Defense
Living on the internet in the digital age
I have watched enough technology deployments occur over the last 20 years to have learnt a thing or two. One constant I find is the perception that deploying and technology in a business environment is ‘simple and easy’. However, history and experience teach us that this simply isn’t the case. Whilst working on a project recently I thought I would try and show this in terms of looking at foundational technology and security management capabilities regarding internet presence. In this post I’m going to outline a look at foundational capabilities for Domain Registrar, DNS and internet preens management.
Sample Document Content
This document outlines the service requirements for Registrar and DNS management services. These align with good technology management and security practises. A companies DNS and domain registration services are a critical system, they affect the business brand, reputation and can affect confidentiality, availability and integrity.
Modern Internet Presence Management
On top of registration and DNS, it’s important to understand that modern business internet management capabilities, at a foundational level, are more advanced than yesterday. Content Delivery Networks, DOS protection and additional ‘value add’ services should now be deployed as standard foundational technology and cyber security capabilities.
Much like in a car, times change, technology evolves. Yesterday’s premium optional features are today’s foundational standards.
A modern business required a minimum set of functionalities which includes:
- Platform Security
- Internet Name Registration
- Domain Name Services
- Content Delivery Network
- Reporting, Visualisation and Alerting
- Auditing
Registrar
The registrar should have the following security capabilities:
- Strong Authentication including Multi-factor authentication
Ideally the account will provide named user accounts, provide delegation etc. Takeover of a domain registration account allows a threat actor to re-point name server records which could lead to full site takeover so this SYSTEM should be considered critical.
External-In DNS Platform Features & Capabilities
The following table outlines key capabilities and features that should be considered a minimum standard for platform selection.
| Category | Description | Current State | Future State |
| Security | The platform should support multi-factor authentication | No | Yes |
| Security | The platforms should support delegated administration | No | Yes |
| Data Management | The platform should provide the ability to export DNS records | No | Yes |
| Security | The platform should have an audit log | No | Yes |
| Monitoring | Alerts should be sent when a domain is unreachable | No | Yes |
| Performance | Traffic can be proxied to provide a better global experience via a content delivery network | No | Yes |
| Security | Helps prevent Denial Of Service (DOS) by using as proxy connection for web services | No | Yes |
| Analytics | The platform can provide analytics | No | Yes |
Internal-Out DNS Platform Requirements
The main focus for document this has been external in services, however we must recognise that all systems in the internet generally rely upon DNS both for inbound but also outbound DNS services.
We must however consider DNS client resolver capabilities as well.
| Category | Description | Current State | Future State |
| Security | The platforms should support delegated administration | No | Optional |
| Security | The platform should support multi-factor authentication | No | Optional |
| Security | The platform should sinkhole known bad domains | No | Yes |
| Security | The platform should provide auditing and reporting | No | Optional |
| Security | The platform should allow for web content filtering based on categories and be user aware | No | Optional |
Summary
Here we can see that the ‘simple’ system to mange internet domain registration, DNS etc. all aren’t simple and have many considerations, also this is coupled with the reality that modern businesses demands a greater level of consideration for core key technology elements. The reality of systems management is that ‘small and simple’ are rarely so, however by taking a holistic view we can build quality and integrity into the system, ensuring we protect our businesses, brand and customers through effective and robust technology management. So next time you are about to say ‘it’s simple’ make sure your systems and business practises reflect good first!
