Let me ask you a question – do you know about all the subdomains linked to your company‘s main website?
Subdomains are extensions like mail.yourcompany.com
or login.yourcompany.com
that map to the same main domain.
Over 35% of organizations have unauthorized and forgotten subdomains that remain unsecured, according to DomainTools.
And here is why you MUST track and secure subdomains:
✅ Attackers constantly scan for subdomains and exploit any weaknesses to breach networks.
✅ They contain sensitive customer data, credentials, databases that can expose your business if compromised.
I know this can sound intimidating for someone without a technical background.
So in this beginner‘s guide, I‘ll explain exactly:
- What subdomains are
- Why finding and securing them is vital for security
- 6 simple steps to do it yourself in under 60 minutes
Let‘s get you subdomain savvy, shall we?
What Exactly are Subdomains?
Think of subdomains like branches of your main company website. Some examples:
website.com
- login.website.com
- shop.website.com
- forum.website.com
Your root domain is website.com
. But you can have unlimited sub-sections as subdomains.
These typically serve specific functions like login pages, wikis, mail servers and more.
Now under the hood, subdomains function using something called DNS.
DNS stands for Domain Name System – a database that maps domain names to IP addresses.
So when you enter a URL like mail.website.com
– DNS converts this subdomain into the corresponding server‘s IP address to connect your browser.
Each subdomain will have its own unique IP mapping. This allows hosting multiple sites under one domain.
But here‘s the catch – with a complex infrastructure, it‘s easy to lose track of subdomains. Services get deployed without centralized tracking.
And if these forgotten branches remain unmaintained – they pose severe security risks!
Dangers of Unsecured Subdomains
Unmanaged subdomains can allow attackers easy backdoor access into networks by:
❌ Hiding malware – A forgotten testing domain can have vulnerable code where malware can be injected.
❌ Sniffing traffic – Attackers spy on insecure internal communications between subdomains.
❌ Launching phishing – A fake login page on a subdomain tricks users into giving passwords.
Subdomains become a soft underbelly exposing businesses as per this CISA advisory.
And hackers are adept at finding forgotten subdomains using specialized tools:
Now I know this makes you feel helpless. How do you even begin tackling this mess?
Well by methodically following the 6 subdomain security steps I‘ve laid out below:
Step #1: Subdomain Mapping
The only way to tame subdomains is by first mapping what exists.
Use subdomain finder tools to discover what‘s linked to your root domain:
I would highly recommend WhoisXML API‘s Subdomain Discovery tool.
It leverages a vast database of 2.3+ billion subdomains with over 1 million added daily to show you all associated sub-parts.
Simply enter your domain and in seconds you‘ll have this invaluable mapped subdomain list!
Having the lay of the land is key to securing your digital estate.
Step #2: Documentation
Now you likely have a mix of:
✅ Authorized subdomains like shop.yourcompany.com
❓ Unknown ones like dev-server.yourcompany
The next step is documenting this list in an Excel sheet:
Note details like:
✏️ Purpose – The functionality like app login, database etc.
✏️ Owner – The internal team responsible for it
✏️Technology – Languages, frameworks, servers used
✏️Security settings – Who has access and protocols enabled
This will help classify authorized vs unauthorized subdomains.
Step #3: Vulnerability Scanning
You now know what subdomains exist.
But could some have security holes or misconfigurations?
Run them through tools like Detectify or Netsparker to check for:
✅ Broken access controls
✅ Susceptibility to attacks like SQL injection, XSS
✅ Unpatched software vulnerabilities
Remediate any issues immediately by:
🔧 Disabling flawed subdomains
🔧 Applying additional firewall rules
This vulnerability cleansing will stop backdoors.
Step #4: Monitoring
The subdomain sprawl will keep growing with new sites and cloud resources.
So you need 24/7 monitoring via tools like Expanse, SecurityTrails and DomainTools.
Features to leverage:
📈 New subdomain notifications
📈 DNS traffic analysis to detect unwanted communications
📈 Anomaly detection flagging sudden domain changes
Constant vigilance will prevent unauthorized additions.
Step #5: Access Controls
With the list pruned, it‘s time for access hygiene.
Classify subdomains into:
🔐 Internal only – Restrict outside traffic
🔓 External facing – Selectively allow inbound connections
⛔️ Legacy – Decommission unused
Set this using firewalls or subdomain passwords:
Organizing access prevents exploits of legacy domains.
Step #6: Automating Security
Manually tracking subdomains across cloud infrastructure is impossible!
Instead automate security using platforms like CloudKnox Permissions Management.
These will auto-discover resources and enforce policies like:
🛡️ Removing excessive user privileges
🛡️ Detecting shadow IT subdomains
🛡️ Triggering approvals for wildcard certificates
Automation ensures sustained subdomain hygiene.
So there you have it – 6 ways to find and protect subdomains in 2022 as per experts.
While it can seem daunting, I‘ve broken down actionable steps anyone can implement in under 1 hour.
Discovery → Documentation → Scanning → Monitoring → Access Control → Security Automation
Stay safe from the dangers of forgotten subdomains!
Jeremy Collins
Independent Security Consultant