UK NCSC offers security guidance for domain and DNS registrars
The UK National Cyber Security Centre (NCSC) has released security guidance for domain registrars and operators of Domain Name System (DNS) services.
“DNS registrars have an important role to help counter domain abuses throughout their lifecycle,” the NCSC says.
They should work on minimizing the ability of actors to register misleading domains, speeding up the takedown of malicious domains, helping customers secure and retain their domain registrations, and reducing the number of vulnerable and compromised systems that can be used for malicious purposes.
The guidelines
The document builds on existing industry good practice from international bodies such as ICANN. It aims to help domain and DNS registrars reduce malicious and abusive domain registrations leveraged for malware and spam distribution, for hosting phishing sites, for operating botnets, etc.
They can do so by:
1. Implementing a set of automated security checks for when a customer registers, and following up with manual ones are needed.
For example, they should check that the contact and payment information is valid and has not be previously flagged in instances of fraud and abuse.
Though, as the NCSC admits, “for the large volume or more automated retail sale of domains, this approach may not be suitable, and other measures to prevent abuse should be used.”
2. Implementing security controls at domain registration
The domain registrars should monitor new registrations to identify misleading domains before they are used for abuse, take advantage of information shared by other registrars and infrastructure providers, and offer help with the initial configuring of domains to prevent abuse and enhance security.
3. Offering strong security features to prevent unauthorized changes or domain transfers
These include multi-factor authentication support, revokable API access tokens, change detection and notification, etc.
4. Using tools to spot abuse and react to abuse requests
Domain registrars and DNS operators should quickly respond to and resolve abuse reports, proactively look for and respond to potentially abusive customer behaviours, share information about spotted abusive behavior with other registrars and operators, and aim to proactively disclose security issues and compromises to domain owners.
“It is recognised that different organisations in the field of domain registration have different ways of working. Registrars are therefore split into two main categories and you should apply the principles that best apply to your business model,” the NCSC made sure to point out.