Securing Your Internet Presence

Elisa Cooper
Director, Domain Management, MarkMonitor®

For years, hackers have focused mainly on getting their hands on web content. Now however, they’re targeting the domain name infrastructure, having learned that many registries and registrars are not hardened.

When hackers or scammers accomplish unauthorized modification of DNS configuration information, it can “severely disrupt business operations and can cause financial and reputational harm,” says ICANN’s Security and Stability Advisory Committee (SSAC), which authored a white paper on DNS attacks in June 2009.

So how are hackers and scammers launching domain name system attacks? The methods vary and include registrar and registry security breaches, domain name hijacking and other social engineering attacks. The damage to consumer confidence in your brand and your bottom line—when your site suddenly becomes unavailable or begins serving up bogus information—can be devastating.

Every corporation needs to have a strategy in place for securing its domain name portfolio. There is simply too much at risk—business continuity depends upon properly functioning URLs and sites. While the goal is to avoid attacks altogether, sound procedures and experienced partners must be in place to mitigate damage—quickly.

What can you do to guard against these types of attacks? There are a number of different approaches that should be implemented including:

Consolidating Your Portfolio of Domains
Know which domains you own, and make sure you have a global, centralized view of all your domain names across all divisions, locations and groups. Maintaining careful records and keeping track of your entire domain portfolio is half of the battle.

Ensuring Your Registrar Is Secure
Ensure that your registrar employs a “hardened” portal. For example, MarkMonitor employs constant checks for security and code vulnerabilities and has a track record of being able to stay on top of new exploits. In addition, your registrar should be able to demonstrate use of strong internal security controls and best practices.

Setting Your Domain Names as “Locked”
In response to the threat of domain name hijacking, ensure that your organization’s domains are “locked,” making them unavailable for transfer. All domains should be created, configured, and then locked.

Implementing “Registrar Locking“
There is also an elevated locking mechanism, which MarkMonitor has branded as “super lock,” that essentially freezes all domain configurations until they are unlocked upon the completion of a company-specified security protocol. Companies control the level of complexity associated with their specific protocol and domains are made available for updating through the portal only when these security protocols are accurately completed. This extra level of security should be applied to your most mission-critical domains such as transactional sites, email systems, intranets, and site-supporting applications.

Demanding “Registry Locking”
It is true that generic domain locking can still be exploited by an attacker who updates name servers, thereby redirecting customers to illegitimate websites without transferring actual control of the domain from one registrar to another. To combat this, MarkMonitor provides “premium locking,” which makes the domain unavailable for any updates at all. Currently, MarkMonitor is the only registrar providing this service. However, this method of locking is only available for .com and .net registrations.

Working with a Hardened Registrar
A hardened registrar like MarkMonitor will be familiar with all the potential attack strategies outlined above, including social engineering techniques, and will be able to guard against them. This is also most-likely a registrar that deals with corporate clients only. It will have specialized security features for preventing, detecting, and responding to attacks against any domains, including:

• Restricting access to a portal via IP address
• Sending notifications on any name changes
• Avoiding automated emails as a primary means of communication
• Keeping activity logs to track all domain name updates
• Maintaining strong password management to force password changes
• Offering multiple levels of access

Ensuring Your Registrar Has Solid and Extensive Industry Relationships
Make sure your registrar is well-established and experienced. It should have relationships with other registrars, top ISPs, security organizations, browser partners, major software developers, and standards groups that will keep it in the loop as new threats emerge. Speed matters — these relationships will enable your registrar to quickly rectify any security breaches that do occur. Seek out a partner that offers both guidance and deep experience in security as well as domain management.

Monitoring Critical Domains
Domains that are vital to ongoing operations should be continually monitored for unauthorized DNS updates, changes to website content and DNS cache poisoning. While there are foolproof methods for locking down .com and .net domains at the registry, other domains may still be at risk. Continual monitoring of core sites is recommended, so that any identified issues can be quickly remediated.

In today’s connected world, your customers and partners naturally rely on your domain names to find and interact with you online. As a result, your domains are high-value business-critical assets, as important to your organization as any tangible asset, trademark, or intellectual property. It is vital to execute a plan which secures your domains at both the registry and registrar level. All domains should be locked, with the highest locking-levels applied to mission-critical domains. Finally, it is essential to select a hardened and experienced registrar like MarkMonitor, who will prevent attacks from occurring in the first place, and who is equipped to quickly and effectively react to any attacks which might occur.

To ensure that you are doing all you can to secure your domains, please feel free to contact us at (800) 745-9229.

Regards,
Elisa Cooper

ICANN UPDATE

New gTLD Update

A delay in the launch of new gTLDs appears likely due to the slow speed with which the community and ICANN are responding to the overarching issues of trademark protection, demand and economic analysis, security and stability, and malicious conduct.

It has also been rumored that the ICANN board has asked for the development of a competing set of rights protection mechanisms in addition to those already proposed by the Implementation Recommendation Team. If this is the case, the next version of the applicant guidebook, which is expected in October, will not likely address issues related to trademark protection or malicious conduct.

Regardless of these possible delays, a number of parties have indicated interest in submitting applications for the following TLDs:

• .health
• .movie
• .music
• .sport
• .web
• .food
• .bank
• .eco
• .love
• .green
• .fam

Even with the launch of TLDs possibly postponed, companies should seriously begin top-level domain strategy development now. Brand owners should carefully assess the impacts, choose an offensive, defensive or combined strategy considering the relatively large number of anticipated applications.

For complete information about ICANN’s new gTLD initiative, visit the MarkMonitor dotBrand Resource Center.

 

© 2009 MarkMonitor Inc. All rights reserved. MarkMonitor® and Trusted Brand Broadcast System™ are trademarks of MarkMonitor Inc. All other trademarks included herein are the property of their respective owners. MarkMonitor solutions are protected by US patent rights, including US 7,346,605.  Other patents pending.

Subscription Center | Contact Us | Careers | Privacy | Legal | Glossary | Site Map

© 2010 MarkMonitor Inc. All rights reserved.