Don't Forget The Details

Sometimes we spend all this time securing our infrastructure, workloads, and systems, but we forget the simple things. One of those things is Domain Name hijacking.

Sometimes we spend all this time securing our infrastructure, workloads, and systems, but we forget the simple things. One of those things is Domain Name hijacking.

Your domain name is really important to protect. Not only does it control your main webpage, but there are likely TONS of subdomains pointing to things from marketing landing pages to experimental and one off servers.

Taking over a whole domain or DNS entries is a like hitting a gold mine for an attacker. They can be subtle and only change minor entries or noisy and just shut down your website completely.

I put together a list of things you can do to protect your domain name.

  • Ensure contact details are made through anonymous/private registration

  • Ensure contact details are updated and accurate

  • Enable 2FA with your domain providers login (do not use SMS)

  • Lock your account to disable transferring until unlocked

  • Ensure the domain in your contact details have the same protections

You can also see an updated list on the CSL Docs Page: https://docs.cloudsecuritylabs.io/glossary#15-domain-hijacking-protection-and-prevention