.ie Domain Profile Report 2023

Promoting domain security features We are continuing to monitor the use of security for email and websites in the .ie namespace. This allows us to identify each domain, their capabilities, and potentially, their weaknesses. Our plan is to continue doing these collections on a regular basis so as to keep the community informed, via our blogs, with different level of details. In the future we will use these results to further engage with key stakeholders so as to help drive industry best practice when it comes to the .ie namespace and the usage of TLS within it. Cybersecurity – a key focus for the .ie namespace [continued] 70% of content-rich .ie websites are secured with a security certificate Security certificates encrypt the communication between the website and its visitors. This means that cyber criminals cannot intercept a customer’s data. Websites with a security certificate have URLs that begin with https:// Our data analytics indicated 70% (109,399) .ie domains with websites with working security certs (HTTPS). This is extremely welcome and encouraging, from the perspective of consumer protection. Of the 30% of .ie websites which did not have working HTTPS, (expired / invalid certificates or no certificate at all), it would be bordering on negligent if the website has e-commerce, a Cart function or a Payment function. It is imperative for every business and every service provider to improve standards of cybersecurity. 954 .ie domains are secured with DNSSEC (+26% YoY) DNS Security Extensions (DNSSEC) uses cryptography to add an extra layer of security to a .ie domain. This strong increase is welcome, albeit from a low base. 74 .ie domains are secured with Registry Lock (+30% YoY) Registry Lock is a service which requires a passphrase, thereby preventing unauthorised or unwanted changes to a .ie domain. The aim of the service is to provide peace of mind to domain holders, and reduce the risk of disruption caused by unauthorised changes. .ie Domain Profile Report 2023 | 2 Secondly, during probing, we checked if a .ie domain supports more than one secure protocol, from the old SSL 2.0 to TLS 1.3. Transport Layer Security (TLS) refers to cryptographic protocols that protect encrypted Internet communications. It is good practice not to support SSL 2.0, SSL 3.0 and TLS 1.0/1.1 as they are considered deprecated. Attackers could take advantage of weaknesses in both SSL and TLS 1.0/1.1 to compromise encrypted communications. Instead, all sites should preferably use TLS 1.3 or TLS 1.2. In our blogs, we regularly examine how things have changed over time - see May ’22 here and October ’21 here . At the last review, it was refreshing to discover that most of the .ie domains support modern TLS versions like 1.2 and 1.3, but it was concerning to observe the 40,923 domains supporting TLS 1.0 which was deprecated in March 2020. Those domains are showing a disregard for good security hygiene as best practices indicate the minimum should be TLS 1.2 and ideally TLS 1.3.