In the previous article we discussed about a serious and threatening cyber crime popular nowadays, that is seriously damaging businesses with their reputation and operations; Domain Security. The effect of domain hijack is so disturbing, as it directs your customers on completely unusual redirected site, wholly different from what your customers expect. A domain is an important asset to a business especially if the business’ operations are carried online. To keep your business operations unharmed and your reputation intact, domain security is the next important step you need to take to protect your domain.
Before looking at what are the security loopholes that cause a domain hijack, there are some important terms to take notice of. A domain name system is managed by two entities; registries and registrars. A registry has a huge database of DNS information; domain name, name server names and IP addresses. It also contains the names of the registrars who registered the respective names, along with the basic transaction information. A registrar provides services to domain name registrants. It registers domain names for the end-users and sends the necessary information to the registry to be entered in the centralized registry database.
Why did we have such a long discussion over registries and registrars? Because registrars are the ones who need to harden their management portals and back-end environments. It was back in 2013 when a group of hackers attacked a registrar and hijacked several domains, altering their name servers and causing them to redirect to a site that promoted a political message.
Now you may be biting your nails thinking about the possible theft of your domain. Specialists have accumulated number of rules for the protection from Domain Theft. Have a look:
Register your domain name in your own account
I cannot exaggerate the significance of registering the domain name in your own account and with your own identity. You can give a trusted employee or webmaster the right to use to the domain without giving them right of entry to your actual account. This way technical people will be able to access your domain to work on your website, without being able to remove those products from your account.
Life is unplanned and often throws curve balls; protect yourself from a bad business falling through a webmaster.
Choose a registrar wisely
If you value your domain name, then services are more important than price. Search for registrars who are willing to offer you with more than the minimum registration and transfer services. If you run your operation 24 x 7, do you need a registrar that offers 24 x 7 technical support? Does the registrar issue a transfer awaiting notification as its usual practice? Does the registrar is willing to notify you of registration record alteration plus transfer requests using contact methods in addition to standard email notification? Will the registrar permit you to state the contact methods that must be used (including, email, telephone, messaging and paging services, fax, etc.)? Will the registrar apply additional authentication and authorization procedures to safeguard against removing your transfer lock or changing your domain name configuration? Such actions are at times maligned as inhibiting name transfers, but few name holders are content with the service and liaison with their registrars and want their connections sheltered.
Use a registry lock for high significance domains. Most registries recommend an even higher level of domain security in the form of a Registry Lock. This Registry Lock only permits a domain to be transferred, or else in few cases reorganized, if an authorized representative of the Registrar contacts the Registry and permits using a verified passphrase. This is a very efficient technique of security enhancement and most Registrars will only take this action after wholly verifying a client and their request.
Request DNSSEC from registrar
DNSSEC adds security extensions to your Domain Name System although it does not prevent domain name from hijacking, but it’s the only technology available to ensure the guarantee that once a user clicks on a link to your website, he or she won’t be hijacked connecting the time they click and the time they arrive at your site.
Protect your email address
Take the additional step to defend the hacking of email address coupled to your account. If someone is capable of getting into your email, many times they have accessed to all your valuable accounts. A swift search through the inbox will show your domains, your bank accounts, etc. It only takes a few clicks by hacker to get your password reset and your account is compromised. This is why enabling two-factor on your accounts such as including authentication through your other email accounts or phone number is of great importance.
Use a strong password
The next step for an effective prevention is you should protect your account by using a strong unreachable password, one that’s nearly impossible to break or hack to gain access to your account. This can be done easily by using a password manager.
Enable two-factor authentication
Now and then, even though you have a well-built password, professional hackers can hack into your account through various techniques like malware or phishing. Enable two-factor authentication for an additional layer of security. When you enter your password, a separate, exclusive code will be sent to your smart-phone inbox. By entering the new code, in addition to your password, each time you log into your account is a double check procedure which means a thief would require both your password and access to your phone code at the same time.
Additional Security Features
Look for supplementary security features. Various Registrars offer additional security features such as IP logging and notification services; make use of these features if they are presented.
Up-dates with security patches
Ensure that you have applied the latest security patches to your web servers; this will prevent hackers from exploiting known software vulnerabilities.
Keep an offline list of all domains, apart by the ones saved by your registrars. This will make it easier and simpler for you to bring together the domains you own against those listed in an account with your Registrar(s) so that you can identify the possible errors.
Clasp on to the “handover” period. All gTLD transfers go through a five day “handover” period where the transfer of a domain is held for five days to give the Registrant the capability to go for out of the transfer. There is an override mechanism accessible to Registrars where they can “force” the transfer to take immediately via the automated EPP system. Registrars have the alternative to make this mechanism obtainable to their clientele through their control panel. When choosing a Registrar think about whether a domain thief will have the skill to quickly transfer your domain away if they get access to your account.
Monitor Site Traffic
Monitor everywhere site traffic is going. If you see that traffic to your website is inexplicably going to a server in Russia or anywhere else in the world, you will get to know something is wrong, very wrong!
Beware of phishing attempts.
Now days every person who has access to computer use an email which means you could be targeted for phishing attempt. Hackers continuously try to develop more complicated methods of gaining access to your accounts. Be cautious of any email you get that asks you to click a link that brings you to a screen to enter your username and password immediately. It is always a better option to go directly to the website in question, confirm its authenticity, and log in through its home page. Some of these services are being offered by registrars as part of a basic client service. New security services may also appear as registrars, registries and ICANN, before using and logging in review and implement the recommendations of the SSAC Domain Name Hijacking report. Encourage registrars to offer domain name protection services.
Use one email for your very important accounts and a different account for anything that is public. That’s the public-facing details and data about the owner of the domain name, is very much similar to a phone book’s yellow pages. Use a separate email account or purchase domain privacy, which enables you to hide your real information so that it may be harder for people to trick you with a phishing attempt.
By following these domain security best practices, you will be in great shape in no time especially when it comes to protecting your digital assets.