Sunday, July 10, 2016

Domain management

When reviewing security plans for Rendition Infosec customers, one of the points we like to talk about is domain management.  In other words, who manages the portfolio of domain names owned by the company?  Who ensures that they are updated appropriately?  What about certificates for those domains?  Is the company monitoring for typo squatting derivatives of those domains?  Finally, where are those domains hosted?  In house?  In an offsite colocation facility?  With a third party hosting service?  Inventorying all of these items and having points of contact for this information is an important part of any security program.

I'm highlighting this because TP-Link apparently didn't get this message.  They forgot to renew www.tplinklogin.net and tplinkextender.net.  Both of these domains were used to help users configure their home routers.  A domain reseller noticed these domains had expired and registered them.  But the reseller isn't giving them back to TP-Link.  Instead they are offering them for sale at some pretty steep prices (though the exact price isn't listed).

Because these are home devices, we don't expect this vulnerability to impact businesses.  And to be honest, I don't think it is likely to impact many home users either.  First, the domains would have to be purchased and then the attacker would have to redirect users to a malicious site.  Even if the user enters their password (hint: it's probably admin), the attacker probably can't do anything with it the user has enabled remote administration (it's off by default).

So while the risk for users in this particular instance is low, forgetting to renew a domain can have some pretty obvious career limiting impacts.  The brand damage that could be inflicted by an attacker or a competitor is obvious.  A well documented domain management program will prevent that outcome. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.