7 Steps to Protect Your Registrar Records and DNS
Do you know that for most companies a single password is all that stands between hackers and pretty much the company’s entire Internet presence? That’s right – I am talking about the login credentials you use to access GoDaddy or some other mass-production registrar (assuming you are not paying $3k/year for a bank domain – rules are a bit different there). For years I have been concerned that these bad guys may realize what a treasure trove that is, and, unfortunately, they finally have. Winxnet recently received an alert from DHS titled DNS Infrastructure Hijacking Campaign, detailing these recent attacks.
To minimize the risk to your organization, you should take the following actions:
- Implement multifactor authentication on domain registrar accounts, or on other systems used to modify DNS records.
- If the above is not available, periodically change and keep the passwords unique and secure for all accounts that can change organizations’ DNS records.
- If possible, limit what IP addresses are allowed to make changes.
- If registrar supports it, create secondary verification controls for record changes, such as known-number callback.
- Audit public DNS records to verify they are resolving to the intended location.
- Set up DNS record monitoring and change altering.
- Search for encryption certificates related to domains and revoke any fraudulently requested certificates.
You may want to consider changing your registrar provider if they do not provide some or most of functionality. If you have questions or concerns regarding your security posture, Winxnet is here to help. Schedule a call with an expert today.