Secure Domain Foundation Debuts to Fight Internet Domain-Based Threats
With more than 265 million domain names registered globally, and that number growing every quarter, domain registrars must ensure that new registrations are not used for fraudulent and malicious intent.
Launching today to help improve domain security is the Secure Domain Foundation (SDF)—a multi-stakeholder initiative that aims to provide information and services to domain registries to help prevent fraudulent domain name registrations.
"We're trying to tag and track the bad actors in the domain space," Chris Davis, SDF co-founder and president told eWEEK. "The Secure Domain Foundation is designed to be a true public benefit organization that provides free services to facilitate information sharing and helps domain registries and hosting providers to identify the bad actors at the point of domain registration."
SDF's supporters include Facebook, Verizon, Verisign, Enom, Name.com, CIRA(.ca), CO Internet(.co), CrowdStrike, the Anti-Phishing Working Group (APWG), Emerging Threats, ESET Anti-Virus, DomainTools, Internet Identity, CoCCA, Mailshell, Blacknight Solutions, Foreground Security and the SecDev Group.
The partner companies have donated operational funds to keep SDF running for the next five years, said Davis, who is a director at CrowdStrike.
The idea of domain name security is one that has multiple facets. Among them is the integrity and security of the Domain Name System (DNS) information that links a domain name to a physical IP address. In 2008, security researcher Dan Kaminsky disclosed a flaw in the DNS that could have put the entire domain system at risk. A key fix for the Kaminsky flaw is the implementation of DNSsec (DNS security) technology which adds a cryptographic layer of protection to DNS information.
The SDF is looking at domain security from a different perspective than DNSsec, Davis said. The main idea behind SDF is to look at the challenges of bad domain registrations and not necessarily about how hackers might attempt to thwart DNS itself.
Security researchers have long been providing domain registries with lists of bad domains as they come up, but it's an effort that has never been truly organized, Davis said.
Domains and Websites are also often secured with the use of Secure Sockets Layer (SSL) certificates, typically issued by Certificate Authorities (CAs). The CAs already have multiple security efforts, including the CA Browser Forum and the CA Security Council. When a bad SSL certificate is discovered, there are multiple methods in place today for revocation, including the Online Certificate Status Protocol (OCSP) that checks the status and validity of a given domain certificate.
The SDF is providing a freely available API to enable domain registries and hosting providers to help validate domain information. SDF users can query the API and get information to help provide a score for the validity of a domain registration request, Davis said. That information includes validating that the postal address, phone number and email address of an applicant is valid.
Going a step further, the SDF is looking to include Remote Policy Zone (RPZ) feeds, which provide a zone file for DNS resolvers to be able to block, or blackhole, domains in an effort to protect end-users, Davis said.
One of the biggest security challenges facing domain owners today is the impact of social engineering attacks in which a hacker will trick the domain registrar into changing authentic information about a domain name.
SDF is aiming to help combat the challenge of social engineering domain attacks by improving awareness of the issue, Davis said.
Overall, awareness and adoption are the key challenges for the SDF, as it moves forward in the coming months.
"This only works if people get behind it; otherwise, we're just a bunch of security guys standing around with data," Davis said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.