https://cyber.dhs.gov/assets/report/ed-19-01.pdf
Directive issued 2 days ago to gov't agencies. I presume the threat exists in private industry also. My domains reside with GoDaddy. Is this an action for GoDaddy? If not, how do I check/validate/take an action to protect my DNS activity?
Hey there @SrTrekker,
This line right here tells you all you need to know:
The attacker begins by compromising user credentials, or obtaining them through alternate means, of an account that can make changes to DNS records.
If you want to prevent this from happening, all you have to do is practice basic security.
Basically, they have to get access to your account first. And the only way they can do that is if you use the same password for everything and it's easy to guess or brute force attack. The weak link here is the user.
So, if your passwords are good and secure, you'll be just fine.
Once your issue is resolved,
please be sure to come back and click accept for the solution
Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community
So, what you are telling me, MrVapor, is that "Only through my GD account can the DNS be altered, i.e., there is no way a perpetrator can access the nameservers directly, (ns01.domaincontrol.com & ns02.domaincontrol.com), to hack a DNS record. Is this correct? (It would be good to have a GD employee confirm the security of the NS.)
BTW, I already have 2 factor on my account.Thanks.
@MrVapor Great response!
@SrTrekker Another thing you can do (which is suggested in the document) is to add two-factor authentication to your account. You can find instructions on how to do this with your GoDaddy account here.