investigate kreb's advice on DNS hijacking
After reviewing this article about recent DNS hijacking incidents, I think it might be worth reviewing the recommendations given in the article, which are basically:
-
use DNSSEC -
Use registration features like Registry Lock that can help protect domain names records from being changed -
Use access control lists for applications, Internet traffic and monitoring -
Use 2-factor authentication, and require it to be used by all relevant users and subcontractors -
In cases where passwords are used, pick unique passwords and consider password managers -
Review accounts with registrars and other providers -
Monitor certificates by monitoring, for example, Certificate Transparency Logs (#40677)
Some of those are impractical: for example 2FA will not work for us if we have one shared account with a provider.
Others have already been done: we have a good DNSSEC deployment and manage passwords properly.
Mainly, I'm curious about investigating Registry lock and CT logs monitoring, the latter which could be added as a Nagios thing, maybe.
Edited by anarcat