Opened 9 months ago

#33062 new task

investigate kreb's advice on DNS hijacking

Reported by: anarcat Owned by: tpa
Priority: Low Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Major Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

After reviewing this article about recent DNS hijacking incidents, I think it might be worth reviewing the recommendations given in the article, which are basically:

  1. [x] use DNSSEC
  2. [ ] Use registration features like Registry Lock that can help protect domain names records from being changed
  3. [ ] Use access control lists for applications, Internet traffic and monitoring
  4. [ ] Use 2-factor authentication, and require it to be used by all relevant users and subcontractors
  5. [x] In cases where passwords are used, pick unique passwords and consider password managers
  6. [ ] Review accounts with registrars and other providers
  7. [ ] Monitor certificates by monitoring, for example, Certificate Transparency Logs

Some of those are impractical: for example 2FA will not work for us if we have one shared account with a provider.

Others have already been done: we have a good DNSSEC deployment and manage passwords properly.

Mainly, I'm curious about investigating Registry lock and CT logs monitoring, the latter which could be added as a Nagios thing, maybe.

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.