Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Work in Progress: the CONCORDIA Platform for Threat Intelligence

Our first steps to improve Europe’s information position in cybersecurity

  • Friday 25 September 2020

Authors: Marco Caselli (Siemens AG), João Ceron (SIDN Labs), Christian Keil (DFN-CERT), Jan Kohlrausch (DFN-CERT), Cristian Hesselman (SIDN Labs) We present CONCORDIA’s vision for a cross-sector, pan-European platform for collecting, analyzing, and sharing threat intelligence, which combines datasets built up in different parts of the project.

What is threat intelligence?

Threat intelligence can be defined as the process of acquiring knowledge from multiple sources about threats to an environment. Threat intelligence supports informed decision-making on cybersecurity by providing information about attack techniques, indicators of compromises, and vulnerabilities. The process is essentially collaborative and based on real-world datasets.

CONCORDIA’s approach

The two cross-sector pilots in CONCORDIA (“Building a Threat Intelligence for Europe” and “Piloting a DDoS Clearing House for Europe”) are developing the basic building blocks for a pan-European and cross-sector threat intelligence platform, which conceptually forms a central point of contact for all services within the CONCORDIA ecosystem that are related to threat intelligence.

We are developing the CONCORDIA threat intelligence platform based on three primary principles:

  • Multi-source: the platform uses multiple datasets available through heterogeneous technologies and providing different data management services (e.g., two clearing houses and their specific services).

  • Combine datasets: the platform uses algorithms to integrate datasets into new derived datasets (e.g., coupling reported botnet infections and DDoS attacks, see the scenario below).

  • Uniform engagements rules: applications access (derived) threat intel data and usage policies through a common and well-defined threat intelligence interface.

Figure 1 shows the resulting platform architecture, which consists of three core components:

MISP

The central instance, which is the main gateway for TI information on the CONCORDIA platform. It concentrates information from malware, vulnerabilities, target attacks and more.

ICH

The Incident Clearing House (ICH), which collects information about vulnerable and compromised systems and forwards that information to the resource owners.

DDoS-CH

The DDoS Clearing House (DDoS-CH) which contains descriptions of the characteristic of DDoS attacks (e.g., source addresses and average packets per second) in the form of so-called “DDoS fingerprints”.

The other key component of the platform is a layer of threat intel services, which contains algorithms that combine datasets from the core components and make the result available to users (e.g., CONCORDIA services and partners) through a well-defined threat intel interface.

Figure 1: Overview of the CONCORDIA Platform for Threat Intelligence.

A use case description

The following scenario (with hypothetical players and incidents) illustrates how the CONCORDIA threat intel platform can support the fight against an emergent DDoS booter service. In the context of a cybersecurity improvement program, a team from the company José Arcadio (a company participating in the CONCORDIA Ecosystem) starts gathering information about a new booter service sold on the dark web. They push all collected information to their local MISP instance and synchronise with the central CONCORDIA MISP instance (see Figure 2). The information includes a report on a new booter service called “Prudencio”, which is known to carry out DDoS attacks on financial institutions.

Figure 2: booter detection scenario.

Meanwhile, the ICH starts receiving notifications of systems compromised by the Prudencio botnet. Among the notifications, one forensics investigator reveals that a specific compromised server is linked to an IP address belonging to another company within the CONCORDIA ecosystem, the investor group “Ursula IG”. Immediately after receiving the notification, the ICH automatically warns Ursula IG’s security team and references any useful information currently available in the central CONCORDIA MISP instance. The DDoS-CH observes denial-of-service attacks that Prudencio launches and begins collecting fingerprints that can be used to detect and subsequently neutralise the DDoS attacks (Figure 3).

Figure 3: botnet campaign identified by ICH and DDoS-CH (left) and ICH has identified the bot master and notified the involved entities (right).

After receiving the notification from the ICH, the security team at Ursula IG verifies the problem and confirms the incident: one of their web servers has been compromised. At this point, the team checks all available threat intelligence accessible on the central CONCORDIA MISP instance and starts organising incident response. In the meantime, the team has already received a further notification from the DDoS-CH, signaling the availability of detection signatures for Prudencio-related DDoS attacks. The incorporation of those signatures (Figure 4) within the previously deployed security tool chains (e.g. intrusion prevention and detection systems) allows Ursula IG to protect its other web servers while the compromised server is cleaned.

Figure 4: Ursula IG querying MISP and the DDoS-CH for more information (top).

Next steps

After defining the platform design, we will be working on the definition of the available resources (catalogs) in each of the core components (the databases). These catalogs are the first step to build a common interface that will combine data from multiple sources. Once we have this interface in place, additional components will be developed to share and to correlate threat intelligence information.

Acknowledgments

SIDN, Siemens, and DFN-CERT were partly funded by the European Union’s Horizon 2020 Research and Innovation program under Grant Agreement No 830927. Project website: https://www.concordia-h2020.eu/.