[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #33062 [Internal Services/Tor Sysadmin Team]: investigate kreb's advice on DNS hijacking



#33062: investigate kreb's advice on DNS hijacking
-----------------------------------------------------+-----------------
     Reporter:  anarcat                              |      Owner:  tpa
         Type:  task                                 |     Status:  new
     Priority:  Low                                  |  Milestone:
    Component:  Internal Services/Tor Sysadmin Team  |    Version:
     Severity:  Major                                |   Keywords:
Actual Points:                                       |  Parent ID:
       Points:                                       |   Reviewer:
      Sponsor:                                       |
-----------------------------------------------------+-----------------
 After reviewing [https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-
 recent-widespread-dns-hijacking-attacks/ this article about recent DNS
 hijacking incidents], I think it might be worth reviewing the
 recommendations given in the article, which are basically:

  1. [x] use DNSSEC
  2. [ ] Use registration features like Registry Lock that can help protect
 domain names records from being changed
  3. [ ] Use access control lists for applications, Internet traffic and
 monitoring
  4. [ ] Use 2-factor authentication, and require it to be used by all
 relevant users and subcontractors
  5. [x] In cases where passwords are used, pick unique passwords and
 consider password managers
  6. [ ] Review accounts with registrars and other providers
  7. [ ] Monitor certificates by monitoring, for example, Certificate
 Transparency Logs

 Some of those are impractical: for example 2FA will not work for us if we
 have one shared account with a provider.

 Others have already been done: we have a good DNSSEC deployment and manage
 passwords properly.

 Mainly, I'm curious about investigating Registry lock and CT logs
 monitoring, the latter which could be added as a Nagios thing, maybe.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33062>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs