Test A-R53-11 specifically looks for Domains that do not have a transfer lock enabled. A transfer lock is nothing more than an additional step ahead of transferring a domain to ensure a “belt & braces” type confirmation that a domain should definitely be transfered. All a transfer lock requires is that the transfer lock is disabled by an API call or a confirmation in the AWS Web Console ahead of initiating a transfer. However, this simple mechanism provides a few additional features to help protect domains from being stolen, even to insiders.
In a real life criminal incident, an unauthorised sale of the domain name sofa.com by an employee of Dinesen’s Leather Only, Stephen M. Galstad. The sale amounted to $200,000 and was conducted without the employer’s permission, culminating in legal charges against Galstad. The transaction was executed without proper authorization, with a wire transfer of the sale payment to Galstad’s personal account. Galstad had legitimate access to the domain and was an administrator, however, obviously did not have permission to sell the highly prized domain for personal benefit.
The unauthorised sale has several impacts to a number of parties:
sofa.com and Dinesen’s Leather Only, depending on the outcome of ownership claims.Domains are a key part of an organisation’s identity, intellectual property and service functionality. As domains can be transferred with a few simple emails containing an authorisation code it’s trivial for a motivated insider to complete transfer activity without attracting significant attention. Additionally, as in this case, private market sales can also request that the transfer can be completed without an obvious transaction as the purchasing party is effectively purchasing an authentication code with which they can initiate transfer of the domain.
With communications being spread across potentially private emails and transactions it’s possible for an insider to sell domains to third parties privately, obtain the proceeds and escape before the deception can be discovered.
The sofa.com incident serves a great reminder for how critical domains are and how the additional level of gating that transfer locks provide. Domain registrars in the modern day have built further on transfer lock functionality, allowing users to restrict the ability to remove a transfer lock to those with special permissions as well as increased alerting and other visibility to further protect against insider threats.
Transfer locks are easy and straightforward with additional monitoring and configuration available to lock your domains down from even focused attackers
Domains without a transfer lock are missing a key gating tool preventing the theft or sale of domains
Moderate route53 aws
An AWS security assessment evaluates the security posture of an AWS account, analysing the cloud resources contained in an account and their configuration. The goal of this assessment is to find any resources or vulnerabilities that can be maliciously utilised to compromise any services hosted in the AWS Account. Minimising these vulnerabilities will result in the hosted services being more resilient to attack and therefore adopting a stronger security posture.
vulnerability scan cloud aws
Domains with the ICANN EPP status serverRenewProhibited cannot be renewed and requires action to rescue the domain or otherwise migrate away from it
Critical route53 aws