Logo
ICANN
ICANN
Filtered Search

Are you sure you want to sign out from http://www.icann.org?

If you want to sign out from both http://www.icann.org and ICANN Account, click here.

ICANN Blogs

Read ICANN Blogs to stay informed of the latest policymaking activities, regional events, and more.

Practical Steps for Protecting Domain Names

6 September 2013
By
Patrick Jones

Patrick Jones

VP, Global Stakeholder Engagement

Patrick coordinates ICANN's Global Stakeholder Engagement activities across its regional and functional teams, working closely with counterparts in ICANN org's community-facing areas. Patrick oversees the function's budget and operating activities, and coordinates operational alignment of global engagement activities across the regions.

Patrick joined ICANN in March 2006 and has been active in Internet governance, policy, technology/security and privacy areas since 2000. Patrick previously served in the Security team from November 2009-October 2013, and ICANN's Registry team from 2006-2009. He is a graduate of Indiana University McKinney School of Law and is developing conversational fluency in Spanish.

Patrick is an invited participant from ICANN technical staff in the Security and Stability Advisory Committee (SSAC) and represents ICANN at the UN Group of Experts on Geographic Names (UNGEGN). He regularly speaks at regional Internet and DNS events on security, privacy and technology issues.

Patrick Jones, on behalf of the ICANN Security team

In the wake of high-profile hacking attacks against the New York Times, Twitter, Huffington Post, and others, we thought it would be useful to re-post the blog from November 2012 written by Dave Piscitello, ICANN’s Senior Security Technologist on What You Should Learn from the Diigo Domain Hacking incident. The post describes a set of practical steps that anyone who has a domain name registration can take to protect against domain hacking and related attacks.

Be aware that social engineering attacks may occur. Educate those who are responsible for maintaining domain name registrations and your web presence on the potential for attacks. Establish procedures for registering and maintaining domain names (and ensure that those procedures are followed). Use two-factor authentication. Ask your registrar about registrar locks, and use registry locks if offered by your registry operator.

These measures do not cover everything one can do to protect against attacks. We do suggest using the lessons from recent events to look at your existing practices and ask about additional measures one can take.

What You Should Learn From the Diigo Domain Hacking Incident

 

Authors

Patrick Jones

Patrick Jones

VP, Global Stakeholder Engagement
Patrick Jones

Patrick Jones

VP, Global Stakeholder Engagement

Patrick coordinates ICANN's Global Stakeholder Engagement activities across its regional and functional teams, working closely with counterparts in ICANN org's community-facing areas. Patrick oversees the function's budget and operating activities, and coordinates operational alignment of global engagement activities across the regions.

Patrick joined ICANN in March 2006 and has been active in Internet governance, policy, technology/security and privacy areas since 2000. Patrick previously served in the Security team from November 2009-October 2013, and ICANN's Registry team from 2006-2009. He is a graduate of Indiana University McKinney School of Law and is developing conversational fluency in Spanish.

Patrick is an invited participant from ICANN technical staff in the Security and Stability Advisory Committee (SSAC) and represents ICANN at the UN Group of Experts on Geographic Names (UNGEGN). He regularly speaks at regional Internet and DNS events on security, privacy and technology issues.

You May Also Like