« Harden your resolvers: protect your recursive DNS for you and for everyone else | Main | Data Privacy Day Reading List 2014 »

Monday, 13 January 2014

Avoid Risks: Manage your DNS Portfolio

Some readers may be familiar with recent, noteworthy domain hijacks. Hijacks, however, are only one of several ways your online identity or brands can be misused or abused. If you fail to coordinate and monitor domain registrations, you may provide attackers or opportunists with much simpler means to tarnish or exploit your organization or brand.

Domain Registration Threat Landscape

Once you’ve established an online presence with a domain name, you should consider whether you are at risk should someone register domain names that are similar to or infringe on your identity or brand, or register your identity or brand in Top Level Domain (TLD) registries other than those where you’ve registered your organization’s domain names.  The kinds of risk you may be exposed to in these circumstances include a range of impersonation attacks,

  • Lampooning or defacement,
  • Phishing attacks,
  • Data exfiltration, or
  • Profiting off pay per click, searchjacking or other revenue opportunities when visitors land on the impersonators’ pages instead of yours.

The risk list also includes self-inflicted wounds. Organizations can cause their own harm when they fail to renew names and then lose the name to an opportunist, who registers and uses it to your organization’s harm or embarrassment by hosting competitive or objectionable content. A more catastrophic situation might occur should your organization fail to renew a domain name that you’ve used to name your authoritative DNS servers.

Domain Name Portfolio Management Basics

To reduce these threats, begin by conducting an inventory to identify all the domain names your organization has registered. Prepare and announce a policy for that establishes a process or workflow for domain name registrations to:

  • Bring all registrations under a common administration,
  • Manage all registrations and registration settings through a common registrar,
  • Process new registration requests for domain names,
  • Establish and maintain uniform, reliable authoritative name service (including naming conventions) for the organization’s registered domain names
  • Assure that all registrations have complete, consistent Whois data and in particular identifies administrative and technical contacts who are responsible for event/incident handling or inquiries,
  • Assure that all registrations are routinely monitored for (unauthorized) changes and renewal processing/payment, and
  • Assure that authoritative name service for all registered domains is routinely monitored for correctness and consistency.

At ICANN, we've implemented a process of this kind for our domain names. DNS operations director Terry Manderson explains, “this process gives all ICANN domain name assets a stable and professionally-managed name server set, a single point of handling for registration fees, ongoing monitoring to ensure that domain registrations don't accidentally lapse, and DNSSEC from day one”. Terry adds that requests for domains can be made by email and that turning on new domains is typically accomplished in a matter of hours. 

Benefits Beyond Domain Names and DNS

Name management of this kind can be implemented with a relatively light touch by small or medium organizations, e.g., those with tens or a small number of hundreds of domains. Large organizations, especially those with IP or trademarks, should consult internally or with brand online protection companies about infringement and attacks on brand.

The same management principles are becoming increasingly applicable for corporate social media identities or profiles. Begin by implementing name management for domains and DNS, then quickly turn your attention to Twitter, Facebook, LinkedIn, Google+, or wherever you imprint your organization’s identities.

This post concludes a three part series on DNS and domain registration risk and protection:

Part I: Are you monitoring your DNS?

Part II: Harden your resolvers: protect your recursive DNS for you and for everyone else

Part III: Avoid Risks: Manage your DNS Portfolio

Originally posted October 2013 at 21st Century IT. 

Posted at 09:39 AM in Domain names and DNS |

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.

Find me on Mastodon and Facebook

Spotlight Posts

  • FTC's proposed Trade Regulation Rule on Impersonation of Government and Businesses is important for #infosec
    M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment. In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud. Several reports that my Interisle colleagues and I published are cited in the comment, along with the...
  • Cybercrime Information Center reports sharp increases in phishing attacks, unique domains reported in August-October 2022 time period
    A recent ebb in domain names reported for phishing created some euphoria in the domain industry. With phishing activity, as with tides, ebbs are invariably followed by flows. In their August- October 2022 Quarterly Phishing Activity, the Cybercrime Information Center observed a 40% increase in phishing attacks and a nearly 20% increase in unique domain names reported for phishing.
  • Cybercrime Information Center's YouTube Channel
    My colleagues and I at Interisle have created a YouTube channel to complement the quarterly reporting and studies of cybercrime we host at the Cybercrime Information Center. Our goal is to share, in a few minutes, the findings and insights from our research in a format that's easily accessible and shareable, informative, and entertaining. The inaugural videos provide 2-5 minute summaries of our annual Phishing and Malware Landscape studies. We'll continue to produce videos of our annual studies. If you like what you see, leave us a comment.
  • Malware Landscape 2022: unabated malware growth, continued exploitation of IoT devices
    My colleagues at Interisle and I have published a study, Malware Landscape 2022: A Study of the Scope and Distribution of Malware. The study, which analyzed 2.5 million records of distinct malware events from May 2021 to April 2022 collected by the Cybercrime Information Center, explains what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks.
  • New TLDs are coming #Dangerclose.
    A Domain Name Wire post, Time to pay attention to the next round of new TLDs, begins with an ominous: They’re coming. Eventually. While not as dramatic or enduring as Arnold Schwarzenegger's "I'll be back", the reporter cites policy activity at ICANN as evidence that new TLDs are coming. Eventually. In a September 2019 post, and in response to the ICANN memorandum, Readiness to Support Future Rounds of New gTLDs, I asked, Has enough been done to study and rectify the concentration of security threats in the new TLD space? In that post, I quoted correspondence from ICANN's security advisory...

Search

My Photo

Categories