Written by An independent IT security institute has recently identified the existence of over 780 million malware programmes.
Fortunately for you, most of these programmes can be identified and mitigated with the correct up-to-date anti-virus software and firewalls within your network.
The bad news; the AV-Test Institute also claim to register over 350,000 new malicious programs/malware each and every day. Much like your flu vaccine, these new strains make it hard for your anti-virus to keep up, meaning many fall victims to the latest malware.
The best way to negate the issues is through training. The most common forms of malware infiltrate your network through opened attachments, clicked links, software downloads and other user-triggered methods.
From a technology viewpoint, there is an additional major defensive layer you can easily apply to improve your chances of detecting any new malware and preventing it from damaging the network. The step involves arming your DNS (Domain Name Servers) with firewall capability.
Every business uses DNS and every network has DNS servers. They form a critical part of internet infrastructure, and they make the internet useable for both you and me. The reason for this is it’s easier to remember names of websites than the numbers which form its IP address.
When we connect on the Internet, we type or click a name on our device, which looks up the name in the DNS. As the second step, our device takes the answer from DNS and attempts to connect to the corresponding address typically through an enterprise firewall. The third step entails our device receiving the response over the connection and presenting it to the user.
Malware will begin its task with a DNS lookup in order to translate the authors website address to its relative IP. Once established, the malware can make the connection and download the appropriate software, upload the stolen information or receive any number of harmful instructions.
Most businesses will make allowances for stages two and three in the connection process. Network firewalls examine and filter connection traffic to detect and block suspect malware. Anti-Virus scans received files for malicious content and take appropriate action to secure them. What many enterprises miss is detection at stage one, the DNS.
By implementing a DNS firewall, you can detect malware domain lookups and stop malware before it can establish its connection. A DNS firewall can examine not only the name being identified but also the answer received. Based on the examination of the query and response, DNS firewall policies can be defined to dictate whether to drop the response, respond with not found,
or provide an alternative response answer to redirect the querier to a mitigation server for example.
And DNS firewall functionality is natively supported by many reference implementations including those from ISC/BIND, PowerDNS, KnotDNS and others. Several providers also offer DNS firewall feeds which provide blocklists and whitelists for domains and related information. So if the DNS servers in your network already support DNS firewall functionality, there’s no need to purchase new hardware; all you have to do is subscribe to a DNS firewall service to enable your DNS firewall and receive timely updates.
The type of blocking information you receive from a DNS firewall is different from that received for your in-band data firewalls. And that’s a good thing in order to broaden your net so to speak, by looking at more criteria for a given connection in order to better ascertain a given connection attempt as malicious or not based on DNS, in-band data, and device level controls.
So in the face of 350,000 malware updates a day, a DNS firewall is a simple, affordable solution that can improve your chances of detecting and mitigating malware in your environment.