eMichigan Before and After and Beyond

1
Thursday, December 11, 2003
2
Agenda

• Current domain name policy
• Domain names at the external proxy
• The dark side of domain names
• Cyber-squatting
• Recommendations
• Questions

3
Current Domain Name Policy

• 1310.20 issued January 1997
• Domain Name System (DNS) is a hierarchical,
  distributed service used to assist in the
  location of resources, such as file servers,
  world wide web servers, E-mail services, etc.
  which are attached to the Internet.
• The DNS does its job by converting or resolving
  easier to remember resource names
  (midb.michigan.gov) into their equivalent 4 octet
  Internet address (167.240.251.34) which is
  actually used in the Internet routing process.
• The Network Operations Center (NOC) operates the
  primary DNS service for the State.

4
Current Domain Name Policy

• 1310.20 issued January 1997 pg2
• Operating Units (OU) may choose to operate their
  own DNS and create sub-domains at the division or
  office level, provided they strictly comply with
  Internet standards.
• The list of agency domain names will be
  maintained by NOC and entered into the DNS when
  agency resources (files, etc) need to be accessed
  within State networks or via the external
  Internet.
• OU domain names may be used in other naming
  conventions, for example, as prefixes for naming
  files, GroupWise domains and local area network
  servers.

5
Current Domain Name Policy - Revised

• 1310.37 issued November 2001
• Michigan State Governments Portal is registered
  with the United States General Services
  Administration as the "Michigan.Gov" domain.
• The DNS converts or resolves easier to remember
  resource names (Michigan.Gov) into their
  equivalent 4 octet Internet numerical address
  which is used by Internet routing equipment to
  establish host to host communication links .
• The Network Operations Center (NOC) manages and
  maintains the primary DNS service for the State.

6
Current Domain Name Policy - Revised

• 1310.37 issued November 2001 pg2
• Procedure 1310.20 Internet Domain Name and
  Service Naming is targeted for revision or
  possible obsolescence, but is not rescinded at
  this time.
• It is expected that for some time the domains
  identified under Procedure 1310.20 will co-exist
  to allow an orderly transition of content and
  applications to the new portal and the more
  defined Uniform Resource Locator (URL) naming
  conventions outlined in this procedure.
• The Michigan.gov Portal content will adhere to
  the michigan.gov name.
• Agencies are not permitted to insert agency
  identifiers between the www and Michigan to
  create a sub-domain address such as
  www.dit.michigan.gov. Where agency identifiers
  are necessary they will follow a virgule after
  the .gov to form an address similar to
  www.michigan.gov/dit.

7
Domain names and external proxy

• Nearly 200 individual proxy entries are currently
  hosted by the NOC external DNS servers

8
Domain names and external proxy

• These seem harmless to the user, the state agency
  and to most of us that have grow so accustomed to
  surfing the web for all our information needs. 
• Some like (and Im not trying to single anyone
  out here)
• www.mi529prepaid.org
• www.mich-freedomacademy.org
• www.mesb.org
• www.2649.org
• www.bingedrink.com
• mi529prepaid.com
• met4kid.com
• mimhefa.org

9
Domain names and external proxy

• These domain names have been purchased using
  popular domain services like register.com,
  tucows.com and others.
• The cost is nominal, starting at just 35.00 and
  ranging up to over 150.00 depending on how long
  the agency plans on keeping it active.
• If you did some quick math, 200 domain names at
  an average of 75.00 per year costs the state
  15,000 per year.

10
The Dark-Side of domain names

• Utilize existing Vignette content management
  infrastructure to
• Speed Delivery
• Lower Costs
• Increase Adoption by Users
• Put in place standards that apply to all
  applications regardless of the technology
  platform.
• Introduce usability guidelines so users can
  successfully navigate complex government
  processes on-line.
• Affects all sites designed to conduct official
  State business, whether directed at general
  consumers or targeted constituent needs

11
The Dark-Side of domain names

• The state has started seeing some dark sides to
  domain names.
• What happens to a domain name when its no longer
  needed, or the program goes away, or the task
  force accomplishes what it set out to do?
• What happens to all the sites that may have
  linked to the domain name, including library and
  school computers that have the sites book marked?
  
• What difference does it make after all?

12
The Dark-Side of domain names

• The dark side of domain names is that they are
  actively being sought by some of the biggest
  abusers of the Internet world
• companies or individuals who seek to exploit,
  extort or otherwise highjack legitimate domain
  names for their own use.
• Users have no idea that are connecting to
• Once there, the user will decide to stay and
  visit, hopefully long enough to be lured into
  returning later, or to start making money
  transactions on the spot
• These domain names look totally normal in the
  favorites menu, and anyone scanning access log
  files would never notice them.

13
Cyber-squatting Extortion

• Cyber-squatting (a term that has been used to
  define this activity) refers to companies or
  individuals who prey on expired domain names and
  buy them up, only to leave the domain name and
  even page titles exactly as it they are.
• This fools site crawlers and automated filters
  from even detecting that they are in fact
  illegitimate sites and contain the most offensive
  material.
• To buy the domains names back, the original
  owners are required to pay thousands of dollars
  or face the continued bane of having their once
  legitimate program abused by offensive material.
• Legally, there is absolutely nothing that can be
  done.

14
Recommendations

• Agencies are encouraged to refrain from
  purchasing specialty domain names that must be
  maintained indefinitely, in order to be
  preserved, even after they have served their
  purpose.
• Agencies should use legitimate domain naming
  conventions that the state has already put in
  place to protect the state from this abuse.
• Agencies should try to use the approved domain
  name in all their agency specific applications.
• www.state.mi.us/webappname

15
Recommendations - Examples

• www.state.mi.us/webapp/
• www.state.mi.us/folio
• www.state.mi.us/gw5
• www.state.mi.us/hdamk
• www.state.mi.us/mitownhall
• www.state.mi.us/msp/crd
• www.state.mi.us/msp/ohsp/

16
Recommendations Michigan.gov

• In addition, the Michigan.gov domain has been
  made available to all state agencies that wish to
  market their program or office to allow direct,
  safe, accurate and maintainable domain names and
  URLs that can be completely controlled by the
  state.
• This also places the site into the states
  ENTERPRISE search engine and will increase the
  likelihood of it being found.

17
Recommendations Michigan.gov

• www.michigan.gov/jointpermit
• www.michigan.gov/wdl
• www.michigan.gov/lyme
• www.michigan.gov/fostercare
• www.michigan.gov/osteoporosis
• www.michigan.gov/westnilevirus
• www.michigan.gov/metro

18
Recommendations Michigan.gov

• Michigan.gov domain names are permanent and never
  require renewal
• Michigan.gov marketing URLs are FREE
• They can be changed at any time
• They will never fall into the hands of
  extortionists
• DIT Infrastructure Services and Telecom can set
  up a domain name for your DMZ hosted or
  agency-hosted servers
• All of this is maintained in house and will never
  expose the state to unwanted domain name usage or
  politically embarrassing situations.

19
Help prevent unwanted access

• More importantly, the citizens and school
  children - of the state will be spared from
  unexpectedly visiting one of these offensive
  sites when accessing legitimate state content.