Domains, Registrars, and DNS

Everything depends on your domain name. How are you protecting it?

-Who is (whois!) your registrar?
-Who has access to your account?
-What email address is associated with your account? How is this account protected?
-When do your domains expire?
-Do you have privacy enabled?
-Does your admin account support MFA and have you enabled it?
-Have you updated your contacts recently?
-Have you reviewed your DNS records recently?

If you don’t control your domain or DNS, you are missing out on a fundamental element of securing your organization!

Samples:

-Not knowing who your registrar is or having no credentials. This results in a sometimes lengthy process to recover access to your account. If your DNS lives in the same place, imagine needing to make a change RIGHT NOW, and having to wait for the recovery process.

-Expiring domains with no access to the account. ^See above

-Weak passwords on accounts and/or credentials that have never been updated (example: former admin leaves organization)

-Contacts set to employees who no longer work at the organization; no ability to deliver email to listed contacts

-Third parties with accounts or transfers to other organizations: MSPs, web developers, others. What protections do these organizations have in place? Who has access to your records within these organizations? Is this third-party still in business?

-Legacy DNS records: hosts, aliases, SPF, MX, others…