Security Experts:

Group Launches Secure DNS Service Powered by IBM Threat Intelligence

A newly announced free Domain Name System (DNS) service promises automated immunity from known Internet threats by blocking access to websites flagged as malicious.

Called Quad9, because the IP address of the primary DNS server being 9.9.9.9, the new service was launched by IBM Security, Packet Clearing House (PCH) and The Global Cyber Alliance (GCA) and is aimed to provide increased security and privacy online to consumer and businesses alike.

The Quad9 service was designed to keep users safe from millions of malicious Internet sites that have been already flagged for stealing personal information, infecting users with ransomware and other type of malware, or for conducting fraudulent activity.

The service routes users’ DNS queries through a secure network of servers and uses threat intelligence from over a dozen cyber security companies to provide real-time perspective on whether the websites are safe or not. The users’ browsers are automatically blocked from accessing a website that the system has detected as being infected.

Quad9 harvests intelligence from IBM X-Force’s threat database and also taps feeds from 18 additional partners, including Abuse.ch, the Anti-Phishing Working Group, Bambenek Consulting, F-Secure, mnemonic, 360Netlab, Hybrid Analysis GmbH, Proofpoint, RiskIQ, and ThreatSTOP.

The service was designed to protect traditional PCs and laptops, along with Internet connected TVs, DVRs, and Internet of Things (IoT) products such as smart thermostats and connected home appliances. Many of these devices do not receive important security updates and are difficult to secure although they remain connected to the Internet, which leaves them vulnerable to hackers.

Performance should not be affected when using the new DNS service, IBM says. At launch, Quad9 has points of presence in over 70 locations across 40 countries, leveraging PCH’s expertise and global assets. The service’s points of presence should double over the next 18 months, in an attempt to improve speed, performance, privacy, and security.

Quad9 says it does not store, correlate or otherwise leverage personally identifiable information (PII) from its users. To take advantage of the new DNS service’s benefits, users only need to set their devices to use 9.9.9.9 as their DNS server.

“Setting up DNS filtering requires just a simple configuration change. Most organizations or home users can update in minutes by changing the DNS settings in the central DHCP server which will update all clients in a few minutes with no action needed at end devices at all. The service is and will remain freely available to anyone wishing to use it,” Quad9’s website reads.

Quad9 started as the brainchild of GCA, but each of the involved partners is responsible for a different aspect of the service. GCA offers system development capabilities, PCH is responsible for Quad9’s network infrastructure, while IBM provides X-Force threat intelligence and the service’s IP address 9.9.9.9.

Other services providing similar (free) offerings include Cisco-owned OpenDNS, and Google’s Public DNS (which uses 8.8.8.8 and 8.8.4.4 as its DNS server IPs).

“Protecting against attacks by blocking them through DNS has been available for a long time, but has not been used widely. Sophisticated corporations can subscribe to dozens of threat feeds and block them through DNS, or pay a commercial provider for the service. However, small to medium-sized businesses and consumers have been left behind – they lack the resources, are not aware of what can be done with DNS, or are concerned about exposing their privacy and confidential information,” said Philip Reitinger, President and CEO of the Global Cyber Alliance.

While the service looks promising, it remains to be seen how it will perform when compared to already established offerings, Lenny Zeltser, Vice President of Products at Minerva Labs, an Israel-based provider of endpoint security solutions, told SecurityWeek in an emailed comment.

“Based on the iniquitous DNS protocol, Quad9 promises to secure network activities in a non-intrusive manner and in a manner that’s easy to deploy. That’s wonderful. Though I’m encouraged by these aspects of the offering, I am curious how it compares to the well-established Cisco Umbrella (formerly OpenDNS) service, which has been around for a while and earned trust among end-users and IT practitioners. Similarly, Google DNS servers provide some network security benefits to their users,” Zeltser said.

Joseph Carson, chief security scientist at Thycotic, a Washington D.C. based provider of privileged account management (PAM) solutions, told SecurityWeek that the new service’s focus on privacy is more than welcomed. Privacy as we know it is disappearing fast, with everyone being watched and monitored 24/7 when in public places, in an attempt to improve security and deliver tailored experiences, he says.

“The new DNS service from Quad9, with a focus on both privacy and security, is a step in the right direction. It is a must needed level of protection in today’s world of cyber threats and helps put the balance back in the consumers.  While many governments and ISP’s are removing the ability for citizens to surf the internet with privacy and confidence in security, Quad9 has stepped in to bring a bit of balance back. It will help bring some peace of mind to many who want to surf the internet without being continuously targeted and limit personal information flowing through the internet without their knowledge,” Carson said.

“It is also important to note that what Quad9 is providing is not 100% security. Therefore, you must continue to be cautious when using the internet and always question any suspicious links or advertisements displayed. This will not stop you from getting phishing emails or social media threats so it is always important to take additional steps. Continue to do best practices when purchasing anything online and manage your credentials and passwords securely,” he concluded.

Related: Many Companies Unprepared for DNS Attacks: Survey

 

view counter