You may know ARIN as the place to request, transfer and manage your Internet number resources. But we offer a lot more than that! We are committed to ensuring the security of your data, and have implemented several services you can use to protect your user account and record information, but you can’t benefit from these services unless you use them. Currently, we have 148,465 ARIN Online accounts, yet only 4,241 (less than 3%) have secured their account using two-factor authentication. This leaves accounts vulnerable to attacks from nefarious players.
Is there really a threat? Unfortunately, there have been several high-profile information security incidents that were perpetrated using unsecured or comprised accounts with domain name registrars. Therefore, there is good reason to believe that there could be bad actors also attempting to gain access to unsecured accounts at ARIN (though none have been found yet). There are simple steps you can take to make sure that doesn’t happen. Here’s a look at the different security services we offer and why it’s important to utilize these services.
We offer several easy ways you can secure your ARIN Online account, including:
- Two-factor authentication – This is a way to identify a user through two separate pieces of information or identification. For ARIN Online, these two pieces are your account password and a one-time password generated using a third-party mobile authenticator. By combining proofs of identity, two-factor authentication provides an increased level of security for gaining access to your account. Learn how to enable two-factor authentication.
- Application Programming Interface (API) Keys – This is a secret code you can use to identify yourself to ARIN when you interact with us. You can create an API key in ARIN Online, and then use this key in interactions with ARIN outside of ARIN Online. Multiple interactions may be performed with the same API key, or you can create multiple API keys to locally track specific requests or to access reports. The API key does not expire, but can be deactivated at any time. Rotating your API keys on a regular basis is a good way to maximize the benefits of this security feature. Learn how to create and manage API Keys.
- Pretty Good Privacy (PGP) Authentication: In an effort to assure our customers that email messages from ARIN are genuine, all messages sent from email@example.com authenticated by the ARIN PGP key signature. To authenticate ARIN emails you will need PGP software. Many examples of PGP software are available online for free. Take a look at these Frequently Asked Questions about PGP.
Say Goodbye to Email Templates
When Internet Service Providers need to perform requests or modifications on a large scale, they sometimes use email templates to complete the task. However, email templates don’t use HTTPS and therefore are not the most secure way to submit requests.
We strongly recommend using our Registration RESTful Service (Reg-RWS) to retrieve and modify records within our database. Reg-RWS is a secure and efficient method for managing your registration records. It comes in handy when completing repetitive, mundane tasks in large numbers, such as reporting reassignments using the Shared Whois Project (SWIP).
Reg-RWS isn’t just good for SWIPing! It can be used to perform many actions. You can:
- Retrieve and modify information about delegations and networks
- Reassign and reallocate network space
- Retrieve and modify information about Orgs, Points of Contact (POCs), and customers
- Get information about tickets (requests for ARIN to perform an action) and add messages to tickets
- Submit Route Origin Authorizations (ROAs)
- Request reports
Why is Reg-RWS better than Email Templates?
While email templates are an easy way to perform actions within our database, Reg-RWS offers a more secure, more direct transaction. There are two important things to note about email templates: 1. Email templates using mail-from authentication are not secure, as they can be easily spoofed. 2. Email templates using API Keys are more secure, but not ideal, as the email is often transmitted in the clear (unencrypted) and potentially seen by a bad actor.
Reg-RWS is much more secure than email templates because it always uses HTTPS, which encrypts all messages. Reg-RWS sends URLs and xml payloads in an automatable, computer-friendly way and uses modern application interfaces that provide strong authentication – much stronger than email templates. It also allows for the retrieval of information about a record immediately before submitting changes to it. It returns a predictable response that can be interpreted and reacted to by automation software. Want to learn more? Check out our Reg-RWS Quick Start Guide.
Your data protection is extremely important to us. We encourage you to take advantage of these free, easy-to-use services which are all here to protect your information. If you have a question about any of these services, give our Registration Services team a call at 703.227.0660 or submit a ticket in ARIN Online. Don’t wait to secure your data!