Pular para o conteúdo principal

Safe browsing with Norton DNS

Safe browsing with Norton DNS: "
I learned long ago that there is value in having someone else manage DNS services for my small business. Up until now, I’ve used OpenDNS. In my opinion, it is the best SOHO option for both name resolution and controlling access to questionable sites. However, that might all change with the introduction of Symantec’s Norton DNS.

Norton DNS is a component in the emerging Norton Everywhere offering, eventually providing control over sites your employees or family members can visit or blocking access to sites known to distribute malicious content. I say eventually, because although OpenDNS beta blocks malicious site access, the user management console is still unavailable.



Security considerations


If you are still using your ISP’s DNS services, I highly recommend you move to something a little safer. Most ISPs do not provide services that allow you to control content. Many of them also fail to apply security patches to their DNS applications. These are important components of any Internet security strategy.

Installing and configuring anti-malware software, client firewalls, and client policy solutions are all final defensive line controls. They protect your systems if exploits make it that far into your home or office network. However, the first line of defense should always be preventive controls placed as far as possible from the attacker’s target, including:

  • Configuring perimeter firewalls (including home routers) as closed, allowing only explicitly approved traffic to pass to the internal network.
  • Take steps to keep target systems away from malware in the first place.

The first bullet is a no-brainer. Most home routers do this by default. If you are unsure about your home or SOHO perimeter configurations, run the free ShieldsUp service. It will tell you whether any holes exist.

The objective described in the second bullet is harder to achieve. It requires either installation of an in-house service, such as Websense, or use of a third-party provider. Although Websense provides a great product, it is far beyond the budgetary reach of home or SOHO users. Norton DNS now provides affordable, possibly free protection. (The official Norton DNS Web page states that it will be free for non-commercial use.)

Unlike OpenDNS, you can’t yet set site categories you wish your users, or you, to avoid. This feature of OpenDNS accomplishes three things. First, it focuses business system access on business sites. Second, access to inappropriate sites (porn, hate, weapons, etc.) is restricted. This is an important consideration for homes with children or a business trying to avoid accusations of providing a hostile work environment. However, Norton DNS does prevent users from visiting sites Norton Safe Web identifies as harboring exploits.

In a future release of Norton DNS, Symantec plans integration with Norton Online Family to allow application of site restrictions. According to a forum post,

As some other posters have mentioned, the focus of Norton DNS today it to protect users from phishing and malware sites. Norton Online Family is a great option for parental controls.

In the future, our goal is to integrate these two services so that IF you want to optionally apply content filtering for parental controls, you will be able to do it via Norton DNS. (dnadir, June 2010).

Setting up Norton DNS for Windows 7


Sometime over the next few weeks, Symantec will release a client for setup and management. However, manual setup for a single PC is easy if you have Windows XP. You just follow the provided directions. I used the following steps to set it up in Windows 7. You can use this same process to move to any DNS service of your choice. (To change DNS settings for all computers in the network, change the DNS server address in your DHCP service settings.)

1. Open the Control Panel from the Start Menu.

2. Click on View network status and tasks.



3. Click on the network connection you want to move to Norton DNS.



4. Click on Properties and then click on Internet Protocol Version 4 (For testing purposes, I turned off IPv6 functionality by unchecking the related box).



5. Click on Properties once again and enter the Norton DNS IP addresses as shown below.



6. Refresh your IP configuration by typing ipconfig /renew at a command prompt.



7. Verify the change by typing ipconfig /all at a command prompt and make sure the DNS servers show the new settings (You can also visit the Norton DNS verification page).



The final word

The beta works as advertised. I’ve been using it for several days without issue. It doesn’t appear any faster or slower than OpenDNS, the service I use on all my systems. However, the lack of controls to select which sites to block prevents me from using it as a home solution. With eight grandchildren, I need a better safety net to ensure something unexpected doesn’t pop up on my screen. This also applies to managing user access at my small business site.

I like the path Symantec is following. However, I think I’ll keep OpenDNS until Symantec offers all the services I need for home or small business use.




"

Comentários

Postagens mais visitadas deste blog

Improve Windows Security By Closing Open Ports

Improve Windows Security By Closing Open Ports : " A standard Windows operating system has a number of ports open after installation. Some of these ports are needed for the system to function properly while others might not. These ports can pose a security risk as every open port on a system might be an entry point for a malicious user. A port basically allows communication to or from the device. Characteristics are a port number, an IP address and a protocol type. This article will give you the tools at hand to identify and evaluate the open ports on your Windows system to make a decision in the end whether they can or should be closed or left open. Software programs and tools that we will use: CurrPorts : Available for 32-bit and 64-bit editions of Windows. It is a port monitor that displays all open ports on a computer system. We will use it to identify the ports and the programs that are using them. Windows Task Manager: Also used to identify the programs and link some p

Diagnosing a Blue Screen of Death Error in Windows

Diagnosing a Blue Screen of Death Error in Windows : For many years now the famous Blue Screen of Death (BSoD) has been the ultimate indication that something disastrous has happened to make your computer die, but how useful is the information in the BSoD and the respective crash dump file that Windows produces? The best article I ever found explaining the BSoD in depth is here on the Microsoft website, however it’s quite technical and doesn’t discuss how to actually troubleshoot a problem. The crash dump file is just technical details of what was being held in the computer’s memory at the time of the crash, and this will include details on every driver and service that was loaded, and every piece of software that was running. The most useful pieces of information are to be found on the BSoD itself and are highlighted on the screenshot below. These are the BSoD error name, the stop error code and the name of the driver or service that has failed (this last one might not always appea

FBackup is a simple, no-frills free backup application

FBackup is a simple, no-frills free backup application : "