For the 4th time, a Belgian police website has been defaced last weekend (news in French). That leads me to several questions…
In Belgium, there are several (196!) Police zones and Federal police services. I can totally understand that those services does not have the same needs in terms of communication (ex: a local zone is much closer to people and has to answer basic day-to-day questions). But why do so much zones manage their own web site. An example?
$ dig zpnivellesgenappe.be ns|grep ns ; <<>> DiG 9.3.1 <<>> zpnivellesgenappe.be ns ;; global options: printcmd ;; Got answer: zpnivellesgenappe.be. 64641 IN NS ns1.jexiste.org. zpnivellesgenappe.be. 64641 IN NS ns2.jexiste.org. ns1.jexiste.org. 64641 IN A 220.127.116.11 ns2.jexiste.org. 64641 IN A 18.104.22.168
and the website is hosted by ovh.net:
$ whois -h whois.ripe.net `host www.zpnivellesgenappe.be`|\ grep desc descr: Ovh Systems descr: OVH ISP descr: Paris, France descr: OVH ISP descr: Paris, France
- www.zp5280-police.be/ hosted by InternetNamesForBusiness.com.
- www.policemonsquevy.be/ hosted by Belgacom Skynet.
- http://www.politiezonerupel.be/ hosted by HostBasket.
So, what about a “federal service provider” which could provide domain registrations and webspaces on a safe infrastructure managed on a central point? All local zones could have their own “web space” to put their own information online.
Each zone could have its own communication tools (there are forums, RSS feeds,…) and its own look but on a pure security point of view, they don’t have to worry (but do they worry?) about all security aspects. Just my two cents…