As of midnight, Jan. 12, 2012, you can register for a vanity top level domain (TLD). In other words, this blog entry could appear on www.techsecuritytoday.techsecure or you might be able to look for burgers at www.mickyd. ICANN has thrown open the doors for anyone to choose whatever top level domain they want.
Think this is confusing? Just wait until you have to configure your firewall.
The problem with having a nearly infinite number of TLDs isn’t just the confusion. There’s also a huge probability of fraud. Companies can register for TLDs with company names that are trademarked by others, or they can appear to be something they’re not.
For example, one company is ready to start registering .secure domain names, promising to offer totally secure Internet connections. Presumably this will include support for DNSSEC as well as other services such as screening would-be members of the domain for appropriate security practices.
But then suppose another company chooses a TLD that has another security-related name but makes no effort to be secure? Could people be sucked into using the sites with that TLD, believing they were secure? Worse, suppose you signed into a site with the name such as www.carpayment.yourbank, believing it was a site your bank had set up for loan payments, and it turned out to be a site set up by a cybercrime group.
The fact that the TLD system is confusing is enough of a problem. But then there's the issue with your network security equipment. While most modern firewalls are already capable of handling any TLD, there are some out there that expect to see domains that end in .com, .org, .gov or .edu. They aren’t set up to handle a travel site with a .paris extension. This means your organization will need to spend a lot of time updating its security hardware and software to recognize the new extensions. And this is in addition to making sure the DNS servers will handle the changes.
At the very least, the new TLDs will provide IT and security managers with a new round of headaches. At the worst, they could open a window of vulnerability as your systems struggle to cope with the new names.