Protecting your domain names is often overlooked, ignored, and neglected. Everyone and everything on the Internet depends on the Domain Name System (DNS) being functional. The DNS has been a common vector for attacks in recent years. Attacking DNS will continue in the future. The 2019 DNSpionage Campaign and Sea Turtle attacks were wake calls to the risk of neglecting all parts of their domain name security.
As seen with the 2019 DNSpionage Campaign and Sea Turtle attacks, many of these attacks have goals far more sinister than merely taking a company offline or defacing a website. Expect domain name attacks to include techniques that redirect some or all of an organization’s domain to gain access to protected resources, intercept traffic, and even obtain TLS certificates for that domain.
Organizations should perform regular DNS reviews and audits. These sessions help organizations be aware and work through these protective measures. The following guidelines provide a starting point for your review. The Protecting Your Doman Names guidelines are based on ICANN recommendations and industry experiences. Most of these recommendations are based on protecting the domain name’s DNS Registry, Registrar, and administrative functions.
- Review Access to Domain Name Registrars
- Review DNS Roles and Responsibilities
- Employee Transitions
- Update all Registration Information
- Use Roles for Domain Registration Information
- Don’t Use Personal Email Addresses.
- Protect against Phishing Attacks
- Credential Updates – Change the Passwords
- Two-Factor Authentication (2FA) for Registrar Accounts
- Understand Registrar Security Policies, Tools, and Processes
- Review the Privacy Registration Options
- Review and Maintain Records in your Zone
- Name Server and Zone File Best Practices
- DNS Zone File Revision Control
- Is your Domain Locked at the Registrar?
- Hope for the best; plan for the worst
Protecting your Domain Names First Step Sessions:
This session is updated each time it is presented. There is also constituent specific tuning to best adapt to the peer’s needs.
Practical Security Conversations
If you find your organization needs help and worry about the FUD from the industry, reach out and ask for help. These sessions are conducted in conferences, internal workshops, and security group memberships. If you are interested, reach Barry Greene at bgreene@senki.org. These sessions are designed to provide practical, cost-effective, and actionable security assistance. The materials help organizations leverage the talent around them to get started with their security activities. Start with the DDoS Attack Preparation Workbook and Operator’s Security Toolkit. In the meantime, stay connected to the Senki Community to get updates on new empowerment and security insights. You can sign up to the mailing list for updates here: Stay Connected with Senki’s Updates.