Thursday, December 31, 2009

How your corporate domain name is managed?

Domain Names Security and Vulnerability Assessment - Answer the following questions...

  • Where are your domain names registered?
  • How much are you paying for it? (Is your brand really worth just $9.95 a year?)
  • Who has access to change your DNS registration?
  • Are those people trusted?
  • How do you authenticate to make changes to your DNS registration?
  • Is that authentication system adequate? (Are you using passwords or certificates?)
  • What is the access recovery process for your DNS registration in the event that you loose your access credential? Is that recovery process secure?
  • Have you locked out registrar transfers for your domain?
  • Is your DNS Whois contact information up to date?
  • Are you carefully monitoring the email addresses associated with the Whois contact information for your domain? (If not, you might loose your domain if someone complains about the accuracy of your Whois contact information or claims (even fraudulently) that you are infringing upon their trademarks.)
  • How are you hosting your DNS records?
  • If you are hosting your DNS with a third party, you need to ask all the access control questions that you asked about your DNS registrar - Who has access, how do they have access, and what is the recovery process...
  • If you are hosting your own DNS, how are you managing the security of your DNS servers?
  • What DNS records are you publishing? What process exists within your organization to create a new DNS record within your domain and how do old DNS records get expired?
  • Are those processes connected with other business controls that need to be invoked whenever your organization publishes information on the Internet?
Hopefully, your organization has looked at these questions carefully and has mature processes, but the fact is that these issues are frequently overlooked, and represent a significant and widespread vulnerability on the Internet today.

No comments: