NOTE! This site uses cookies and similar technologies.

If you do not change browser settings, you agree to it. Learn more

I understand

The EU cookie law (e-Privacy Directive)

The law which applies to how you use cookies and similar technologies for storing information on a user’s equipment such as their computer or mobile device changed on 26 May 2011.

Please visit ICO website for more information. http://ico.org.uk/

Safeguarding your domain name: Guidelines to protect against defacement and DNS attacks

Jonathan SheaIssue:Global-ICT 2015
Article no.:8
Topic:Safeguarding your domain name:
Guidelines to protect against defacement and DNS attacks
Author:Jonathan Shea
Title:CEO
Organisation:Hong Kong Internet Registration
Corporation Ltd. (HKIRC)
PDF size:367KB

About author

Jonathan Shea is currently the Chief Executive Officer of Hong Kong Internet Registration Corporation Ltd (HKIRC) and Hong Kong Domain Name Registration Company Ltd (HKDNR). He has extensive IT and technology experience in the telecommunications and ISP industry. Before joining HKIRC, Jonathan was the Chief Technology Officer of China Light and Power Telecommunications Limited. Jonathan has also held senior executive positions in Henderson Cyber, New World Telecom and Telstra (Australia).

In his current capacity, Jonathan is helping HKIRC transform into a customer-focused organisation and become an active promoter of the application of Internet to benefit individuals and businesses in Hong Kong. Apart from his extensive IT and technology background, Jonathan has also contributed to business development activities and business planning process in the companies he worked for.

Article abstract

Attacks from the outside are not the only threat to the security of the DNS. In some instances employees made errors to domain name records unintentionally, opening the website to the same harmful effects that come from cyber-attacks. Unexpected changes of domain name records, whether made inside or outside the organisation, may result in the loss of confidential information, impacting the business and ruining brand’s reputation. 

Full Article

Rising cyber security threats have been posing challenges to not just corporation websites, but also their brands and trademarks. Visitors to the affected sites were redirected to fraudulent websites, which cause substantial loss in business, reputation and brand loyalty to the victimised companies. In many cases, cyber-criminals find it easier to hack into the Internet domain name, a pointer to the website, rather than modifying the website itself. It is high time for corporates to deploy additional measures for protecting their Internet domain name, their most valuable asset online.
In addition to unauthorised seizure of domain names by cyber criminals, an activity commonly called “domain hijacking”, employees who mistakenly made modifications or deletions of domain names would also bring down the company website, resulting in service disruption and brand damage. It is suggested that users should consult their domain name registrar for any value-added services to prevent domain name information being modified or deleted. For example, by adopting two-factor authentication; or, unlocking the modification functions, though only for a short interval, after a thorough and rigorous offline verification process with the authorised persons.

Domain names = Internet asset

On the other hand, there were cases in local and overseas revealed that brand infringers or cybersquatters registered .hk domain names which are identical or similar to the protected brand names or trademarks. Users should consult their domain name registrar for any monitoring services to minimize the chance of domain name being imitated or used maliciously. For instance, service may include providing a report that lists existing .hk domain names which resemble subscriber’s brand names or marks, followed by continuous searches and updates on new domain name registrations which meet the same criteria. In addition to the exact brand names or trademarks, .hk domain names with common misspellings of the protected words, as well as those combining prefix/ suffix “wildcards” can also be traced instantly, which allows users to take necessary prompt actions.

To fight against DNS attack

A recent spate of high profile international incidents involving unauthorised access to domain name records has drawn attention to big names like The New York Times, Google and Yahoo. Visitors to the affected sites were redirected to various fraudulent websites. These have highlighted the need for additional security measures at the DNS (Domain Name Service) level.

Attacks from the outside are not the only threat to the security of the DNS. In some instances employees made errors to domain name records unintentionally, opening the website to the same harmful effects that come from cyber-attacks. Unexpected changes of domain name records, whether made inside or outside the organisation, may result in the loss of confidential information, impacting the business and ruining brand’s reputation.

In view of this, domain name holder should find a best way to protect their domain name as well as their internet property. .hk LOCK is a registry lock service that protects users’ .hk domain names from unauthorised seizure by cyber criminals, a malicious online activity commonly called “domain hijacking”. By hijacking user’s domain names, the criminals can divert Internet traffic meant for your websites and services to other destinations controlled by them, doing substantial and irreversible harm to user’s business and reputation.

Through the service, .hk domain name owners will have their DNS records locked and prevent any unauthorised changes. By offering this service, HKIRC aims to deliver an additional layer of security for .hk domain names to make their .hk website a more secure and trusted place for online business.

The importance of domain name protection

.hk LOCK will “lock” internet user’s domain names against any changes of name server information. The prohibition is at the “registry side”, that is, at the service provider’s system. Users or other domain registrar will appoint authorised persons, who can request an “unlocking” of the modification functions at HKIRC when necessary. HKIRC will only unlock the domain names for a short interval after a thorough and rigorous offline verification process with the authorised persons. These measures, and the underlining security framework, will ensure user’s .hk domain names are protected with the highest security standard of the industry.

By increasing the protection of domain name, users can achieve significant benefits in several ways:

 An extra, separate, layer of protection of user’s .hk domain names beyond their registrar / ISP; similar to the 2-step verification process commonly employed by Internet banking.
 Lowering of security risks – even if all of the user’s domain name credentials are accidentally compromised, .hk LOCK will be the final gatekeeper of users’ .hk domain names against unauthorised modifications.
 Peace of mind for domain owner online brand security – using .hk LOCK is like having two locks on the main door. Most households nowadays have more than one lock on the main door for adequate protection.
 Offline “key” for “unlocking” – when user need to “unlock” his domain names for modification, a verification will be conducted offline. HKIRC will manually check the “key” on phone with the authorised persons upon an “unlocking” request. This closes the loophole of possible compromise of online communications (by means of stolen passwords, fake email addresses, IP, etc.).

Given the danger of domain name hijacking is significant, this newly available security measure can benefit the following target users, for instance:Banks and financial institutions, governmental departments, utilities and public services; Owners of brand and trademark domain names Online shops, online service providers; Anybody who communicates and transacts confidentially with their clients online regularly via their own domain names; Any domain names receiving high traffic volumes; Any websites handling sensitive and confidential information.

Conclusion
Domain name registrars may offer different services or solutions for protecting your brands from “domain hijacking” or online infringement. To avoid losses, users should enquire their domain name registrar and learn more about the services that safeguard the intellectual property rights of brand and trademark owners.


Bingo sites http://gbetting.co.uk/bingo with sign up bonuses
PTC18BannerAd_A_160x60
PTC18BannerAd_B_160x60