DNS and Cybersecurity: Are you Protecting Remote Users from Cyberthreats?
During a recent business trip, while sipping a freshly brewed cappuccino in a local coffee shop, I thought it might be interesting to test the security of the publicly available wireless router. Though I am more of a network engineer than a hacker, I am always curious as to the vulnerabilities of a network to which I am connected. When the IP of the default gateway led to a standard login page for the router, I realized that the router might be vulnerable. A simple online search showed that the default username was admin and the password, password, which granted me unfettered access to the router’s configuration settings.
As you might imagine, instead of causing harm, I tactfully made the business aware that they should rethink their router configuration and assisted them with updating their credentials. Yet the experience proved how easy it can be for someone with potentially malicious intent to exploit a network lacking appropriate safeguards.
Let us look at how every user connecting to this hotspot might have been vulnerable as well as how an additional layer of security like DNS Protection would have helped protect me.
The dangers of free Wi-Fi
While my activities at the coffee shop were well-intended, leaving a router unpatched and poorly configured can carry severe consequences. At the very least, someone might be mischievous and modify the router’s settings to disrupt internet access, such as changing the SSID or wireless password. While not necessarily malicious, it would definitely be a nuisance.
However, not all router changes would be benign. For example, if the DNS (Domain Name System) settings were changed and redirected to a server under their control, this would allow hackers to manipulate the DNS cache, thereby providing incorrect IP addresses in response to requests. Not only could this greatly increase exposure to malware or phishing attacks for any connected user, but now even a user’s browser favorites could be a source of compromise, given that most users are unlikely to suspect their own favorites, they become especially vulnerable to such risks.
The growing need for improved security
It is important to note that the dangers of encountering unsecured routers have grown exponentially since the rise of remote work. Despite this shift, many remote workers are unfortunately unaware that public Wi-Fi locations, like coffee shops and even their home network, are only as secure as their wireless routers. Failing to keep routers secure and up to date could have disastrous consequences.
For example, employees who are no longer commuting to an office may assume that once they have internet at home, they are all set. However, just like our computers, these networks need to be configured correctly and require regular updates to plug security holes and keep cybercriminals at bay. Reports show that most routers also have security vulnerabilities that could leave networks exposed and the default passwords that routers ship with are frequently left unchanged – yes, there are viruses that target routers with these vulnerabilities. Therefore, in our new normal, we can no longer depend on the corporate firewall; we require more advanced tools and layers of security to help with these remote scenarios, such as DNS Protection.
The benefits of DNS Protection
As the incorrectly secured wireless network scenario demonstrates, DNS can be targeted as an attack vector. Fortunately, it can also be leveraged for protection. One of the most powerful benefits comes from running an agent – as, not only are all DNS requests filtered, but they are also fielded by the agent rather than by a DNS resolver provided by the remote network. Thus, by always using a trusted source of DNS resolution, users can take advantage of a filtered DNS response, which according to data reduces detected viruses and malware by over 27% compared to devices running endpoint protection alone.
Another advantage of DNS Protection is the ability to control available content. In some instances, just keeping users away from areas known to have a higher percentage of malicious content, such as torrenting sites, can reduce exposure to threats. Additionally, some users can benefit by blocking sites known to reduce productivity.
The visibility provided by DNS can also be very helpful, as it can pinpoint devices that might have been compromised by flagging unusual requests, such as those made to command-and-control servers or botnets. Because DNS information can be referenced for historical purposes, we can also see whether users or devices were previously exposed when threats are revealed, such as in the SolarWinds hack.
DNS filtering from OpenText Cybersecurity
At the end of the day, Managed Service Providers (MSPs) have more challenges than ever before with our new remote workforce. By deploying Webroot™ DNS Protection, MSPs can leverage a cloud-based solution equipped with ® threat intelligence to provide proactive DNS filtering that stops potential threats before they reach their clients’ users and networks.
What sets Webroot’s solution apart from other options is its advanced functionality. This includes DoH (DNS over HTTPS) support on the network as well as the agent, which helps ensure reliable and secure communication. In addition, the solution’s patented DNS Leak Prevention feature, in Q3 2023, will provide an increased level of control of encrypted DNS, making it simple to block alternate sources of DNS resolution.
Of note, OpenText now offers a standalone agent for Webroot DNS Protection that can be quickly deployed using the provided MSI. This added layer of security can now be installed independently, providing MSPs with an option to improve security, regardless of their endpoint solution.
To learn more about Webroot DNS Protection from OpenText Cybersecurity, visit our website at https://www.webroot.com/us/en/business/products/dns-protection.
This is a sponsored blog post.