One of the ways computers can become infected or hijacked is from visiting a malicious website. You can obviously install an anti-virus product that has ‘Web Protection’, however it’s often too little, too late. If only there was a way to stop computers from being able to visit the malicious website in the first place. Well there is! Introducing DNS.
You all know what DNS is and the majority of network traffic towards your ISP is DNS:So a method to stop (or at least slow down) computers being hijacked is to stop them from being able to resolve the malicious website in the first place.
Even with locally installed anti-virus software, you have already resolved the website address and hit the site before the AV might kick in!
DNS based protection stops you being able to resolve the site in the first instance, with not a single bit of malicious website data ever touching your computer.
We’ll be showing two ways to enable DNS based website protection, the best method and the free method.
Being a Cisco partner, the best way is obviously by using Cisco’s Umbrella service. Cisco’s Umbrella basically checks outbound DNS queries (transparently) and intervenes if required.
Cisco Umbrella is a subscription based service, based on user counts. Configuration is easy.
Setting up Web Protection
The Best method:
- Log into your router, in this example we are using a Cisco ISR 1100 Router
- Click into Configuration > Threat Defense
- Click Cisco Umbrella
- Drag your LAN & WAN interfaces as required and then Click Apply
All done in 3 steps!
The Free method:
- Log into your Server
- Open DNS Manager
- Right-Click your DNS Server, choose “Properties”
- Click Forwarders > Edit
- Add OpenDNS’s Free DNS Server (Yes, I know, Cisco owns them now!)
220.127.116.11 & 18.104.22.168
- Click OK all the way out.
You can use the OpenDNS servers on any device that requires a DNS Server to be entered. If you visit their site opendns.com you can also sign-up for a free home parental based DNS server which filters age based content among other things.
As with all our articles, please feel free to reach out if you need help with any of this.