The web is in a continuous state of dynamic development, with websites being created, updated, and deleted every day. These websites are the digital equivalent of a rented property. Similar to physical properties, visitors will need a precise address to visit you.
For example, think of an apartment building with letters attached to apartment numbers (e.g. 8A, 11B) – they are all in the same location, yet specific addresses vary depending on what – or who – you are looking for. This specific address would be the URL (Universal Resource Locator), a full set of directions containing detailed information on how to get to your destination.
Now, the internet works on a much larger scale, so let’s compare that to a phone book which registers all these specific addresses.
'The internet’s phone book' - Home of Domains
If the internet is like a phone book, and a web page is like a physical building, and a URL is the precise street address of that building, then the IP address would be like the car that helps the visitor travel to that destination. An IP address is formatted as a sequence of numerical instructions (e.g. 184.108.40.206) to help a computer reach its destination. However, humans are less equipped to remember these long codes. The use of domains solves that problem by linking an easy-to-remember nickname to the exact location of the IP address. After all, it’s much easier to remember "www.example.com” instead of “220.127.116.11”.
The addresses are registered and regulated in a ’listing of nicknames’, known as a DNS (Domain Name System) server. The DNS automatically assigns the alphabetical nicknames to a numerical IP address.
It is important to note that the domain name is generally segmented into three parts:
- www. - the subdomain prefix
- .example. - the subdomain
- .com - the top-level domain
Often, the top-level domain may point the visitor to the general geo-location of the address. Think for example of “.nl” for the Netherlands, “.de” for Germany, and “.com” as an international domain.
The subdomain – and subdomain prefix – help your website visitors to navigate through the different sections of your website. However, it becomes increasingly difficult for your visitors to navigate your website the more sections you add (e.g. ”store.example.com” or “blog.example.com” or “pki.example.com.s3.-website-us-east-1.example.com”).
“Hello, operator?” - Digital Switchboard
This problem is solved with the help of a CNAME (Canonical Name) record. The CNAME can be compared to an ‘automatic phone operator’ – or ‘switchboard’ – which helps you reach the right subdomain by telling the DNS server what you are initially looking for.
For example, by automatically resolving your visitors’ search for the domain “pki.example.com” to “pki.example.com.s3-website-us-east-1.example.com”. This guides your visitors to the exact subdomain they’re looking for without requiring them to memorise the full domain name.
“Sorry, wrong number” - Deadly (or Dark) Domains
Now that you have set up and decorated your digital property and its various sections, you don’t want any crooks vandalising or entering any part of your domain. Unfortunately, these ’subdomain takeovers’ still happen on a regular basis. This is when a malicious actor decides to exploit your CNAME's redirect to manipulate the visitors’ search of your (sub)domain, or even infiltrate your subdomain.
That can happen when you cancel a subscription to a subdomain name, but forget to unlink the CNAME record. In that case, anyone can re-register the subdomain to make it operational again. And once accomplished , they will be able to display their own content on your web page, leading to several risks such as defacement, domain squatting, brand abuse, or even the scamming of your visitors with fake login screens.
“Who you gonna call?” - Digital Footprint monitoring
Keeping home intruders out, such as people pretending to be the postman (i.e. third-party risk), can be challenging without a dynamic, holistic overview of your doors and windows (i.e. your domains and subdomains configurations). Leveraging your floorplan - being your digital footprint - will make you stay one step ahead of threat actors and effectively prevent the risks of a subdomain takeover.
To learn how your digital footprint can minimise the risks, read our whitepaper “Subdomain Takeover: How does it happen & how to prevent it”.
Justin Frank is an Information Security Officer at Cybersprint.
With a background in Safety & Security Management, he is responsible for aligning internal privacy and security policies. Justin is driven by an ambition to open the dialogue about cybersecurity in a wider societal context.