Home / Blogs

Leveraging DNS for Subscriber Loyalty

Keith Oborn

There has been a lot of talk about how the DNS can provide network-based security, and how DNS is in the best position to detect malware traffic before it does any harm. But what does this mean for end users? How does it make their online lives easier and more secure?

DNS servers that are aware of sites that host malware, perform phishing activities (harvesting bank details, for instance) and other nefarious misbehaviors, can prevent end users from ever going to those sites. Remember, most of the time end users don't deliberately visit dubious sites; they do so accidentally. Either because they mistyped the name of a site or they clicked on a malicious link on a web page. In all these cases, an intelligent DNS server can simply redirect end users to pages that inform them that the site they tried to visit is potentially harmful.

Why is this better than using one of the traditional security software packages? Well, first off, end users didn't have to download and install anything. They don't have to worry about keeping the software and site lists up to date, and there's nothing slowing their PCs down. Even better, in most cases all the devices in a home use the same "Security Aware" DNS server, so they're all protected — even the games console in the teenager's bedroom. Traditional security software packages don't reach many of these things.

However, there are other ways malware can creep into the home — a laptop gets infected while on the road, someone is a bit incautious with a USB stick, and so on.

The purpose of malware is either to intercept data and observe the activities on PCs where it's installed, or to use a PC's resources to spread and provide a "botnet" for attacks on other parties on the Internet. In all cases, malware needs to communicate with a central point at some stage (called "command and control") to upload captured data, spread itself, or get instructions for the next attack. It uses the DNS to do this, so the DNS server will know where it intends to go before it actually goes there!

This means DNS servers can do several things to help: for known malware, they can block access to botnet command and control systems, thereby preventing the malware from doing any work. If the malware spreads itself by email (or if its job in life is to generate spam), the DNS server can detect the high rate of DNS "MX" (mail) queries, and in many cases recognize a pattern, and even prevent emails from being sent.

When a PC is discovered to be infected with malware, the DNS server can redirect all queries from the infected PC, to a warning web page with sources to disinfection software and other services.

DNS servers with fine-grained reporting capabilities can even be used to create web-based reports showing end users, for instance, the "bad" sites they've been protected from. These kinds of systems can be extended to allow individual users to add their own entries to the lists of "bad" sites, basically giving them their own personalized security service — the DNS server responds to their queries (and only his) according to their security lists and preferences.

All of this means ISPs can improve the user's experience, customer relations, potentially generate extra revenue and reduce churn. With a platform-based approach, it can be done incrementally aligned with other business initiatives.

By Keith Oborn, Sr. Infrastructure Architect at Nominum

Related topics: Access Providers, DNS, Email, Malware, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Port25 Announces Release of PowerMTA V4.5r5

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

New Case Study: Jobtome.com Replaces 30 Postfix Servers with a Single PowerMTA

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

Domain Management Handbook from MarkMonitor

i2Coalition to Host First Ever Smarter Internet Forum

An Update on Port25 and the Future of PowerMTA - One Year Later​

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

What Holds Firms Back from Choosing Cloud-Based External DNS?

V12 Group Sustains Customer Satisfaction by Deploying PowerMTA for Launchpad Platform

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

PowerMTA Now Offers Scheduled Delivery Control

Sponsored Topics

Afilias

DNS Security

Sponsored by
Afilias
Verisign

Security

Sponsored by
Verisign
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services
Port25

Email

Sponsored by
Port25