Corp.com, a Domain Name System (DNS) provider, is one of the companies that are on the top list of U.S. Department of Homeland Security for monitoring. After 26 years, the owner of this company (Corp.com), decided to put this in auction for a starting bid of $1.7 million. Mike O’Connor (owner), born from Wisconsin, announced that he decided to sell the company as reported this February. And as expected and should happen, Microsoft purchased this company.
With the large companies that use Microsoft Windows Active Directory program, they see a possible security risk with Corp.com, once deployed in corporate networks. Active Directory uses ‘Corp’ usually as a second-level domain DNS name for a corporate network path. With this, a user can access a particular drive/folder through the network by typing only its name rather than typing the whole network path. That should be enough for Windows to run the program automatically.
However, with the prominent utilization of the internet and the need to access corporate data outside the company, began this new problem for ‘namespace collision.’ This scenario was not a big issue back then as doing business was only made inside the company. Thus, System Administrators are complacent that the data cannot be breached easily.
The namespace collision happens when a device accesses corporate data outside the company limit through the internet.
Since most companies are under Windows-powered machines, and it uses as default, the word ‘Corp’ for their network sublevel domain – this may cause an overlap to the system of Corp.com. If someone had access to this domain (Corp.com) and had a malicious intention, they could easily use it to harvest all the passwords and emails and all the other sensitive data of the company.
Though Microsoft tried its best to issue patches with tightening its security, a leakage due to the overlapping is inevitable. The company may resort not to use the ‘Corp’ name on their network setup, and this will cause a significant impact on the latency of the applications they use daily and would require an occasional reboot. Thus, most company risks using the default and just acquired a few remote security features rather than suffer production issues.
With this acquisition, Microsoft has yet again shown its strong commitment to customers’ security by keeping its system protected. A valuable lesson learned when a company that has tied their internal Active Directory network to a domain they do not own, is opening itself to a possible security dilemma.
Though the terms and price were not explicitly reported, this action can be concluded as an excellent investment for Microsoft.