Secure Domain Foundation Targets Domain-Based Security Issues

The Secure Domain Foundation (SDF) launched on Monday to help domain security, forming a multi-stakeholder initiative that aims to provide information and services to domain registries to help prevent fraudulent domain name registrations.

“We’re trying to tag and track the bad actors in the domain space,” Chris Davis, SDF co-founder and president told eWEEK. “The Secure Domain Foundation is designed to be a true public benefit organisation that provides free services to facilitate information sharing and helps domain registries and hosting providers to identify the bad actors at the point of domain registration.”

Industry support

SDF’s supporters include Facebook, Verizon, Verisign, Enom, Name.com, CIRA(.ca), CO Internet(.co), CrowdStrike, the Anti-Phishing Working Group (APWG), Emerging Threats, ESET Anti-Virus, DomainTools, Internet Identity, CoCCA, Mailshell, Blacknight Solutions, Foreground Security and the SecDev Group.

The partner companies have donated operational funds to keep SDF running for the next five years, said Davis, who is a director at CrowdStrike.

The idea of domain name security is one that has multiple facets. Among them is the integrity and security of the Domain Name System (DNS) information that links a domain name to a physical IP address. In 2008, security researcher Dan Kaminsky disclosed a flaw in the DNS that could have put the entire domain system at risk. A key fix for the Kaminsky flaw is the implementation of DNSsec (DNS security) technology which adds a cryptographic layer of protection to DNS information.

The SDF is looking at domain security from a different perspective than DNSsec, Davis said. The main idea behind SDF is to look at the challenges of bad domain registrations and not necessarily about how hackers might attempt to thwart DNS itself.

Security researchers have long been providing domain registries with lists of bad domains as they come up, but it’s an effort that has never been truly organised, Davis said.

SSL security

Domains and websites are also often secured with the use of Secure Sockets Layer (SSL) certificates, typically issued by Certificate Authorities (CAs). The CAs already have multiple security efforts, including the CA Browser Forum and the CA Security Council. When a bad SSL certificate is discovered, there are multiple methods in place today for revocation, including the Online Certificate Status Protocol (OCSP) that checks the status and validity of a given domain certificate.

The SDF is providing a freely available API to enable domain registries and hosting providers to help validate domain information. SDF users can query the API and get information to help provide a score for the validity of a domain registration request, Davis said. That information includes validating that the postal address, phone number and email address of an applicant is valid.

Going a step further, the SDF is looking to include Remote Policy Zone (RPZ) feeds, which provide a zone file for DNS resolvers to be able to block, or blackhole, domains in an effort to protect end-users, Davis said.

Social engineering threat

One of the biggest security challenges facing domain owners today is the impact of social engineering attacks in which a hacker will trick the domain registrar into changing authentic information about a domain name.

SDF is aiming to help combat the challenge of social engineering domain attacks by improving awareness of the issue, Davis said.

Overall, awareness and adoption are the key challenges for the SDF, as it moves forward in the coming months.

“This only works if people get behind it; otherwise, we’re just a bunch of security guys standing around with data,” Davis said.

Are you a security pro? Try our quiz!

Originally published on eWeek.