Closed ghost closed 9 years ago
Milly,
Securing domain names is definitely a requirement for every website, whether it serves the cryptocurrency industry or not.
CCSS is designed to focus solely on the cryptocurrency component of a business, and not on the business as a whole. It's a compliment alongside ISO27001 and other standards that apply to businesses.
Domain name security is covered under the business side of things, but you bring up a good point - without proper validation of webservers, a MITM attack can be leveraged which can lead to the theft or loss of coins. A tweak to one of the 10 aspects may be able to cover this.
Thanks for the suggestion!
I think references some other applicable standards in this standard may cover it.
Closing this issue since it's not cryptocurrency-specific. Accurate DNS information is covered by other information security practices and would be duplicated if it were added to CCSS.
I would consider adding a section about network and domain name security. A number of Bitcoin companies have been attacked through their hosting or domain names. Some have been hacked by tricking the hosting company into giving them KVM access. Others have been attached through insecurities in their domain name registration and whois records. There is a general lack of knowledge in this area with Bitcoin companies and attacking a web site through it hosting and domain names is one of the first things an attacker does.