Internet security standards
What are internet standards?
Internet standards, or internet protocols, are technical agreements that describe how data between computers across networks around the world is transferred. Internationally agreed standards make sure that computers can talk to one another.
While this technical core of the internet is invisible and unknown to most users, it is crucial for a working and trusted internet. Also important is that these standards are ‘open standards’, available for everyone to ensure full inter-operability between systems, networks and computers.
What are internet security standards?
Internet security standards refer to technical standards addressing the confidentiality, integrity and availability of the internet, in particular those of websites and email communication.
The original internet standards date from the 1970s and 80s and never had security in mind. Hence, spamming, defacements and denial-of-service attacks have been relatively easy and have become so widespread. Subsequent security features were always add-ons to an imperfect and very decentralised network of networks.
Who is making these standards?
Internet standards are predominantly developed in technical bodies like the Internet Engineering Taskforce (IETF). Members of the IETF propose, debate and agree on new standards and updates to existing ones.
Once agreed, the standards are documented in a memorandum called Request for Comments (RFC) and further disseminated among the internet technical community. In principle, adoption is voluntary and non-binding unless included in government regulation.
Who is applying these standards?
Ideally, service providers like access, hosting and email providers, security providers and domain name registrars should take care of implementing internet standards as part of their offerings and setting them up correctly.
Adoption is promoted by organisations like regional internet registries, network operator groups, and national regulators. In addition, we need more demand from users to encourage service providers offering packages with up-to-date security features.
- Encryption & authenticity of web server
- Encryption & authenticity of email
- Protection against email phishing
- Security of website applications
- Security of domain name (DNSSEC)
- Adoption of Internet Protocol v6