You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/security/fundamentals/subdomain-takeover.md
+13-2Lines changed: 13 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,7 +13,7 @@ ms.devlang: na
13
13
ms.topic: article
14
14
ms.tgt_pltfrm: na
15
15
ms.workload: na
16
-
ms.date: 09/29/2020
16
+
ms.date: 02/04/2021
17
17
ms.author: memildin
18
18
19
19
---
@@ -22,7 +22,7 @@ ms.author: memildin
22
22
This article describes the common security threat of subdomain takeover and the steps you can take to mitigate against it.
23
23
24
24
25
-
## What is subdomain takeover?
25
+
## What is a subdomain takeover?
26
26
27
27
Subdomain takeovers are a common, high-severity threat for organizations that regularly create, and delete many resources. A subdomain takeover can occur when you have a [DNS record](../../dns/dns-zones-records.md#dns-records) that points to a deprovisioned Azure resource. Such DNS records are also known as "dangling DNS" entries. CNAME records are especially vulnerable to this threat. Subdomain takeovers enable malicious actors to redirect traffic intended for an organization’s domain to a site performing malicious activity.
28
28
@@ -141,6 +141,15 @@ Ensuring that your organization has implemented processes to prevent dangling DN
141
141
142
142
Some Azure services offer features to aid in creating preventative measures and are detailed below. Other methods to prevent this issue must be established through your organization’s best practices or standard operating procedures.
143
143
144
+
### Enable Azure Defender for App Service
145
+
146
+
Azure Security Center's integrated cloud workload protection platform (CWPP), Azure Defender, offers a range of plans to protect your Azure, hybrid, and multi-cloud resources and workloads.
147
+
148
+
The **Azure Defender for App Service** plan includes dangling DNS detection. With this plan enabled, you'll get security alerts if you decommission an App Service website but don't remove its custom domain from your DNS registrar.
149
+
150
+
Azure Defender's dangling DNS protection is available whether your domains are managed with Azure DNS or an external domain registrar and applies to App Service on both Windows and Linux.
151
+
152
+
Learn more about this and other benefits of this Azure Defender plan in [Introduction to Azure Defender for App Service](../../security-center/defender-for-app-service-introduction.md).
144
153
145
154
### Use Azure DNS alias records
146
155
@@ -199,6 +208,8 @@ It's often up to developers and operations teams to run cleanup processes to avo
199
208
200
209
To learn more about related services and Azure features you can use to defend against subdomain takeover, see the following pages.
201
210
211
+
-[Enable Azure Defender for App Service](../../security-center/defender-for-app-service-introduction.md) - to receive alerts when dangling DNS entries are detected
212
+
202
213
-[Prevent dangling DNS records with Azure DNS](../../dns/dns-alias.md#prevent-dangling-dns-records)
203
214
204
215
-[Use a domain verification ID when adding custom domains in Azure App Service](../../app-service/app-service-web-tutorial-custom-domain.md#get-a-domain-verification-id)
0 commit comments