Scott Manion, associate market analyst at IDC, says New Zealanders could greatly increase their protection from cyber threats with two free Internet services, but take up is low.
The two free services are Quad9, a DNS service where the servers incorporate security tools from several of the industry’s leading cyber security companies; and DMARC which protects domain name owners from having their domain name spoofed to send bogus email messages.
Manion attended a meeting New Zealand security professionals recently gathered in Wellington and then Auckland to hear Andy Bates, executive director of the Global Cyber Alliance (GCA) speak on the organisation’s work in cyber security and its vision for creating a more secure internet.
In a blog post he reported the results of a quick survey on awareness and uptake of these technologies. “A quick survey of the Auckland attendees — some of the top minds in the NZ security sector — showed 80-90 percent of the room had heard of Quad9 and DMARC; however, a grand total of three out of 50 people had implemented it in their own homes,” he said.
“This is a room full of Auckland’s best security ‘professionals’, and yet not even 10 percent could be bothered to take the quick and easy steps toward cyber protection in their personal lives.”
He adds: “Solutions like DMARC and Quad 9 are brilliant, easy to use and free — but their effectiveness may well be limited by the mindset of those who have the power to implement them.
“In a small country like New Zealand, cyber immunity is a very real prospect; we could be the first nation to say we’re completely protected – however, complacency, and laziness are the Achilles heel in our fight against cyber-crime.”
All that is needed to implement Quad9 is to change a device’s DNS address to 18.104.22.168 so all internet traffic is routed using Quad9 name servers.
According to the Quad9 web site Quad9 checks the requested domain against a list of domains combined from 19 different threat intelligence partners.
“Each threat intelligence partner supplies a list of malicious domains based on their heuristics which examine such factors as scanned malware discovery, network IDS past behaviours, visual object recognition, optical character recognition (OCR), structure and linkages to other sites, and individual reports of suspicious or malicious behaviour.”
Based on the results, Quad9 resolves or denies the lookup attempt, preventing connections to malicious sites when there is a match.
And the organisation suggests its service should be at least as responsive as others. It says it will have servers in 150 locations by the end of 2018 “primarily at Internet Exchange points, meaning that the distance and time required to get answers is lower than almost any other solution.”
It adds: “These systems are distributed worldwide, not just in high-population areas, meaning users in less well-served areas can see significant improvements in speed on DNS lookups. The systems are ‘anycast’ meaning that queries will automatically be routed to the closest operational system.”
DMARC is a little more complicated to set up. The procedure to register a domain on the DMARC website is easy enough. This generates the text for a TXT record, but this record must then be created on the name server for the domain to be protected.