How can changing DNS improve security?
There are many components to Internet security. The Domain Name System (DNS) is a critical component of the Internet infrastructure. OpenDNS (https://www.opendns.com) is a free DNS service which provides security features including blacklisting, content filtering, and phishing protection, as well as performance and reliability for DNS.
Web content filtering
Security incidents happen frequently not due to attacks that "push in" from the outside, but instead from the actions of users inside "pulling in" malicious content and programs from the Internet. This happens because of accident, ignorance, or apathy, coupled with ineffecitve or lax security policies and procedures. OpenDNS provides filtering controls accessed through a dashboard on the OpenDNS web site. Content filtering for queries from different IP addresses for up to 50 categories of content is possible. You can prevent access to adult sites, for example, or any others that you would like to choose or configure. It’s also possible to denying e-mail traffic to particular domains. You can submit domains that contain malware, pornography, adware, or other undesirable content, and even vote on whether submissions by others are correct.
A notable OpenDNS security feature is Phishing protection. Anti Phishing prevention is provided via data from PhishTank, an industry repository of phishing data. Users and administrators contribute information on phishing sites, and this collaborative community effort is far more effective than attempting to manage the volume of information alone, or maintaining updates without help.
Reliability and availability are often overlooked or taken for granted for ubiquitous core services such as DNS. The assumption is that the services are reliable, and that they are being managed responsibly. There’s always the risk of system or network failure, but with proper safeguards and designs, single points of failure can be changed from outage issues to maintenance issues. OpenDNS is designed for reliability, and even offers innovative answers to pervasive potential problems. Their new SmartCache feature minimizes or eliminates outages due to authoritative server failures.
See my review of OpenDNS to learn more about its performance and reliability, or check out the OpenDNS web site. OpenDNS is an unusual and in many ways unique service. Leveraging community and expert information to further secure your network is a good idea. It’s an even better idea when it’s free.