|
It seems like every week, news of yet another high-profile domain hijacking occurs. Whether it’s stolen credentials, SQL injection attacks, or even the work of disgruntled employees, the number of incidents has been on the rise.
At the beginning of last year, MarkMonitor participated in VeriSign’s beta program to test server-level protections which were designed to mitigate the potential for unintended domain name changes, deletions and transfers. When VeriSign finally released their Registry Locking Program to all registrars, I expected to see the owners of highly trafficked sites flocking to this new offering.
However, after a review of the top 300 most highly trafficked sites, I was shocked to uncover that less than 10% of these valuable domains were protected using these newly available security measures.
So why aren’t more companies protecting themselves?
Given the value of these highly trafficked domains, I cannot imagine that the additional fees associated with employing this level of service are the deterrent.
I can only imagine that either the offering hasn’t been made widely available, or that confusion as to whether a domain is locked it to blame.
When it comes to domain locking, there is often quite a bit of confusion as to how to determine whether a domain is 1) “locked” within a portal, or 2) “locked” at the Registrar, or 3) “locked” at the Registry.
Only domains that have the following statuses are considered to be “locked” at the Registry, and cannot be modified using standard protocols.
For the owners of highly trafficked domains, I would strongly recommend adding this level of security to protect valuable domains. It is there for a reason, so why not use it?
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byVerisign
Sponsored byWhoisXML API
Sponsored byIPv4.Global
Sponsored byRadix
Sponsored byCSC
This is a good point, Elisa.
Some registrars charge extra for the ‘enhanced security’ that flipping those three extra statuses on requires and have built in new products or services around the higher security that is available for a domain like this.
I am sure that ‘so why not use it’? is a rhetorical question, but I’d reckon that adoption of these statuses is something that requires registrars to make programming changes or modify their existing systems. Many of the registrars have a ‘set and forget’ policy on such changes, or add in the upgrade as a feature when doing other enhancements, like adding TLDs.
Jothan Elisa isn't talking about "normal" locks Verisign introduced a new locking service a couple of months ago, which is a totally different system. (See: http://www.icann.org/en/registries/rsep/ 2009005) Registrars pay a premium per domain per month (it gets cheaper based on volume) to enable the lock on a per domain basis. Obviously the registrant would have to pay that premium plus a markup from the registrar's end. I've no idea how many registrars have actually signed up to offer the service nor how many have actually deployed it. Regards Michele
Thanks Michele for the added context, although the link doesn’t work.
I haven’t tracked this issue, but seems to me the answer to this question would be contained in any market research VeriSign did before introducing the new feature. Was consumer demand indicated? If not, it’s no mystery that registrars aren’t eager to incur a cost if they can’t make the $ back from registrants. Nor may registrants be eager to pay extra to prevent mistakes being made.
Elisa—a question. You link in your piece to a TC article talking about a DNS Cache poisoning attack. Cache poisoning is possible due to a fundamental flaw in the DNS protocol. I don’t see how any new locking service is going to prevent those types of attacks. Am I missing something?
Christopher - take the number out of the URL, go to the link and look for the document with that number. It will make more sense :) Sorry - there was no way to link to the RSEP directly Michele
Christopher - I don't believe that this most recent attack was cache poisoning. Please see link below: http://economictimes.indiatimes.com/infotech/internet/TCS-falls-prey-to-cyber-attack/articleshow/5550038.cms
Thanks Elisa for the article. Doesn't sound like the author knows how the attack occurred: Such denial of service could have been possible due to two-three reasons, the DNS server could have been attacked/ hacked or the cache was hijaked, taking advantage of some loopholes in the system. Do you know if Network Solutions responded in any way, after Tata pointed the finger at them?