Domain name Hijacking : Are you protected ?
A recent cyber-attack campaign, attributed to Iranian operators and realized at the DNS level, has sharpened attention to the risks associated with cyber-attacks targeting domain names.
In a previous article, we talked about “Cache Poisoning” of “DNS Spoofing” attacks, using inherent vulnerabilities of the DNS system. The DNSSEC is one of the measures allowing to prevent this kind of attack.
Another type of attack on domain names consists of domain name hijacking. In this case, an ill–intentioned person uses a security flaw or compromised credentials to take over control of a domain name’s zone, by amending authoritative name servers or editing the zone on the original name servers.
How to prevent such a scenario?
It goes without saying that IP Twins, as an accredited registrar, attach the utmost importance to the security of your domain names.
IP Twins provides you with several features in order to prevent this kind of attack :
The registry lock allows blocking any transfer, WHOIS contact update or authoritative nameservers modification at a registry level. Actions of locking and unlocking domains obey to a specific procedure, determined by the concerned registry. This feature is not enabled by all registries, however, it is available for extensions such as .com, .net, .co.uk, .uk, .eu and .fr
In the absence of a registry lock, for a number of extensions, it is possible to set a feature functioning in similar ways but at a registrar level: the registrar lock. The difference with the registry lock lies in the level where the “lock” operates: one level “below” the registry level.
Access to domain name management platforms can be subject to additional security features. IP Twins notably proposes IP Whitelisting and two-factor authentication for Domainarium 2 users accounts. Domainarium 2 also provides a zone-lock feature, which allows restricting access to designated zones, adding a supplementary security layer to the most critical domain names.
Setting up the registry or registrar locks is highly recommended for your most important domain names. IP Twins also recommends to systematically secure all user accounts able to perform DNS modification with two factors authentication (activated by default).
Your account manager at IP Twins is available to exchange with you on those topics and assist you in securing your key domain names.