NordVPN Promotion

Home / Industry

Preventing Your DNS Account from Being Hacked

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

Recent years have brought a plague of attacks targeting your ability to do business online. Whether in the form of distributed denial of service attack (DDoS), spam, phishing, or Facebook and Twitter scams. Likely the most disturbing issue for e-commerce organizations has been the growing prevalence of DDoS attacks waged to interrupt their business, or worse, to extort money. 2010 has inaugurated a new type of attack, wearing an old disguise—hijacking your managed DNS by compromising your e-mail account.

We have known that e-mail addresses have been vulnerable for years. Those of us in the technical industry especially cringe every time your company rolls out a new Web application using an “I forgot my password” feature. But you accept it anyway because you know your users won’t remember their password.

It hurts when that exploit happens to you.

With cloud based e-mail services, access to your e-mail address can be more easily intercepted than behind a corporate firewall. The ability to then also send a “forgot password” request to that same compromised email address adds pain to misery when you have been attacked.

This is exactly what happened to Twitter and Baidu when their DNS was compromised and switched to point to a group claiming themselves as the “Iranian Cyber Army.”

DNS services are frequently outsourced because most organizations don’t have the expertise to manage their own DNS, nor the capital to invest in the infrastructure required to provide global resiliency and fast resolution at the same time as withstand 40 GB+ size DDoS attacks daily. The key is for you to know who you can trust to protect yourself from being hijacked and guarantee that your DNS stays up 100% of the time.

For our own customers’ piece of mind, Afilias has built a number of protections into our managed DNS service. We think these are the minimum criteria that managed DNS organizations should follow when a Web portal is used to manage your DNS settings.

Restrict access

You should restrict access to your DNS Web portal by IP address. While this might limit usability if a staff member is traveling, it ensures that if your e-mail account is compromised that the attacker cannot log-in from an IP address that is not already specified on your account.

Vary user permissions

You should vary the types of permissions allowed to users in the system. That means that not every account should have read and write access. This lowers the probability that, if attackers are able to compromise your e-mail and get your password for your DNS account, that they will have the ability to actually change something.

Afilias allows you to set user groups, to easily set user restrictions to multiple users at a time.

Also ensuring you have more than one account with access to make changes ensures that someone can correct a problem or suspend a compromised account quickly.

Out of band security alerts

E-mail alerts are great, but not if the e-mail account they are sent to is compromised. We offer a unique feature where you can also require an SMS token for password resets. This sends a unique code to your mobile phone that must be used in conjunction with the password reset link you get in your e-mail.

In this case you have the convenience of resetting your password if you forget it, but a attacker would also have to compromise your mobile phone to be able to get into your managed DNS account.

Lock-outs to stop script attacks

Some attackers just want to brute force script an attack to guess your password. A best practice standard is to deploy lock-outs for failed login and password reset attempts. Afilias sets its threshold fairly low at just 6 attempts.

If you lock yourself out, you always have phone support to reset your password—better safe than sorry!

Written by John L. Kane, Vice President, Corporate Services at Afilias.

By Afilias, Global Provider of Internet Infrastructure Service

Afilias is the world’s second largest domain registry, with more than 20 million names under management. Afilias powers a greater variety of top-level domains than any other provider, and will soon support hundreds of new TLDs now preparing for launch. Afilias’ specialized technology makes Internet addresses more accessible and useful through a wide range of applications, including Internet domain registry services, Managed DNS and mobile Web services like goMobi® and DeviceAtlas®.

Visit Page

Filed Under

Comments

Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

NordVPN Promotion