THE TRUSTED GATEWAY. A simple strategy for managing trust in a diverse portfolio of domains. Author: Gunter Ollmann, CTO

Transcription

1 THE TRUSTED GATEWAY A simple strategy for managing trust in a diverse portfolio of domains Author: Gunter Ollmann, CTO

2 INTRODUCTION Managing a corporate presence and associated transactional businesses on the Internet may have the outwards appearance of a swan gliding gracefully upstream, but behind the scenes webbed feet are paddling with abandon. For most organizations, their online presence extends beyond a single web server through which customers, affiliates, and partners can conduct business with. They also manage a portfolio of domain names and host names; often with servers hosted in different physical locations and serviced by a multitude of providers. As an organization grows, it adds new services, new products, new businesses and lines of business. Online brands change frequently as they wax and wane with client demands and market forces. The combination of these and other factors mean that organizations are constantly evolving their online brand whilst trying to maintain trust and ensuring that customers can easily locate their most current business offerings. Meanwhile the dynamic nature of the Internet, and the ease through which cybercriminals and counterfeiters can hijack an organizations brand or credibility and target their customers, continues to cause erosion of both sides of the trust equation. Whether it is hunting for an authoritative source for investor relations, news or affiliates, all users of the Internet are looking for an easy way to locate and securely engage with businesses online today. The answer being sought is the location of an organization s trusted gateway a gateway through which they know that they can securely and reliably reach the parts of the business they want or need to. This paper explains how to achieve that answer NCC Group Whitepaper 2

3 THE.TRUST DOMAIN The.trust domain name is a new generic top-level domain (gtld) designed to identify organizations and brands that operate at the highest levels of Internet security and are verifiably adhering to industry best practices that keep their customers and business partners safe from the growing plague of Internet-borne threats. Websites and online services accessible over the Internet using a.trust domain name may only conduct business over safe encrypted communication channels and are constantly monitored and assessed for compliance against the.trust technical policy. These gateway sites (operating under a.trust domain name) therefore serve as the primary and trusted entry point for customers to reach any other online service the organization offers. In turn, customers and partners know that when confronted with numerous search results or word-soup links from third-party websites, s, or social media sites, that they can reliably and securely browse to the organization s.trust website and that any link or content from that trusted gateway is both verifiably secure and authorized by the organization they have chosen to engage with. The.trust technical policy was built after two years of input by almost a hundred of the best technical security and operational business minds in the industry, and is currently overseen and maintained by an independent advisory board who ensure that it accurately reflects the high bar in best practices for securing the Internet services we all depend upon. In order for an organization to provide Internet services under a.trust domain name, those services must reach (and maintain) the high bar set by the.trust technical policy. Some organizations may require a longer period of time to bring their wide array of servers, services, and hosting facilities up to the.trust standard. As such, those organizations may wish to prioritize on a handful of key customer or partner services that will act as secure gateways to yet-to-be compliant services, affiliated corporate sites, authorized partner or franchise sites, or other trusted online services. NCC Group Whitepaper 3

4 THE.TRUST GATEWAY As a trusted entry point to a company s portfolio of web services, partner sites, or verified third-party resellers, the Trusted Gateway (TG) operates as the hub for a web of connections and communication channels. Customers, clients, or prospects learn to associate an organization s.trust domain (e.g. as the primary and most secure means of reaching them. Once engaged with the TG, those visitors can be confident about the systems or services that are linked to from the site are authorized If a user mistakenly types or follows an older domain name (e.g. their web browser or mobile application can be automatically redirected to the TG (e.g. trust). Figure 1: Hub and spoke configuration of the.trust Trusted Gateway (TG) model As the organization adds new systems and those systems become compliant with the.trust technical policy, they too can acquire.trust domain names and can be easily linked to from the TG. For organizations that have previously invested in building up the online profile and SEO of an existing online service (e.g. www. yourbrand.com, or shop.yourbrand.com), that investment can be maintained by keeping an older domain (or entire portfolio of domain names) and automatically redirecting to the new secure.trust domain name (e.g. or shop.yourdomain.trust). Figure 2: Through simple DNS configuration changes or server-side redirection at the web server, the customer s web browser can be transparently redirected from the legacy domain name to the new.trust domain name associated with the TG. For regionalized domain names (e.g. many organizations find it easy to redirect to a regional page within the TG (e.g. All popular commercial search engines will identify the redirection techniques (DNS changes, server-side redirection, or client-side redirection) made by an organization as they move legacy web services under a.trust domain name and positively alter their search results accordingly without adversely affecting past SEO efforts. In a short amount of time the search engines will have learned that the TG is the preferred online route to your organization. NCC Group Whitepaper 5

5 Privacy and Integrity All devices and services operating within the.trust community and entrusted with a.trust domain name must communicate over encrypted protocols. By encrypting communications between the internet user and the TG, their communications (including page requests, metadata, and browsing patterns) remain private and free from eavesdropping and tampering. By incorporating legacy systems in the same continual monitoring process the organization can plan and track their assets progress towards full.trust compliance (thereafter moving the asset in to the.trust community), and quickly identify and be alerted to any security vulnerabilities that would affect the integrity of the system and the data it holds Integrity The trusted gateway approach extends beyond web browser interaction to also encompass secure communications. A core tenet of the.trust approach includes the security and validation of sending achieved through standards such as Domain-based Message Authentication Reporting & Conformance (DMARC), Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). Figure 4: Continual scanning and monitoring of both.trust assets and non-.trust assets can be achieved and managed through a single consolidated portal for reporting on.trust technical policy compliance and for vulnerability management. The enforced use of standards such as DMARC, SPF and DKIM allows customers in receipt of s from.trust domains to be 100 percent confident that these s have indeed come from those domains, making them much more trustworthy and far less likely to be the source of malware. In addition, at an Internet mail gateway to Internet mail gateway level, the verification and integrity checking of the servers actually sending or routing the reduces the probability that communications may be errantly identified as spam and therefore not make its way in to a customer s inbox To further ensure the privacy of a user s communications, all links to any other sites (.trust or not) available via the TG must also be over encrypted protocols. It should also be noted that the.trust technical policy requires use of a minimum set of approved ciphers for the all.trust community systems (making it substantially more difficult for governments or sophisticated entities decrypting the communications now or in the future). Figure 5: for yourbrand.trust is managed by the mail server (mail. yourbrand.trust). Any received by the customer, client, or prospect purporting to have come from yourbrand.trust can be automatically verified through security credentials. Other authorized sub-domain names (e.g. shop.yourbrand.trust) can similarly route through the primary mail server (mail.yourbrand.trust) to reach their destination. NCC Group Whitepaper 6

6

7 CONCLUSIONS For organizations at the earlier stages their journey towards corporate-wide.trust compliance, the Trusted Gateway represents both a practical and convenient means of gaining many of the customer-focused brand protection and management aspects of the full.trust solution. Customers, clients, and prospects can easily locate the most trusted and secure gateway to the organization and the brands it owns, and have confidence that their electronic journey to a specific branded site, retailer, or business partner has already been validated and authorized removing the prospect of falling in to the trap of fraudulent or counterfeit products and services. References Domain-based Message Authentication Reporting & Conformance (DMARC) - Sender Policy Framework (SPF) - DomainKeys Identified Mail (DKIM) - Organizations that implement a Trusted Gateway under the.trust domain system retain control over their affiliate networks and are able to optimize their online spend for SEO and brand integrity. By moving primary mail communications to a.trust domain and adhering to the.trust technical policy, an organization prevents many of the social engineering threats that cybercriminal target customers with and, at the same time, allow the organization to have a higher confidence that legitimate communications by them reach their customers without being errantly flagged as spam. NCC Group Whitepaper 7

8