The following article is copied and pasted from the Public safety Webpage
Protecting and Securing your Domain Name
Date: 15 December 2014
CCIRC, in collaboration with the Canadian Internet Registration Authority (CIRA), has developed this Information Note to provide best practices and advice on securing your domain.
Having a domain is an integral part of business today and care should be taken to protect it. Malicious attackers may be interested in your domain for a variety of reasons and CCIRC has recently observed a number of attacks using Domain Name System (DNS) & domain hijacking, and cybersquatting.
DNS & Domain Hijacking
Domain hijacking occurs when the registration of a domain name is changed without the permission of the owner. Attackers can use personal information obtained through social engineering to impersonate and then persuade the domain registrar to change DNS information or transfer the domain to another registrant. This can lead to visitors who are intending to visit your website are instead being delivered to content controlled by the malicious actor. Examples of this malicious content can include credential phishing, malware delivery, and brand/website defacement.
Another reason for attackers to hijack DNS and domain information could be to take control of the domain and associated email addresses in order to monitor traffic and capture data. Analysis of captured traffic could provide a malicious actor with sensitive information, including usernames and passwords. The malicious attackers could also submit and intercept password reset requests from cloud applications to hijack personal accounts.
Cybersquatting occurs when a registered domain expires, either intentionally or by mistake, and someone other than the original owner is able to gain ownership of it. This usually results in the new owner attempting to extort payment from the original owner.
The loss or unauthorized modification of a domain could result in data compromise and service downtime. This can lead to the loss of brand reputation, customers and revenue.
Past domain related attacks have involved high profile, high traffic websites including the Huffington Post, New York Times and Twitter. In those cases, reports indicate that DNS information was modified so that the domains were pointing to servers controlled by the attackers.
CCIRC strongly encourages information technology owners and operators to select a domain registrar which support the following security products:
Registry Lock – Enabling Registry Lock helps ensure that attributes of the domain are unchangeable and no transfer or deletion transactions can be processed against the domain name (with the exception of renewals) unless authorized. Registry Lock is a service offered by CIRA through certified registrars, whereas a registrar lock is offered by a registrar only.
DNSSEC – Enabling DNSSEC with your domain registrar and DNS host help to prevent sophisticated malicious attacks including DNS hijacking and spoofing.
Domain owners should review the following domain name portfolio management best practices:
- Perform audits of your domain name portfolio on a regular basis. This includes monitoring for unauthorized changes to domain contact and DNS information; and for awareness of domain registration expiry dates.
- Ensure your domain contact information is being regularly monitored and updated with your registrar to help ensure that any changes made to the domain are being performed by the domain owner or an authorized person. Keeping this information both accurate and complete is crucial.
- Ensure you are able to receive communications from your domain registrar by adding them to your email whitelist.
- Incorporate domain name hijacking into incident response and business continuity planning. Develop a strategy to quickly restore your domain names and DNS configuration in case of attack.
Additionally, domain owners should review the following best practices for domain registry user accounts and any email addresses listed in your domain contact information:
- Use strong passwords which are unique from other passwords you may currently use elsewhere, or have used in the past.
- Avoid using publicly available details (e.g., information that may be found on social media) as answers to password hints and password reset identity verification questions.
- Enable multi-factor authentication.
- Add your registrar’s domain name to your email spam filter’s approved list to ensure that you receive communication and notifications from your domain registrar and/or registry.
- Enhancing the Security of .CA
- CIRA improves safety of Canada’s Internet
- Recent domain hijackings should remind CIOs of the importance of domain locking says .CA executive
- SAC 044: A Registrant’s Guide to Protecting Domain Name Registration Accounts
Note to Readers
The Canadian Cyber Incident Response Centre (CCIRC) operates within Public Safety Canada, and works with partners inside and outside Canada to mitigate cyber threats to vital networks outside the federal government. These include systems that keep Canada’s critical infrastructure functioning properly, such as the electrical grid and financial networks, or contain valuable commercial information that underpins our economic prosperity. CCIRC supports the owners and operators of systems of national importance, including critical infrastructure, and is responsible for coordinating the national response to any serious cyber security incident.
For general information, please contact Public Safety Canada’s Public Affairs division at:
Telephone: 613-944-4875 or 1-800-830-3118