
This work was developed in the context of a project in the Computer Networks and Systems Engineering graduation at the Instituto Politécnico de Viana do Castelo, Portugal, and it was partially supported by the Norte Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, through the European Regional Development Fund (ERDF), within project “Cybers SeC IP” (NORTE-01-0145-FEDER-000044).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Felgueiras, N., Pinto, P. (2022). An Overview of the Status of DNS and HTTP Security Services in Higher Education Institutions in Portugal. In: Paiva, S., et al. Science and Technologies for Smart Cities. SmartCity 360 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 442. Springer, Cham. https://doi.org/10.1007/978-3-031-06371-8_30
Download citation
DOI: https://doi.org/10.1007/978-3-031-06371-8_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06370-1
Online ISBN: 978-3-031-06371-8
eBook Packages: Computer ScienceComputer Science (R0)