10:42 AM
Core System Testing: How to Achieve Success
Oct 06, 2016
Property and Casualty Insurers have been investing in modernizing their core systems to provide fl ...Read More>>

How To Protect Yourself Against Domain Name Hijackers

Companies overlook the threat of getting their domain names stolen from under them. Here's how to protect yourself.

Once you’ve locked your domain name, routinely check the Whois service to make certain it remains locked, and that your domain name information has not been modified without your knowledge and consent. Then you need to choose a registrar wisely. If you value your domain name, then services are a more important differentiator than price.

Look for registrars who are willing to provide you with more than the minimum registration and transfer services. If you run your operation 24 x 7, do you need a registrar that offers 24 x 7 technical support? Does the registrar issue a transfer pending notification as its standard practice? (Registrars are not obligated to do so.) Is the registrar willing to notify you of registration record changes and transfer requests using contact methods in addition to (and in parallel with) standard email notices? Will the registrar allow you to specify the contact methods that must be used (e.g., any or all contacts in the registration record, including, email, telephone, messaging and paging services, fax, etc.)? Will the registrar implement additional authentication and authorization measures to safeguard against removing your transfer lock or changing your domain name configuration?

Such measures are sometimes maligned as inhibiting name transfers, but some name holders are perfectly happy with the service and relationship they have with their registrars and want that relationship protected.

Some of these services are likely to be offered by registrars as part of a basic service. New security services may also appear as registrars, registries and ICANN review and implement the recommendations of the SSAC Domain Name Hijacking report. Encourage registrars to offer domain name protection services. If name holders demonstrate a willingness to pay for registration and DNS configuration protection, registrars will be more likely to offer them.

A Collaborative Effort Needed
The PANIX and Hushmail incidents attracted international attention and prompted a lengthy investigation by ICANN's SSAC. After investigating other reported incidents, the SSAC produced a report , concluding that “domain name hijacking incidents are commonly the result of flaws in registration and related processes, failure to comply with the transfer policy, and poor administration of domain names by registrars, resellers, and registrants.”

Simply stated, if everyone involved in the name registration process were to try a bit harder, domain name hijacking would be much less a threat. As SSAC chairman Steve Crocker explained in a July, 2005 press release announcing the committee’s official report, “no single party to the registration process is wholly at fault for all hijacking incidents, and there is room for improvement in policies and processes across the board. Name holders have a responsibility to protect their domain names as they would any valuable asset.

2 of 2
Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.