{"id":8666,"date":"2020-02-06T08:44:02","date_gmt":"2020-02-06T13:44:02","guid":{"rendered":"https:\/\/www.cscdigitalbrand.services\/blog\/?p=8666"},"modified":"2026-01-19T09:24:13","modified_gmt":"2026-01-19T14:24:13","slug":"domain-name-registrar-security-controls-and-processes","status":"publish","type":"post","link":"https:\/\/www.cscdbs.com\/blog\/domain-name-registrar-security-controls-and-processes\/","title":{"rendered":"What\u2019s the Point of Domain Name Registrar Security, Controls, and Processes?"},"content":{"rendered":"\n

In my recent CircleID post, DNS, Domain Names, and Certificates: The Missing Links in Most Cyber Security Risk Postures<\/a>, I highlighted the significance of applying multiple layers of defense to secure online, business-critical assets. On Friday, January 24, 2020, Brian Krebs\u2014the world-renowned cyber security journalist\u2014reiterated the critical importance of domain name security in reference to the domain name \u201ce-hawk.net\u201d being stolen from its rightful owner by targeting the domain name registrar. <\/p>\n\n\n\n

From my perspective, the reason for this business risk is a general lack of awareness related to domain name and DNS hijacking\u2014and most domain name registrars do not support the registry lock protocol. However security warnings came from FireEye\u2019s Mandiant team in early 2019 about a global DNS hijacking campaign<\/a> that appeared to be connected to the Iranian government. This prompted the Department of Homeland Security to issue an emergency directive about mitigating the risk of DNS hijacking.<\/p>\n\n\n\n

Cyber criminals are taking advantage of this risk and have been doing so for quite some time.  Throughout 2019, Cisco Talos warned about the state-sponsored Sea Turtle attack<\/a> taking control of DNS systems, and surmised that \u201cthe actor ultimately intended to steal credentials to gain access to networks and systems of interest.\u201d And just this week, Reuters reported \u201cExclusive: Hackers acting in Turkey’s interests believed to be behind recent cyberattacks \u2013 sources<\/a>\u201d that another group of hackers alleged to be working for the Turkish government\u2019s interests attacked government organizations and companies via DNS hijacking.<\/p>\n\n\n\n

In his story, Does\nYour Domain Have a Registry Lock?<\/a>, Krebs walks through\nmeasures companies implement to protect their vital domain names. He also states\nthat the majority of organizations\u2014regardless of industry or geographic\nlocation, including the Forbes Global 2000\u2014are at risk, because less than 25% of\ncompanies have adopted the registry lock protocol.  <\/p>\n\n\n\n

Best practices to maximize security against domain name and DNS hijacking*\n<\/strong><\/h4>\n\n\n\n
    \n
  1. Use registration
    features like registry lock to protect domain name records from being changed.
    Note: this will increase the time it takes to make changes to your locked
    domain.<\/li>\n\n\n\n
  2. Use DNS security
    extensions (DNSSEC), both signing zones and validating responses.<\/li>\n\n\n\n
  3. Use access control
    lists for applications, internet traffic, and monitoring.<\/li>\n\n\n\n
  4. Use two-factor
    authentication, and require it to be used by all relevant users and
    subcontractors.<\/li>\n\n\n\n
  5. Choose unique
    passwords and consider using a password manager.<\/li>\n\n\n\n
  6. Review the security
    of existing accounts with all providers, and make sure you have multiple
    notifications in place for when a domain you own is about to expire.<\/li>\n\n\n\n
  7. Monitor the
    issuance of new digital certificates for your domains; keep track through     certificate transparency logs<\/a>, for example.<\/li>\n<\/ol>\n\n\n\n

    Furthermore, domain name registrars have varied controls, processes, and security measures. When assessing your domain name registrar\u2019s capabilities, validate they\u2019re applying a defense-in-depth approach to secure your vital domain names.<\/p>\n\n\n\n