Domain server

How to adopt a robust domain name security strategy

At the start of the pandemic, Zoom suffered a setback when hackers crashed meetings with “Zoombombing”

Failure to adequately secure its software was costly, resulting in a lawsuit of $ 85 million. There are currently over 30,000 website exploits per day, but at least 20% of the 100,000 Alexa websites still don’t use any encryption, making them vulnerable.

Domain names are an essential part of digital infrastructures, but the security practices around them can often be overlooked, which means that businesses are widely exposed to attacks. From encryption to registry locking, below we explore some of the key facets of domain name security policies that are too often overlooked.

Up-to-date encryption protocol implementation

Active websites, applications, and online services that store confidential data should use encryption methods such as SSL / TLS. Google recently reported that 89% of browsing traffic in Chrome uses encryption, but 20% of the top 100,000 websites still don’t use it, the message went unheard.

Today, SSL or TLS (Transmission Layer Security) is essential for all domain names supporting critical business functions.

However, some organizations argue that encryption is not required if their primary web presence is informative, but when the average cost of an SSL / TLS certificate is negligible, it seems counterproductive for an organization investing in a name. domain not to secure its digital presence. .

One of the main challenges in encryption has been the growth of free certificates and the reduction in validity periods. Until recently, organizations could purchase certificates that lasted up to three years and only had to authenticate their credentials once during that time. Today, organizations like Let’s Encrypt issue certificates for months, rather than a year at a time, which means the domain name holder has to authenticate them much more regularly.

Regularly audit the domain and the SSL / TLD portfolio

The audit, like the MOT of your car, involves a vital health check, covering key factors such as who owns each area and how the records are used.

As with domain names, many organizations see individuals purchasing SSL certificates on an ad hoc basis – this unstructured approach can lead to unnecessary problems and costs. Many organizations are generally unaware of key information such as domain names using SSL certificates and the management process.

Once an organization has taken the key steps to explore its security requirements before considering the right certificate strategy, such as understanding the domain names currently resolved within the portfolio, it can then determine a future. SSL adoption and management policy. To emphasize the importance of having a formalized certificate management process, consider the following: If an organization has 50 SSL certificates, the management load per year can reach 225 hours, or approximately 28 business days if it does not. there is no process in place.

Adopt a robust domain locking solution

To prevent domain hijacking, organizations should ensure that their critical domain names, where possible, are protected by domain locks.

A growing number of top-level domain registry operators are now offering a robust domain locking solution called Registry, ensuring that only authorized personnel are able to change DNS settings using an authentication process. multifactor.

However, not all TLD operators support registry server-level locking, so key organizations understand which domain names should be locked out. An experienced domain strategist will manage this process and ensure the portfolio is regularly aligned to reflect the ever-changing digital landscape.

Choose a trusted partner for corporate domain name service (DNS)

Major DNS outages can take their toll. DNS records are complex beasts that require TLC – but how often do we actually check that the DNS settings are correct?

Organizations often have a number of people who can make changes to DNS settings – some of these changes may not be widely recorded across the enterprise at large, which can lead to inconsistent details. It is essential that organizations perform regular domain portfolio audits to identify potential issues.

Every business needs to understand how their domain names are used and whether they provide a return on investment. Internal stakeholders may not realize that a domain no longer resolves to the right website. DNS traffic analysis highlights anomalies and high traffic domain names that may require enhanced security management.

A key part of a DNS health check is testing the performance of the DNS infrastructure provider. Working with enterprise vendors like NS1 ensures that critical domain names are supported on the most secure and fastest networks.

Regularly auditing the DNS is now considered a good practice. In 2019, the US Department of Homeland Security issued an emergency directive on tampering with the DNS infrastructure. The first recommended action for organizations was to audit DNS records to ensure they resolve correctly and that multi-factor authentication (MFA) is being used.

About the Author

Gareth Jehu is CTO at with distinction. Gareth has 20 years of domain name management experience and has held several operational and technical leadership positions for registrars and domain name registries. During this time, Gareth has experienced and managed many major technological and operational changes affecting the industry and enjoys meeting the challenges and opportunities these changes present.

Featured Image: © AkuZone