Domain security: That's our business

The security of your domains is our business, so BrandShelter focuses on security at every level, including internal system security scans to ensure the highest data integrity standards.

  • Benefit from our secure domain management system.
  • Use divisional levels of access to your portfolio and customized user permissions.
  • Know whenever a change has been made to the whois record.

Use our secure domain management system!

Our proven and reliable processes and systems ensure that your domain portfolio is safe secure and well protected with BrandShelter. We have taken great care to ensure your domain portfolio is safe with us.

We protect your domains!

  • Default auto renewal policy for all managed domain names
  • Additional checks after each renewal to verify each domain was renewed successfully
  • Super locks of domains where permitted at the registry
  • Changes to domains and accounts are limited to only authorized users: customizable permissions, geographic access limitations, challenge questions and PIN authentication, business processes to prevent social engineering.

We keep track of your domains!

  • Continuous monitoring of renewal dates
  • Escalating levels of expiry notification as date of expiration approaches
  • Domain portfolio review to verify that all domains have registrar locks
  • Domain portfolio review to determine if best practices are being followed (e.g. no individual names associated with the whois record unless required by the registry)
  • Whois monitoring of changes to the whois record

We are available – at any time!

  • Contact us around-the-clock - 24/7 crisis management with less than 1 hour response time.

Domain Lock - Ultimate Domain Protection

Cyber-crime, security leaks and domain hijacking pose a real threat to businesses. An active registry lock prevents unauthorized access to a domain name and thus to your web presence at registry level.

Only an authorized person can make changes to a locked domain name. Accidental or malicious domain changes, unplanned DNS changes or unintended deletion of a domain name are no longer possible, making Registry Locks a must for the critical digital resources of any organization.

Registry Lock is a security product that can be set up by the BrandShelter team at any time in the life of a domain name and is offered for many TLDs from different registries.

BrandShelter provides advice and recommendations on which domains should be locked and manages the entire process on the customer’s behalf.

How do we protect your domain portfolio?

Reliable DNS Solutions

With BrandShelter you can choose the DNS solution which best suits your needs. Choose from our cost-free Unicast Standard DNS solution, our global Anycast set with 9 geographic locations, or the high-availability global Anycast set with a more decentralized service featuring 20 unique locations. We allow you to use two separate DNS providers simultaneously, for optimal DDoS mitigation. BrandShelter also provides full DNSSEC support. Read more about our DNS solutions here.

Secure Management Portal

Our management portal is developed with security in mind and utilizes proven security techniques throughout the whole software development life cycle. We protect against: Ajax, CSS, SQL, and Command line injections, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), Privilege Escalation, Redirection attacks, Session hijacking, Session replay attacks and more. We perform regular security scans of our systems (internal and third party) in order to guarantee the highest level of security for your data with the highest standard of 2,048 Bit forced TLS encrypted access. Additionally, system logs record each action or request made by individual users.

Hierarchical Approval Processes

Our hierarchical approval system can be used to ensure your collaborative business-critical processes are guarded with self-configured approval settings, preventing actions until all stakeholders have indicated approval. Our system allows multiple approval hierarchies if needed, so that if the managers of one hierarchy approve a transaction, the action may then progress to the next hierarchy for approval. The action is not carried out until approved by the last member of the relevant hierarchical tier. Hierarchical configurations per division are also possible.

Two-Factor authentication

Secure your account with a second user authentication factor. Choose between SMS or RFC 6238 compatible OTP applications like Google Authenticator. In addition to safeguarding user sign-in, two-factor authentication can be implemented for certain actions, such as domain modifications or DNS changes. Two-factor authentication can be set according to the needs of individual division or business unit. 

Fine-grained user permissions

User permissions are fully customizable. For as many users as your business model requires, each user action can be allowed or disallowed according to your specifications. Your domain portfolio can be arranged in groups such as divisions, each with its own customizable user access, permissions, and billing configuration User access can also be restricted by IP address or range.

Data Center

Boasting a TÜV-certified Tier III data center in Germany, we provide comprehensive data protection and ensure 100% compliance with the German Federal Data Protection Act and the European General Data Protection Regulation. As a German data center, the USA Freedom Act / Patriot Act do not apply, preventing access by US authorities.