[tor-bugs] #33062 [Internal Services/Tor Sysadmin Team]: investigate kreb's advice on DNS hijacking
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jan 26 18:46:46 UTC 2020
#33062: investigate kreb's advice on DNS hijacking
-----------------------------------------------------+-----------------
Reporter: anarcat | Owner: tpa
Type: task | Status: new
Priority: Low | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Major | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-----------------------------------------------------+-----------------
After reviewing [https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-
recent-widespread-dns-hijacking-attacks/ this article about recent DNS
hijacking incidents], I think it might be worth reviewing the
recommendations given in the article, which are basically:
1. [x] use DNSSEC
2. [ ] Use registration features like Registry Lock that can help protect
domain names records from being changed
3. [ ] Use access control lists for applications, Internet traffic and
monitoring
4. [ ] Use 2-factor authentication, and require it to be used by all
relevant users and subcontractors
5. [x] In cases where passwords are used, pick unique passwords and
consider password managers
6. [ ] Review accounts with registrars and other providers
7. [ ] Monitor certificates by monitoring, for example, Certificate
Transparency Logs
Some of those are impractical: for example 2FA will not work for us if we
have one shared account with a provider.
Others have already been done: we have a good DNSSEC deployment and manage
passwords properly.
Mainly, I'm curious about investigating Registry lock and CT logs
monitoring, the latter which could be added as a Nagios thing, maybe.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33062>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list