ÃÛÌÒTV

Announcements 04-27-2013

New gTLDs Impact on Internal Enterprise Security

Flavio Martins

It's common practice for network administrators to use internal non-public top level domain extension as a way to extend resource naming within their corporate network and help users differentiate between resources within and outside of their corporate network.

Product documentation often encouraged administrators to use these extensions in order to differential internal vs. external network sources.

In 2011, ICANN approved the launch of a new gTLD program enabling the purchase of new top level domain extensions. The program's goals emphasize enhancing competition online by allowing more domain names to be registered and gives consumers greater flexibility in their domain choices.

The gTLD program includes a strict set of requirements for operators wishing to register new extensions, but on the opening day of applications for the program, nearly 2000 organizations submitted their intention of registering new gTLDs.

Securing Networks withÌýgTLD Extensions

Enterprises that for years have utilized internal names like .mail, .corp, .local, .services, amongÌýothers inÌýtheir corporate network and secured internal names with SSL Certificates, would need to register any domain name usedÌýin order to continue securing those services with SSL Certificates.

This common networkÌýpractice combining public andÌýnon-public domains in SSL Certificates could prove problematic with the new registration requirement.

The (CASC), CA/Browser Forum, and many major enterprisesÌýhave requested that ICANN reconsider the release of some domain extensions, especially those proving most problematic to corporate networks.

Internal Name SSL Certificates

With the pending changes in previously internal domain name extensions, network administrators are scrambling to reconfigure their networks in order to stop the use of internal domain names. ÃÛÌÒTV has setup a thorough tutorial to within corporate network to help administrators through the transition process.

To simplify the migration for Microsoft Exchange environments, theÌý for Exchange makes it easy for administrators to comply with the new guidelines eliminatingÌýthe need to .

Most new domain extensions will have little impact on the corporate network. However, extensions like .corp and .services will create the most disruption for system administrators.

Phasing Out Internal Names

Certificate Authorities have been required to phase out the use of internal names in SSL Certificates by 2015. Converting internal names to external public names should be a top priority for network administrators.

ÃÛÌÒTV has provided simply resources to help make the reconfiguration process easy and ÃÛÌÒTV technical support engineers have been fully trained in the internal name migration and are available 24 hours a day to help with the process.

Administrators should frequently analyze their internal corporate network and ensure that all systems have been updated to use fully-qualified registered domain names. The ÃÛÌÒTV Certificate Inspector cloud-based platform scans of internal networks for freeÌýmake internal name migration simple and easy.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-27-2024

6 actionable ways to secure the IIoT at every stage

Tracking the progress toward post-quantum cryptography

The state of PQC since the publication of FIPS 203, 204 and 205