Defense

Living on the internet in the digital age

I have watched enough technology deployments occur over the last 20 years to have learnt a thing or two. One constant I find is the perception that deploying and technology in a business environment is ‘simple and easy’. However, history and experience teach us that this simply isn’t the case. Whilst working on a project recently I thought I would try and show this in terms of looking at foundational technology and security management capabilities regarding internet presence. In this post I’m going to outline a look at foundational capabilities for Domain Registrar, DNS and internet preens management.

Sample Document Content

This document outlines the service requirements for Registrar and DNS management services. These align with good technology management and security practises. A companies DNS and domain registration services are a critical system, they affect the business brand, reputation and can affect confidentiality, availability and integrity.

Modern Internet Presence Management

On top of registration and DNS, it’s important to understand that modern business internet management capabilities, at a foundational level, are more advanced than yesterday. Content Delivery Networks, DOS protection and additional ‘value add’ services should now be deployed as standard foundational technology and cyber security capabilities.

Much like in a car, times change, technology evolves. Yesterday’s premium optional features are today’s foundational standards.

A modern business required a minimum set of functionalities which includes:

  • Platform Security
  • Internet Name Registration
  • Domain Name Services
  • Content Delivery Network
  • Reporting, Visualisation and Alerting
  • Auditing

Registrar

The registrar should have the following security capabilities:

  • Strong Authentication including Multi-factor authentication

Ideally the account will provide named user accounts, provide delegation etc. Takeover of a domain registration account allows a threat actor to re-point name server records which could lead to full site takeover so this SYSTEM should be considered critical.

External-In DNS Platform Features & Capabilities

The following table outlines key capabilities and features that should be considered a minimum standard for platform selection.

Category Description Current State Future State
Security The platform should support multi-factor authentication No Yes
Security The platforms should support delegated administration No Yes
Data Management The platform should provide the ability to export DNS records No Yes
Security The platform should have an audit log No Yes
Monitoring Alerts should be sent when a domain is unreachable No Yes
Performance Traffic can be proxied to provide a better global experience via a content delivery network No Yes
Security Helps prevent Denial Of Service (DOS) by using as proxy connection for web services No Yes
Analytics The platform can provide analytics No Yes

Internal-Out DNS Platform Requirements

The main focus for document this has been external in services, however we must recognise that all systems in the internet generally rely upon DNS both for inbound but also outbound DNS services.

We must however consider DNS client resolver capabilities as well.

Category Description Current State Future State
Security The platforms should support delegated administration No Optional
Security The platform should support multi-factor authentication No Optional
Security The platform should sinkhole known bad domains No Yes
Security The platform should provide auditing and reporting No Optional
Security The platform should allow for web content filtering based on categories and be user aware No Optional

Summary

Here we can see that the ‘simple’ system to mange internet domain registration, DNS etc. all aren’t simple and have many considerations, also this is coupled with the reality that modern businesses demands a greater level of consideration for core key technology elements. The reality of systems management is that ‘small and simple’ are rarely so, however by taking a holistic view we can build quality and integrity into the system, ensuring we protect our businesses, brand and customers through effective and robust technology management. So next time you are about to say ‘it’s simple’ make sure your systems and business practises reflect good first!

Leave a Reply