Cybersecurity starts with the network fundamentals

You can't build a safe office tower on shaky foundations, and the same applies to your data networks. Ask your suppliers whether they've got it right.
Written by Stilgherrian , Contributor and  Chris Duckett, Contributor

Using existing network tools to fine tune things like the domain name system (DNS,) email authentication, and routing may not be sexy work, but it makes a big difference to the effectiveness of your cybersecurity.

Failing to secure your DNS with DNSSEC is savage ignorance, according to Geoff Huston, chief scientist at the Asia-Pacific Network Information Centre (APNIC).

Huston calls BGP, the internet's fundamental routing protocol, a screaming car wreck with "phenomenal insecurity". Ask your ISP whether they've secured their routing with RPKI-based BGP Origin Validation, for example, because too few regional operators are using it.

Finally, make sure your email domains are secured against spam and address spoofing with SPF, DKIM, and DMARC.

Editorial standards