Some readers may be familiar with recent, noteworthy domain hijacks. Hijacks, however, are only one of several ways your online identity or brands can be misused or abused. If you fail to coordinate and monitor domain registrations, you may provide attackers or opportunists with much simpler means to tarnish or exploit your organization or brand.
Domain Registration Threat Landscape
Once you’ve established an online presence with a domain name, you should consider whether you are at risk should someone register domain names that are similar to or infringe on your identity or brand, or register your identity or brand in Top Level Domain (TLD) registries other than those where you’ve registered your organization’s domain names. The kinds of risk you may be exposed to in these circumstances include a range of impersonation attacks,
- Lampooning or defacement,
- Phishing attacks,
- Data exfiltration, or
- Profiting off pay per click, searchjacking or other revenue opportunities when visitors land on the impersonators’ pages instead of yours.
The risk list also includes self-inflicted wounds. Organizations can cause their own harm when they fail to renew names and then lose the name to an opportunist, who registers and uses it to your organization’s harm or embarrassment by hosting competitive or objectionable content. A more catastrophic situation might occur should your organization fail to renew a domain name that you’ve used to name your authoritative DNS servers.
Domain Name Portfolio Management Basics
To reduce these threats, begin by conducting an inventory to identify all the domain names your organization has registered. Prepare and announce a policy for that establishes a process or workflow for domain name registrations to:
- Bring all registrations under a common administration,
- Manage all registrations and registration settings through a common registrar,
- Process new registration requests for domain names,
- Establish and maintain uniform, reliable authoritative name service (including naming conventions) for the organization’s registered domain names
- Assure that all registrations have complete, consistent Whois data and in particular identifies administrative and technical contacts who are responsible for event/incident handling or inquiries,
- Assure that all registrations are routinely monitored for (unauthorized) changes and renewal processing/payment, and
- Assure that authoritative name service for all registered domains is routinely monitored for correctness and consistency.
At ICANN, we've implemented a process of this kind for our domain names. DNS operations director Terry Manderson explains, “this process gives all ICANN domain name assets a stable and professionally-managed name server set, a single point of handling for registration fees, ongoing monitoring to ensure that domain registrations don't accidentally lapse, and DNSSEC from day one”. Terry adds that requests for domains can be made by email and that turning on new domains is typically accomplished in a matter of hours.
Benefits Beyond Domain Names and DNS
Name management of this kind can be implemented with a relatively light touch by small or medium organizations, e.g., those with tens or a small number of hundreds of domains. Large organizations, especially those with IP or trademarks, should consult internally or with brand online protection companies about infringement and attacks on brand.
The same management principles are becoming increasingly applicable for corporate social media identities or profiles. Begin by implementing name management for domains and DNS, then quickly turn your attention to Twitter, Facebook, LinkedIn, Google+, or wherever you imprint your organization’s identities.
This post concludes a three part series on DNS and domain registration risk and protection:
Part I: Are you monitoring your DNS?
Part II: Harden your resolvers: protect your recursive DNS for you and for everyone else
Part III: Avoid Risks: Manage your DNS Portfolio
Originally posted October 2013 at 21st Century IT.