The DNS, the address book of the internet, has long been plagued by malicious domains with little hope for effective recourse against this abuse by its bookkeepers: the registrars. ESET brings its protective technology to bear on this pestilence.

Since the early 1980s, the Domain Name System (DNS) has been used for looking up the Internet Protocol (IP) addresses of domain names, now probably best known entered into browser address bars, but widely queried by applications. For most internet users, the work that the DNS performs likely goes completely unnoticed, yet nearly all our activities on the internet begin with a DNS lookup. Monitoring DNS lookups can provide a comprehensive view into the traffic flowing through devices and is a critical point of security control.

Filtering out malicious and suspicious domains is a constant battle to stay protected. Ideally, malicious domains would never be registered in the first place or at least quickly detected and dealt with by delisting, blocking access to, or redirecting traffic away from them (aka sinkholing them). However, registering a new or recycled domain name under a false identity is a fast, simple, and cheap process that has allowed various threats to scale up quickly.

Filtering network traffic for security

The response from the security industry to the abuse of the DNS has been to build automated systems that continually analyze domains for malicious behavior and to create domain blocklists. These lists are then fed into various security products and threat intelligence data feeds to better inform security decisions about allowing connections to specific domains. For example, the anti-phishing database maintained for ESET security products is updated every 20 minutes so that customers can receive protection against the latest phishing websites.

Filtering network traffic against blocklists is no stranger among the security practices of internet service providers (ISPs) and network administrators. Indeed, this is the very task that firewalls have been put to since the mid-1980’s: decapsulate the packets that reach the firewall, look at the IP addresses, the domain names, the protocols, and the port numbers, and if anything is on a blocklist, appears suspicious, or is a communication forbidden by the firewall’s administrators, then block it or raise a warning flag.

With the right fine-tuning, network and endpoint firewalls can be effective as they work in both directions, hindering both external and internal actors from sending packets either into or out of networks and devices. This helps limit the spread of malicious packets and the leak of confidential data no matter the direction or source. A DNS firewall works a little differently as it allows DNS lookups and overrides answers identified as malicious or otherwise undesirable with “not found” or “access denied” messages.

DNS filtering requires partnership
In one sense the use of firewalls and blocklists to deny access to malicious domains can create a false sense of security. With persistent effort there is almost always some loophole to bypass firewall filters, typically via a Virtual Private Network (VPN) or the Tor Browser.

Since a DNS firewall is tied to a DNS server, to bypass its filters it is possible to change the DNS server you are using. While it is possible to run your own DNS server and filters at home or locally, many internet users are likely using the default DNS server and filters provided by their ISP. A simple search for “public DNS servers” in a search engine reveals a host of popular free and paid alternatives, some offering varying levels of protection against phishing sites and malware.

This means that the successful application of a DNS filtering solution depends critically on the willingness of internet users to enter into a partnership with their selected DNS provider and to choose not to circumvent the offered protection.

Protective DNS with ESET NetProtect

The need for improved security of the DNS has led in some places to mandating PDNS (Protective DNS), an acronym referring to DNS filtering. For instance, since 2020, US Department of Defense (DoD) contractors have been required to earn Cybersecurity Maturity Model Certification (CMMC), which, among other requirements, stipulates DNS filtering to achieve Level 3 out of the five levels. Moreover, at the end of 2021, the DoD set in motion CMMC 2.0, with the repositioning of DNS filtering yet to be seen.

The PDNS market features many vendors offering DNS filtering with different levels of domain feed quality and accompanying security services. ESET offers a unique contribution, one sourced from threat data shared by millions of customers around the world using ESET security products. With 35 years of providing security and developing and fine-tuning internal systems to provide high-quality domain feeds for DNS filtering, ESET is positioned to provide ISPs and home admins a distinctive source of protection.

Perhaps you are an ISP looking to bid for government contracts, or to provide unique protection for your own network or as a security service to your customers? Or perhaps you are a home user looking for better security than is provided by your ISP that can be easily extended to all users and guests of your home network? Whatever your case might be, inquiring about the filtering in place for a DNS server and which entity you are entrusting your DNS security to is no small step toward deflecting the tide of malicious domains proliferating on the internet.

ESET NetProtect is the DNS filtering solution available for home users at ISPs that have partnered with ESET. The solution is capable of detecting and blocking domains that deliver malware, are used for phishing, have a suspicious reputation, or serve potentially unwanted content. ESET NetProtect also offers a configurable web content filter with 35 categories that customers can select from to block content by age group.

For more information about ESET NetProtect and ISP partnerships, visit our product page here.

BRATISLAVA – May 31, 2022 – ESET, a global leader in cybersecurity, has announced a new suite of products for the Telecommunications and Internet Service Provider (Telco and ISP) industry, with the aim of offering extensive protection to consumers. Cybercrime is a borderless problem and ESET telemetry shows that the volume of cyberattacks is increasing, with a trend toward attacks against smartphones. ESET has decided to leverage its leading technologies to create industry-specific solutions to help combat these threats.

“Imagine internet security accessible through one click. At ESET, we always develop products with our customers in mind, and with our ESET NetProtect offering we have created an easy-to-use and elegant solution not only for the industry leaders in the Telco and ISP sector, but for the consumers who are the actual end users of our products,” said Mária Trnková, ESET’s VP for the consumer and IoT segment. “We see ourselves and our technologies as the guardians of progress that digital technology enables and our objective is to provide effective digital security that keeps consumers safe in every moment and in any eventuality.”

About the new ESET NetProtect products
The new offering includes ESET NetProtect for Mobile and ESET NetProtect for Mobile Advanced, which offer security via mobile networks, and ESET NetProtect for Home Advanced, which helps secure fixed network connections. These protect customer devices connected to Telco and ISP networks (fixed or mobile) against malicious web domains or domain categories such as malware, phishing, and potentially unwanted content. With ESET NetProtect Advanced (fixed or mobile), parents also have full control of their children’s filters through Web Content Filter. The management portal for end users allows them to manage the ESET NetProtect settings of their connected devices, manage their domain whitelists and blacklists, and generate security reports. The security reports give users an insight into how ESET protects their devices and summary information about detected threats, blocked webpages and more.