MarkMonitor security expert, Sherry Hildebrand, has put together an informative report on protecting domains from cyberattacks.
Domain names are the quintessential elements of brands; downtime can hurt a brand’s livelihood and sustainability.
Here some key points from the MarkMonitor report:
- Use registry lock on core domains. All core domains should have an additional lock, called Registry Lock, applied. Registry Lock will freeze domain confirmations at the registry level until the correct high-security protocol specified by both the client and registrar is followed. This prevents erroneous nameserver updates, hijackings and social engineering attacks.
- Do not use lame nameserver delegation. Any nameservers listed on a domain should be configured. MarkMonitor provides domain forwarding for those registrants would like to forward. Not only is this a great security measure, but it also helps measure traffic for that domain, which can later be used to score a domain portfolio.
- Mandate multi-factor authentication. Many internal security controls require users to use multi-factor authentication, which can be cumbersome to set up and maintain, but ultimately provides a strong, additional layer of security in the event that login credentials are compromised. Social media accounts should also have multi-factor authentication for logins. It is is critical that login credentials to any account – especially to domain, DNS, and website management accounts – are never shared, are reviewed on a regular basis and have a limited number of authorized users. There are also other security methods for organizations to consider, which help prevent unauthorized logins. These include IP Access Restrictions and Single Sign-On.
- Use granular user permissions. Determine the information users need access to and the functions they need to be able to perform with this information, as not every user needs full access to everything. For example, some users might need read only access, while others will need partial access to perform day-to-day job duties.
- Receive and examine email notifications for domain changes. Secure account management allows automatic notifications to a specified, secure email address when a domain change occurs. Once enabled, this service will automatically send a system-generated email to the secure email address, notifying the recipient of any change that was made.
Read the full MarkMonitor report below:
Loading...
Reload document 
Open in new tab 
