Home / Blogs

Have You Reviewed Your Domain Lock Portfolio?

Domain names give your intellectual property visibility, as well as provide function for your company’s infrastructure. Vital domain names are simply too important to be left exposed. To protect them, you can add extra layers of security to your digital brand with easy, secure, server-level protection in addition to multi-level locks that combat domain name system (DNS) hijacking and protect against unauthorized changes and deletions to your critical domain names.

DNS hijacking is when a bad actor can divert company customers to a fake website to steal login credentials and confidential data. This poses a threat as not only a serious data breach, but a privacy nightmare, especially in light of more stringent government privacy policies, like the EU’s General Data Protection Regulation (GDRP). Information can also be harvested from inbound company emails, then used to launch sophisticated phishing attacks on customers and employees using a company’s own domains to make the phish appear legitimate. This scenario is a major business continuity risk.

Three reasons it’s essential to review your domain lock portfolio regularly

  1. Your domain portfolio is constantly changing with the launch of new brands, the retirement of old ones, developing operations in new markets, as well as buying and selling businesses. Therefore, you need to both understand what your business-critical domains are at any given time, and ensure they’re secured properly—including implementing domain locks.
  2. At the same time, the domain registries are constantly updating their offering and processes, and as new domain extensions become available for locks, it’s important to ensure you’re taking advantage of them.
  3. DNS hijacking is a constant threat, but it can be mitigated. Registry locks are the most effective preventive measure that should be put in place.

CSC’s MultiLock

At CSC, we combine the aforementioned locks with an additional mechanism not shown in the WHOIS to protect any THIN WHOIS details held with us as the registrar to offer our MultiLock service. Specifically, we don’t allow any changes through our Domain Manager if MultiLock is enabled, and this is achieved by cutting off automated access to the WHOIS database we manage. This ensures that every step of the chain requires manual validation, meaning the request will be validated by two separate checkpoints—between the client and registrar, and then between the registrar and registry. This approach means that regardless of a THICK or THIN registry, your business-critical domains are protected from the risks of domain hijacking, DNS hijacking, and malicious deletions.

The locks provide the following protections:

  • Delete prohibited – Ensures a domain name cannot be deleted or lapsed without the proper authorizations.
  • Transfer prohibited – Rejects unauthorized transfers.
  • Update prohibited – Blocks WHOIS modifications, including name server re-delegations, without multi-level consent.

None of these locks affect CSC’s ability to auto-renew domain names.

By Sue Watts, Global Marketing Leader, Digital Brand Services, CSC

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

New TLDs

Sponsored byRadix

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global