More security with SWITCH DNS Firewall
The SWITCH DNS Firewall is Domain Name Service Response Policy Zones-based (DNS RPZ) and allows specific DNS information to be overwritten. This makes it possible to generate alternative responses to DNS queries and to protect all devices effectively before a connection is established to any malicious systems.
Blocking access to infected sites can prevent further infections.
Systems that have already been infected can be detected by SWITCH-CERT. Customers are promptly notified of any such infections via security reports.
When accessing a malicious domain name, users are redirected to a secure landing page. This not only improves IT security – it also makes users more aware of hazards lurking on the internet.
The following graphics show the functionality of DNS RPZ and the SWITCH DNS Firewall:
Specialised in threat intelligence, detection and incident response
We analyse and classify relevant data to provide customers with an exceptional list of current threats. Thus, they are benefiting from the wide-ranging experience and expertise of SWITCH-CERT, gained through its many years of work in the area of security. Services include, in particular:
- identifying threats specific to Switzerland and the customer organisation based on our own monitoring and malware analysis
- analysing malicious domain names through operation of the registry for .ch and .li TLDs
- correlating and supplementing our own threat intelligence with information from a variety of other national and international sources that are often not publicly accessible
- close collaboration with well-known national and international partners
SWITCH DNS Firewall modules
The following modules can be freely combined:
- RPZ Feed: The malicious domain names identified by SWITCH-CERT are collected and sent to the organisation’s DNS system. There is also the option to use the SWITCH resolver, which has the SWITCH DNS RPZ feed implemented on it. In addition to the SWITCH RPZs, zones from other reputable third-party providers can be obtained via SWITCH. SWITCH RPZs are not tied to a particular provider and are supported by all major DNS appliances and DNS server software.
- SWITCH landing page: A system to which malicious requests are redirected and that notifies the end user of a blocked access attempt. In addition to HTTP/HTTPS, other protocols and their respective ports are covered to ensure that the user is well-informed about the rerouting.
- Notification of infected systems: Customers are promptly informed of infected systems via security reports. The reports are based on the DNS RPZ log data sent by the organisation to SWITCH-CERT.
All systems have a redundant configuration distributed between several locations. Using an anycast implementation, the nearest advertised location is chosen to maximize access speed.
Integrating the DNS Firewall service is easy: DNS RPZ must be enabled on the resolver which allows you to subscribe to the desired DNS RPZ feeds. This requires DNS service software that supports RPZ or a DNS appliance on which DNS RPZ can be activated.
SWITCH offers its customers wide-ranging expertise in the connection and integration of RPZ technology.
DNS Server software
- PowerDNS Recursor
- Knot Resolver
- Nokia VitalQIP
The SWITCH DNS Firewall is a smart and straightforward solution that provides an effective complement to security solutions already in place at our organisation. The landing page clearly explains the reason for a blocked access to the user, which alleviates confusion. We’ve used it since July 2017 here at EPFL and are completely satisfied with it.Patrick Saladino, Head of Operational IT Security, École polytechnique fédérale de Lausanne, 16,000 users
«CERN is using the SWITCH's DNS Firewall since Q4 2015 for pro-actively preventing our user community accessing malicious domain names and phishing web-sites. Using the SWITCH DNS Firewall, unfortunate users are redirected to an internal webpage informing them about the risks of browsing the WWW. So far, we have made great experience with it, also thanks to the quick response of SWITCH to our queries and input, and observed no false positives nor mayor issues.»Stefan Lüders, Computer Security Officer, CERN, The European Organisation for Nuclear Research, 3,000 users