Computer Security: DNS to the rescue!

Why you should be grateful to the Domain Name System at CERN.


 

Incidents involving so-called “drive-by” infections and “ransomware” are on the rise. Whilst an up-to-date and fully patched operating system is essential; whilst running anti-virus software with current virus signature files is a must; whilst “stop --- think --- don’t click” surely helps, we can still go one step further in better protecting your computers: DNS to the rescue.

The DNS, short for Domain Name System, translates the web address you want to visit (like “http://cern.ch”) to a machine-readable format (the IP address, here: “188.184.9.234”). For years, we have automatically monitored the DNS translation requests made by your favourite web browser (actually by your operating system, but that doesn’t matter here), and we have automatically informed you if your computer tried to access a website known to host malicious content that could infect and compromise your computer, your password, your data, and your life. In parallel, we have used and will continue to use the DNS to block certain web addresses that are known to be malicious and that are used for wrongdoing against the Organization. Similarly, we also block some domains resembling the domain name “cern.ch” that - on a closer look -  are different, like “cem.ch” or “cern.cn” (did you spot the difference?) in order to protect CERN against typo-squatting.

But the DNS can do more. Thanks to the IT networking team, the DNS infrastructure has been reinforced: the new set-up is more resilient to denial-of-service (“DoS”) attacks. It also has another benefit: the DNS firewall. Our internet service provider “SWITCH” collects and provides lists of well-known and guaranteed malicious domains. The new DNS set-up allows us to incorporate their DNS firewall configuration such that all those domains are automatically blocked, too. Next time you hit on one of our landing pages for phishing (i.e. webpages trying to harvest your password) or malware, you should be grateful. Your computer might just have been one click away from getting infected*.

* Careful here! We can only protect your computers while they are connected to CERN’s networks. From home, the malware might succeed!


For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report


Access the entire collection of Computer Security articles here.

by Stefan Lueders, Computer Security Team