On February 15, 2019, the Internet Corporation for Assigned Names and Numbers (ICANN) issued an announcement regarding published reports of attacks on the Domain Name System (DNS).
Given that many of the DNS hijacking attacks sourced in the announcement affected government, telecommunications and internet infrastructure entities, we would like to remind organizations about security best practices:
- Use registry lock on core domains. All core domains should have an additional lock, called Registry Lock, applied. Registry Lock will freeze domain confirmations at the registry level until the correct high-security protocol specified by both the client and registrar is followed. This prevents erroneous nameserver updates, hijackings and social engineering attacks.
- Do not use lame nameserver delegation. Any nameservers listed on a domain should be configured. MarkMonitor provides domain forwarding for those registrants would like to forward. Not only is this a great security measure, but it also helps measure traffic for that domain, which can later be used to score a domain portfolio.
- Mandate multi-factor authentication. Many internal security controls require users to use multi-factor authentication, which can be cumbersome to set up and maintain, but ultimately provides a strong, additional layer of security in the event that login credentials are compromised. Social media accounts should also have multi-factor authentication for logins. It is is critical that login credentials to any account – especially to domain, DNS, and website management accounts – are never shared, are reviewed on a regular basis and have a limited number of authorized users. There are also other security methods for organizations to consider, which help prevent unauthorized logins. These include IP Access Restrictions and Single Sign-On.
- Use granular user permissions. Determine the information users need access to and the functions they need to be able to perform with this information, as not every user needs full access to everything. For example, some users might need read only access, while others will need partial access to perform day-to-day job duties.
- Receive and examine email notifications for domain changes. Secure account management allows automatic notifications to a specified, secure email address when a domain change occurs. Once enabled, this service will automatically send a system-generated email to the secure email address, notifying the recipient of any change that was made.
Review our Domain Security Best Practices Checklist to ensure your organization keeps up-to-date on domain management security.
Please contact your Client Services Manager if you have any questions about this notice or want to make sure your account is properly configured for maximum security.
Justin Mack contributed to this article.