DNS Security

This article, describing how a Brazilian Bank with $27 Billion in assets and hundreds of branches was taken over by a criminal hacking group for a single day in 2016, illustrates the need to secure your web resources all the way back to the registrar.  The undisclosed bank in question had all of its DNS traffic redirected to a clone of the bank’s actual website.  Customers used the site the entire day, entering their password and account information into the fake site – resulting in an undisclosed but likely significant loss of funds for the affected individuals, the bank and the Brazilian government’s insurance fund.

DNS Security is an overlooked component in the chain of digital services required to deliver internet services.  If you are interested in ensuring you maintain control over your domain, you need to evaluate the security of your domain registrar.  Like any other third-party service provider, they need to meet your security expectations.  You need to assess their service offerings and their ability to protect your data.

While not an endorsement on my part, CloudFlare has announced they intend on meeting this emerging market.  They have started offering their services as a Registrar and include a handful of features designed to ensure domains are protected from hijacking.  I assume Registrars will look at these new offerings and see the market opportunities they represent.  Like many other services, until they become commodities, the provider can charge a premium.  I’m hoping these offerings will become ubiquitous and affordable for all website operators.

Until then, you should consider using CloudFlare’s security tool to understand the features you need to enable to ensure your website is secure.