How To Protect Yourself Against Domain Name Hijackers
Companies overlook the threat of getting their domain names stolen from under them. Here's how to protect yourself.
Once you’ve locked your domain name, routinely check the Whois service to make certain it remains locked, and that your domain name information has not been modified without your knowledge and consent.
Then you need to choose a registrar wisely. If you value your domain name, then services are a more important differentiator than price.
Look for registrars who are willing to provide you with more than the minimum registration and transfer services. If you run your operation 24 x 7, do you need a registrar that offers 24 x 7 technical support? Does the registrar issue a transfer pending notification as its standard practice? (Registrars are not obligated to do so.) Is the registrar willing to notify you of registration record changes and transfer requests using contact methods in addition to (and in parallel with) standard email notices? Will the registrar allow you to specify the contact methods that must be used (e.g., any or all contacts in the registration record, including, email, telephone, messaging and paging services, fax, etc.)? Will the registrar implement additional authentication and authorization measures to safeguard against removing your transfer lock or changing your domain name configuration?
Such measures are sometimes maligned as inhibiting name transfers, but some name holders are perfectly happy with the service and relationship they have with their registrars and want that relationship protected.
Some of these services are likely to be offered by registrars as part of a basic service. New security services may also appear as registrars, registries and ICANN review and implement the recommendations of the SSAC Domain Name Hijacking report. Encourage registrars to offer domain name protection services. If name holders demonstrate a willingness to pay for registration and DNS configuration protection, registrars will be more likely to offer them.
A Collaborative Effort Needed
The PANIX and Hushmail incidents attracted international attention and prompted a lengthy investigation by ICANN's SSAC. After investigating other reported incidents, the SSAC produced a report , concluding that “domain name hijacking incidents are commonly the result of flaws in registration and related processes, failure to comply with the transfer policy, and poor administration of domain names by registrars, resellers, and registrants.”
Simply stated, if everyone involved in the name registration process were to try a bit harder, domain name hijacking would be much less a threat. As SSAC chairman Steve Crocker explained in a July, 2005 press release announcing the committee’s official report, “no single party to the registration process is wholly at fault for all hijacking incidents, and there is room for improvement in policies and processes across the board. Name holders have a responsibility to protect their domain names as they would any valuable asset.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.