Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Domain Management

Domain Management

Section titled “Domain Management”

5 automated security scanners

Domain Expiration Management

Section titled “Domain Expiration Management”

Purpose: The Domain Expiration Management Scanner is designed to proactively detect and address critical issues related to domain management, ensuring that domains are renewed in a timely manner to prevent service disruptions and potential security vulnerabilities.

What It Detects:

  • Domain Expiration Date: Checks the expiration date of the domain certificate and alerts if it expires within 30 days.
  • DNS Record Integrity: Verifies TXT, MX, NS, CAA, and DMARC records for correctness and completeness, detecting missing or malformed records that could indicate misconfiguration.
  • HTTP Security Headers: Inspects security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options, identifying missing or improperly configured headers that expose the domain to attacks.
  • TLS/SSL Certificate Issues: Examines TLS/SSL certificates for deprecated protocols (e.g., TLSv1.0, TLSv1.1) and weak cipher suites (e.g., RC4, DES, MD5), flagging outdated or insecure configurations that could be exploited by attackers.
  • Port Scanning and Service Fingerprinting: Conducts port scanning to identify open ports and services, and performs service fingerprinting to determine the software versions running on identified services, which can help in identifying vulnerabilities.

Inputs Required:

  • domain (string): The primary domain to analyze (e.g., acme.com).

Business Impact: Timely management of domain expiration is crucial for maintaining uninterrupted service and ensuring that the organization’s digital assets are secure. Mismanagement can lead to service disruptions, loss of brand reputation, and increased vulnerability to cyber threats.

Risk Levels:

  • Critical: The scanner flags domains with less than 30 days until expiration without a renewal plan or alerted by an authorized representative.
  • High: Domains with expired certificates that have not been renewed despite reminders from the organization.
  • Medium: Domains with misconfigured DNS records, such as missing critical records like DMARC or CAA, which could lead to email security issues.
  • Low: Informational findings related to outdated but secure TLS/SSL configurations and minor HTTP header misconfigurations that do not pose immediate risks.
  • Info: Findings related to unmonitored domains or those with no upcoming expiration dates, indicating a need for strategic planning in domain management.

Example Findings:

  1. A critical finding indicates that the primary domain “example.com” is set to expire within 30 days without any renewal action planned by the organization. This poses a high risk of service disruption and potential security vulnerabilities if not addressed promptly.
  2. A medium severity issue was identified in the DNS settings of “acme.org”, where the DMARC record was missing, which could lead to significant email security risks as it prevents proper handling of bounce messages and reduces trust in the organization’s emails from being marked as spam or phishing attempts.

Domain Transfer Protection

Section titled “Domain Transfer Protection”

Purpose: The Domain Transfer Protection Scanner is designed to identify and assess various protections in place for domain management, including transfer locks, unauthorized modification protections, and mechanisms against phishing and man-in-the-middle attacks. This tool aims to ensure that domains are securely managed and less susceptible to unauthorized transfers or exploitation.

What It Detects:

  • Transfer Lock Status: The scanner checks the presence of a transfer lock on the domain by querying DNS TXT records for specific flags or indicators.
  • Domain Theft Prevention Mechanisms: It examines DNS CAA (Certification Authority Authorization) and DMARC (Domain-based Message Authentication, Reporting & Conformance) records to ensure authorized certificate authorities can issue certificates and verify email authentication policies respectively.
  • Unauthorized Modification Protection: The scanner inspects DNS NS (Name Server) and MX (Mail Exchange) records to confirm that only authorized name servers and correct mail exchange servers are listed, preventing unauthorized changes to the domain’s settings.
  • Security Headers: It checks HTTP responses for security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options to enforce secure communication and mitigate common web vulnerabilities.
  • TLS/SSL Configuration: The scanner inspects TLS/SSL certificates for outdated protocols, weak cipher suites, validates the certificate chain, and checks for expiration dates to prevent man-in-the-middle attacks.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com). This is essential for all detection processes as it defines the scope of the analysis.

Business Impact: Ensuring that domains are securely managed and protected against unauthorized transfers or modifications is crucial for maintaining a secure digital environment, protecting brand reputation, and preventing potential cyber threats such as phishing attacks and domain theft.

Risk Levels:

  • Critical: Conditions where the presence of transfer locks is not detected, indicating significant vulnerabilities in domain security management that could lead to unauthorized access or theft.
  • High: The absence of CAA records, which are critical for controlling who can issue certificates for a domain, posing a high risk of phishing and man-in-the-middle attacks.
  • Medium: Inadequate DNS NS or MX record configurations that may allow unauthorized changes to the domain’s settings or point to compromised servers, contributing to potential security vulnerabilities.
  • Low: Minor issues with outdated TLS protocols or weak cipher suites in SSL/TLS certificates, while still important for improvement, do not pose a significant risk without other critical vulnerabilities present.
  • Info: Informational findings regarding the presence of DMARC records and secure HTTP headers that enhance email authentication and web security but are less critical than the above risks.

Example Findings:

  • A domain with an active transfer lock indicates a high level of protection against unauthorized transfers (Critical).
  • A lack of CAA records on a financial institution’s domain would be considered highly risky, potentially leading to severe financial losses if certificates are issued by unauthorized entities (High).
  • Incorrect configuration of MX records that point to compromised servers could lead to email delivery failures and increased risk of phishing attacks (Medium).

Domain Access Controls

Section titled “Domain Access Controls”

Purpose: The Domain Access Controls Scanner is designed to identify vulnerabilities in registrar account security, DNS management restrictions, and administration limitations. It aims to ensure robust domain management practices by detecting potential weaknesses such as weak passwords, lack of two-factor authentication, unauthorized changes to DNS settings, inadequate access controls, and insecure HTTP headers.

What It Detects:

  • Registrar Account Security:

    • Weak or default passwords are detected.
    • Two-factor authentication (2FA) implementation is verified.
    • Secure login methods and account recovery procedures are assessed.

  • DNS Management Restrictions:

    • Proper configuration of TXT, MX, NS, CAA, and DMARC records is validated.
    • Unauthorized modifications to DNS settings are uncovered.
    • DNSSEC implementation for protection against DNS spoofing attacks is checked.

  • Administration Limitations:

    • Access controls and permissions for domain management tools are evaluated.
    • Role-based access control (RBAC) is verified.
    • Logging and monitoring of administrative activities are scrutinized.

  • HTTP Security Headers:

    • Inspects security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.
    • Detects missing or improperly configured security headers.

  • TLS/SSL Inspection:

    • SSL/TLS certificates are analyzed for validity, expiration, and proper configuration.
    • Weak cipher suites (e.g., TLSv1.0, TLSv1.1, RC4, DES, MD5) and outdated protocol versions are identified.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com).

Business Impact: Ensuring robust domain management practices is crucial for maintaining the integrity and security of online assets. This scanner helps in identifying potential vulnerabilities that could be exploited by malicious actors, thereby enhancing overall cybersecurity posture.

Risk Levels:

  • Critical: Conditions where weak passwords are detected or unauthorized changes to DNS settings are identified without proper authorization.
  • High: Issues with missing or improperly configured security headers and TLS/SSL certificate issues that do not meet modern security standards.
  • Medium: Inadequate access controls in domain management tools and incomplete implementation of RBAC.
  • Low: Informational findings regarding outdated software versions used for DNSSEC and HTTP headers, which may require updates but does not pose immediate risk.
  • Info: General information about the configuration of DNS records and SSL/TLS settings that provide context but do not directly indicate a security issue.

Example Findings:

  1. A registrar account has default password set to ‘password123’, which is considered weak and should be changed immediately for critical security enhancements.
  2. Unauthorized changes were detected in the DNS settings, specifically altering MX records without proper authorization, posing significant risk of domain mismanagement and potential phishing attacks.

Shadow Domain Detection

Section titled “Shadow Domain Detection”

Purpose: The Shadow Domain Detection Scanner is designed to identify unofficial domain registrations that could be used for malicious purposes such as phishing, brand hijacking, or unauthorized marketing campaigns. It aims to maintain the integrity of a company’s online presence by detecting domains that do not align with official branding and usage policies.

What It Detects:

  • Unofficial Domain Registrations: Identifies domains that are registered but not officially recognized by the organization, potentially leading to confusion among users due to similar or identical names to the official domain.
  • Marketing Campaign Domains: Scans for domains used in marketing campaigns without proper authorization, including subdomains or top-level domains that mimic the official brand but are not controlled by the organization.
  • Project-Specific Domains: Identifies project-specific domains that have been registered but not officially documented or managed, posing potential security risks.
  • DNS Record Anomalies: Examines DNS records for inconsistencies or unauthorized configurations, such as TXT, MX, NS, CAA, and DMARC records.
  • TLS/SSL Vulnerabilities: Inspects SSL/TLS certificates and configurations for known vulnerabilities including outdated protocols or weak cipher suites.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)

Business Impact: This scanner is crucial for protecting a company’s digital assets, reputation, and customer trust by proactively identifying unauthorized domains that could be used in malicious activities. It helps maintain the integrity of the organization’s online presence and ensures compliance with branding and usage policies.

Risk Levels:

  • Critical: Conditions where unofficial domain registrations are discovered that could lead to immediate brand confusion or significant security risks, such as unauthorized access points for phishing or data theft.
  • High: Conditions where domains mimic official branding but lack proper authorization, posing a risk of user deception and potential legal repercussions.
  • Medium: Conditions where DNS records show anomalies or SSL/TLS configurations are insecure, indicating potential misconfigurations that could be exploited by attackers.
  • Low: Conditions where minor discrepancies in DNS records or outdated TLS protocols do not pose significant risks but should still be addressed for best security practices.
  • Info: Conditions where findings are purely informational and do not directly impact security posture but can serve as a baseline for further analysis and policy refinement.

Example Findings:

  1. A domain “phishing.acme.com” was detected, which closely resembles the official domain “acme.com.” This could lead to user confusion and potential phishing attacks.
  2. An unauthorized subdomain “marketing.acme.org” was identified, used for marketing campaigns without official authorization, posing a risk of brand misuse and potential legal issues.

Domain Portfolio Governance

Section titled “Domain Portfolio Governance”

Purpose: Ensures domain inventory completeness, registration management, and ownership verification to prevent unauthorized domain usage and ensure compliance with organizational policies.

What It Detects:

  • Domain Inventory Completeness: Checks for missing domains in the organization’s portfolio and verifies that all registered domains are accounted for in internal records.
  • Registration Management: Validates domain registration details such as expiration dates, registrant information, and contact data, ensuring domains are registered with authorized registrars only.
  • Ownership Verification: Confirms that the organization owns or has proper authorization to use each domain, verifying DNS records (TXT, MX, NS, CAA, DMARC) for consistency with organizational policies.
  • Security Headers Analysis: Inspects HTTP responses for presence and correctness of security headers like Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.
  • TLS/SSL Inspection: Evaluates SSL/TLS configurations, including certificate validity, cipher suites, and protocol versions. Identifies deprecated or insecure protocols and ciphers.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)

Business Impact: Ensuring the proper management of domains is crucial for maintaining a secure digital environment where authorized use prevails over unauthorized access. This directly impacts the security posture by preventing potential breaches and legal issues arising from unauthorized domain usage.

Risk Levels:

  • Critical: Conditions that could lead to immediate, severe consequences such as data loss or significant regulatory fines due to unauthorized domain usage or non-compliance with organizational policies.
  • High: Conditions where there is a high risk of unauthorized access or policy violations, leading to potential security breaches and legal issues.
  • Medium: Conditions where the risk is moderate but still poses a threat if not addressed promptly; could lead to minor security incidents or compliance violations.
  • Low: Conditions with minimal impact on security posture that can be resolved without immediate concern for critical systems or data integrity.
  • Info: Informative findings that provide insights into domain management practices but do not pose an immediate risk.

Example Findings:

  • “Missing domain example.com from inventory.”
  • “Domain acme.com registered with unauthorized registrar.”
  • “DNS TXT record for acme.com does not match organizational policy.”
  • “Insecure TLSv1.0 detected on https://acme.com