Home / Blogs

Leveraging DNS for Subscriber Loyalty

Keith Oborn

There has been a lot of talk about how the DNS can provide network-based security, and how DNS is in the best position to detect malware traffic before it does any harm. But what does this mean for end users? How does it make their online lives easier and more secure?

DNS servers that are aware of sites that host malware, perform phishing activities (harvesting bank details, for instance) and other nefarious misbehaviors, can prevent end users from ever going to those sites. Remember, most of the time end users don't deliberately visit dubious sites; they do so accidentally. Either because they mistyped the name of a site or they clicked on a malicious link on a web page. In all these cases, an intelligent DNS server can simply redirect end users to pages that inform them that the site they tried to visit is potentially harmful.

Why is this better than using one of the traditional security software packages? Well, first off, end users didn't have to download and install anything. They don't have to worry about keeping the software and site lists up to date, and there's nothing slowing their PCs down. Even better, in most cases all the devices in a home use the same "Security Aware" DNS server, so they're all protected — even the games console in the teenager's bedroom. Traditional security software packages don't reach many of these things.

However, there are other ways malware can creep into the home — a laptop gets infected while on the road, someone is a bit incautious with a USB stick, and so on.

The purpose of malware is either to intercept data and observe the activities on PCs where it's installed, or to use a PC's resources to spread and provide a "botnet" for attacks on other parties on the Internet. In all cases, malware needs to communicate with a central point at some stage (called "command and control") to upload captured data, spread itself, or get instructions for the next attack. It uses the DNS to do this, so the DNS server will know where it intends to go before it actually goes there!

This means DNS servers can do several things to help: for known malware, they can block access to botnet command and control systems, thereby preventing the malware from doing any work. If the malware spreads itself by email (or if its job in life is to generate spam), the DNS server can detect the high rate of DNS "MX" (mail) queries, and in many cases recognize a pattern, and even prevent emails from being sent.

When a PC is discovered to be infected with malware, the DNS server can redirect all queries from the infected PC, to a warning web page with sources to disinfection software and other services.

DNS servers with fine-grained reporting capabilities can even be used to create web-based reports showing end users, for instance, the "bad" sites they've been protected from. These kinds of systems can be extended to allow individual users to add their own entries to the lists of "bad" sites, basically giving them their own personalized security service — the DNS server responds to their queries (and only his) according to their security lists and preferences.

All of this means ISPs can improve the user's experience, customer relations, potentially generate extra revenue and reduce churn. With a platform-based approach, it can be done incrementally aligned with other business initiatives.

By Keith Oborn, Sr. Infrastructure Architect at Nominum

Related topics: Access Providers, DNS, Email, Malware, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

Non-English "IDN Email" Addresses Are Finally Working!

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Smokescreening: Data Theft Makes DDoS More Dangerous

Introducing getdns: a Modern, Extensible, Open Source API for the DNS

Why We Decided to Stop Offering Free Accounts

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

Tony Kirsch Announced As Head of Global Consulting of ARI Registry Services

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

Dyn Acquires Managed DNS Provider Nettica

Sponsored Topics