Andrea Danti - Fotolia
Cyber criminals are increasingly using tools and techniques to build realistic-looking websites that mimic legitimate companies.
According to those behind the project, Quad9 does not store, correlate or otherwise use any personally identifiable information (PII) from its users, unlike other DNS services that often capture information about the websites consumers visit, devices they use and where they live.
An average of 27% of consumers think they are capable of staying ahead of the latest online threats and only 14% have ever changed the DNS settings on their computer, polls across the UK, the US, France and Germany have revealed.
To take advantage of the security and privacy of Quad9, users need to reconfigure a single setting on their devices to use 126.96.36.199 as their DNS server.
As well as PCs and laptops, the protections offered by Quad9 can be extended to all internet connected devices, which often do not receive important security updates and are also difficult to secure with traditional security tools.
With Quad9 used in a home or business network at the router or gateway level, users will have an added level of protection for their IoT devices. These smart devices would also be blocked from accessing remote hosts which have been identified as being harmful or IoT botnets such as Mirai, which infected millions of IoT devices in late 2016.
Read more about DNS security
When a Quad9 user clicks on a website link or types an address into a web browser, Quad9 checks the site against IBM X-Force’s threat intelligence database of more than 40 billion analysed web pages and images. The service also taps feeds from 18 further threat intelligence partners, including Abuse.ch, the Anti-Phishing Working Group, Bambenek Consulting, F-Secure, mnemonic, 360Netlab, Hybrid Analysis GmbH, Proofpoint, RiskIQ and ThreatSTOP.
Quad9 is designed to provide these protections without affecting the speed that users expect when accessing websites and services.
Using PCH’s global assets around the world, Quad9 has points of presence in more than 70 locations across 40 countries, but the number of points of presence is expected to double in the 18 months to further improve the speed, performance, privacy and security for users globally.
Telemetry data on blocked domains from Quad9 will be shared with threat intelligence partners to improve their threat intelligence responses for their customers and Quad9.
Quad9 began with the GCA, where the intent was to provide security to end users on a global scale by using DNS to deliver a comprehensive threat intelligence feed.
To realise this aim, the GCA provided system development capabilities and brought the threat intelligence community together in collaboration with PCH, which provides Quad9’s network infrastructure; and IBM, which provides IBM X-Force threat intelligence and the easily memorable IP address (188.8.131.52).
Not used widely
“Protecting against attacks by blocking them through DNS has been available for a long time, but has not been used widely,” said Philip Reitinger, president and CEO of the GCA.
“Sophisticated corporations can subscribe to dozens of threat feeds and block them through DNS, or pay a commercial provider for the service. However, small to medium-sized businesses and consumers have been left behind – they lack the resources, are not aware of what can be done with DNS, or are concerned about exposing their privacy and confidential information.”
Bill Woodcock, executive director of PCH, said that through local deployment of technology versus some distant datacentre, Quad9 works to “significantly improve” performance.
“The personal information protections and selectable DNS encryption, DNSSEC, and blocklist that are in place show that this project is in line with PCH’s values,” he said. “Quad9 will inspire trust in both individuals and businesses who understand the importance of securing their private browsing data.”
Jim Brennan, vice-president, strategy and offering management at IBM Security, said taking advantage of threat intelligence is a critical way to stay ahead of cyber criminals.
“Consumers and small businesses traditionally didn’t have free, direct access to the intelligence used by security firms to protect big businesses,” he said. “With Quad9, we are putting that data to work for the industry in an open way and further enriching those insights via the community of users.”
Christine Bejerasco, service lead for consumer R&D at F-Secure, said tackling security problems by using key parts of the internet, such as DNS, gives the cyber security industry an opportunity to stop potential compromises.
“A lot of the digital technologies we use were never designed to hold up against the kind of attacks we see today,” she said. “And reinforcing technologies that serve as the backbone of the internet gives users a more secure option to work with.”