How Secure Is Your Domain Name?	Visited: 2101 Not rated Rate: Select 1 - Terrible 2 - Poor 3 - Average 4 - Good 5 - Outstanding
by Lee Hodgson August 14, 2003

Fancy playing Russian roulette with your online business?

Of course not, but if you knew how insecure your domain name might be, you'd realize what a risk you were taking. Here are five potential security risks pertaining to domain name ownership and tips to minimize them.

1) Insecure Passwords

Most registrars allow registrants to manage their domain names online using a control panel or a management site. This is convenient but a potential security risk. If you give out the password or make it easy to guess, you are in effect inviting people to steal your domain name.

Solution: Make your password impossible to guess and make it available to a minimum number of people. If possible, keep the password to yourself. Change the password on a regular basis.

2) Unencrypted Access

If the domain name management site uses a URL that begins with http:// instead of https://, it means all information flowing between your PC and the server is unencrypted. In that case, the information transmitted is available for skilled hackers to read and interpret, which is a potential security risk.

Solution: Use a registrar that offers secure access to the domain name management site. Look for a URL starting with https:// and a padlock icon in your browser.

3) Backdoor Modifications

Network Solutions Inc. allows customers to make changes to their domain name records by fax. For domain names registered under organization names, the company requires faxes on a company letterhead.

In the past, hackers have forged letterhead and changed the administrative contact for a domain name. Once they have control of the administrative contact e-mail address, all kinds of other changes are possible, including transferring the name to a different registrar altogether.

Solution: Use a registrar that doesn't allow domain record updates via fax.

4) Domain Transfers

The domain name transfer system was designed to allow domain name owners to transfer names from one registrar to another. This is a good idea because it compels domain name registrars to provide good service or risk losing customers to rival registrars.

Unfortunately, it is also a serious security risk. Why? When a transfer is initiated, it is first and foremost the responsibility of the gaining registrar to verify the validity of the transfer request. Each registrar has methods for doing this. Some are very security conscious, others aren't. Knowledgeable domain hijackers initiate transfer requests through the weakest domain registrars.

Solution: Register your domain names with a registrar that uses some kind of "domain lock" or "registrar lock" service. When the registrar lock is activated, it's impossible to transfer names to a different registrar.

5) Invalid E-mail Addresses

When your name is due for renewal, most registrars will send an e-mail message to the administrative or billing contact asking for a renewal payment. This is most likely to be the only way the registrar attempts to contact you. If you don't receive these e-mail messages, your domain name could expire. When this happens, anyone can reregister the name.

Solution: Keep your domain name contact or WHOIS information up-to-date. In particular, make sure the e-mail addresses are valid and that you check them regularly for messages. A neglected e-mail address is no more use than an invalid e-mail address.

A Better Solution?

OK, so those are some of the dangers. Apart from the specific solutions outlined above, a catch all solution is provided by an innovative company called SnapNames. It offers a service called Snap Back, which will notify you immediately whenever changes are made to your domain name records, whether by hackers, the registrar or the registry.

While not quite as good as preventing the changes in the first place, quick action on unauthorized modifications gives you a better chance of keeping your domain name.

As a bonus, this service will automatically attempt to re-register the name for you if it expires due to nonpayment or is accidentally deleted due to a registrar or registry mistake. Again, no guarantees, but a great second line of defense.

This article reprint rights are granted exclusively to DevStart Network. Any reprint is strongly prohibied.