Last week news broke about a cyber attack at Service NSW which put the information of their customers in the hands of cyber criminals. The threat vector, in this case, was as a phishing email that members of their staff inadvertently clicked on.
Unfortunately, such occurrences are more common than we hear about or choose to remember. Although it is much easier to point fingers at the human factor in question and shift the blame, the correct course of action involves putting in the guardrails in place to mitigate or at-least minimise the threat footprint.
With the majority of us now working remotely (due to the global health pandemic) outside the guarded territory of the corporate networks, the probability of successful cyber attacks goes up exponentially. Let’s face it, most of us do not have the stringent security measures designed by industry experts in place at home. This makes the infiltration process a lot easier for cyber-criminals.
It is true that cyber attacks are getting extremely sophisticated but what is equally true is that most of these attacks can be minimised if not prevented, using some basic security best practices, tools and common-sense. One such practice is the use of ‘DNS Blocking or Filtering‘ and my recommended tool of choice is Pi-hole.
Before we talk about what you can achieve with Pi-hole, let us quickly talk about DNS Blocking and how anyone (with minimal technical know-how) can implement it to boost their cyber-security posture within minutes.
DNS Filtering or Blocking involves updating the DNS server settings for your network or individual computer/smartphone device to block out access to well-known threat sources. Simply put, all most all requests for content on the internet use DNS naming resolution to locate the content. This is the process of converting human-readable domain names (like facebook.com) to its IP address (22.214.171.124) which computers use to locate the content.
DNS Filtering allows you to maintain blocklists and whitelists of such domain names, effectively blocking access to websites or content that has been blacklisted. The level of control you can have over these lists depends on whether you use a tool like Pi-hole (which allows you to maintain your own lists) or if you use service providers that provide DNS filtering as a free or paid service.
Using DNS Service Providers (Free)
Here are the top two DNS service providers (amongst others) that everyone should use as a bare minimum instead of the defaults configured by their Internet Service Provider (ISP).
To use these services simply pick the one you prefer from the list below and update your DNS Server settings on your gateway/router. If you do not have access to your router you can update it on your individual computer or smartphone as well. You can choose from several other DNS service providers (rated based on performance) by visiting DNSPerf.
Cloudflare provides one of the fastest DNS response time. In addition to being the fastest, using them as your DNS provider means they will filter our the known threats before they ever reach you. They spend big on Research and Development towards discovery and deployment of sophisticated measures used for detecting and cataloguing known threats.
There are different options to choose from depending on the content you would like to filter out. Simply pick the right combination of the DNS server IPs below and add them to your gateway/router or computer.
For IPv4 use:
1. Secure, fast, privacy-first DNS resolver free for anyone to use
Primary DNS: 126.96.36.199
Secondary DNS: 188.8.131.52
2. Malware Blocking Only
Primary DNS: 184.108.40.206
Secondary DNS: 220.127.116.11
3. Malware and Adult Content
Primary DNS: 18.104.22.168
Secondary DNS: 22.214.171.124
For IPv6 use:
Malware Blocking Only
Primary DNS: 2606:4700:4700::1112
Secondary DNS: 2606:4700:4700::1002
Malware and Adult Content
Primary DNS: 2606:4700:4700::1113
Secondary DNS: 2606:4700:4700::1003
Quad9 is a non-profit organisation supported by IBM, Packet Clearing House (PCH), Global Cyber Alliance (GCA) and many other cybersecurity organisations for the purpose of operating a privacy-and-security-centric public DNS service. It automatically blocks domains known to be associated with malicious activity and does not log queries sent it.
For IPv4 use:
Primary DNS: 126.96.36.199
Secondary DNS: 188.8.131.52
For IPv6 use:
Primary DNS: 2620:fe::fe
Secondary DNS: 2620:fe::9
So who should use Pi-hole?
Pi-hole allows you to run a mini DNS filtering service of your own, similar to what Cloudflare and Quad9 do. This option gives you much more control over what you would like to block vs allow, putting you in charge of your security posture by building tailored policies on top of security measures put in place by your DNS service provider.
Additionally, Pi-hole can block annoying advertisements and Telemetry domains across all devices on your network saving your precious bandwidth while shaving off annoyances like slow connection speeds and video buffering issues.
While anyone can use PiHole, it does require some technical know-how in order to set up and configure the filtering correctly. In the interest keeping the reading time short, I will not get into how to install and use pi-hole in this article as there is plenty of information available on Google and pi-hole Website. If you are reading this and you need assistance, please feel free to leave a comment below and I will be happy to assist.
Key benefits of using Pi-hole:
Here is what you can achieve with pi-hole when it is configured as the DNS and DHCP for your local network:
1. Block known Malware, Phishing and other Cyber Threats
The top benefit is that you get immediate protection against known and identified cyber threats that are tracked by some of the best Cyber Security organisations. Whilst this is not bullet-proof against unknown and IP based attacks, organisations like Cloudflare, Quad9 and others pour enormous resources into Research and Development to stay on top of cybercrime and you get that for free by default.
Additionally, you can maintain your own Blocklists and whitelists which can piggyback off your DNS Service Provider (eg: Cloudflare, Quad9 etc) to give your a more personalised security stance.
2. Bandwidth Savings:
From the below screenshot taken from my environment, you can see that 43.7% of the requests from my network are for unwanted content (blocked) and additional 20.8% (red part of the circle chart) is for frequently requested information which is cached, that adds up to a saving of nearly 65% of total bandwidth.
Note: I have enabled activity logging for tracking purposes, but pi-hole can be set up in anonymous mode as well for privacy.
3. Block Advertisements:
You can block out intrusive advertisements across all devices and apps on your network leaving you and others to focus on what is important, with minor exceptions (eg: as part of YouTube videos which use their own CDN).
4. Complete Visibility and Control
With logging enabled, you can gain complete visibility into what was allowed vs blocked, broken down by client machine over time. Helping you to keep things in check.
With cybercrime becoming a mainstream source of revenue for criminal organisation and individuals across the globe, cyber-attacks are a daily occurrence. It’s only a matter for time before you are compromised.
There is no excuse for not doing your due diligence to protect yourself, your identity, your finances and your virtual life from falling into the hands of these criminals. Simple common sense and good security hygiene go a long way in helping you fight the battle for your security.