SWITCH DNS Firewall

More security with SWITCH DNS Firewall

The SWITCH DNS Firewall is Domain Name Service Response Policy Zones-based (DNS RPZ) and allows specific DNS information to be overwritten. This makes it possible to generate alternative responses to DNS queries and to protect all devices effectively before a connection is established to any malicious systems.

Prevention

Blocking access to infected sites can prevent further infections.

Detection

Systems that have already been infected can be detected by SWITCH-CERT. Customers are promptly notified of any such infections via security reports.

Awareness

When accessing a malicious domain name, users are redirected to a secure landing page. This not only improves IT security – it also makes users more aware of hazards lurking on the internet.

The following graphics show the functionality of DNS RPZ and the SWITCH DNS Firewall:

Specialised in threat intelligence, detection and incident response

We analyse and classify relevant data to provide customers with an exceptional list of current threats. Thus, they are benefiting from the wide-ranging experience and expertise of SWITCH-CERT, gained through its many years of work in the area of security. Services include, in particular:

• identifying threats specific to Switzerland and the customer organisation based on our own monitoring and malware analysis
• analysing malicious domain names through operation of the registry for .ch and .li TLDs
• correlating and supplementing our own threat intelligence with information from a variety of other national and international sources that are often not publicly accessible
• close collaboration with well-known national and international partners

________

SWITCH DNS Firewall modules

The following modules can be freely combined:

• RPZ Feed: The malicious domain names identified by SWITCH-CERT are collected and sent to the organisation’s DNS system. In addition to the SWITCH RPZ zones, zones from other reputable third-party providers can be obtained via SWITCH. SWITCH RPZs are not tied to a particular provider and are supported by all major DNS appliances and DNS server software.
• SWITCH landing page: A system to which malicious requests are redirected and that notifies the end user of a blocked access attempt. In addition to HTTP/HTTPS, other protocols and their respective ports are covered to ensure that the user is well-informed about the rerouting.
• Notification of infected systems: Customers are promptly informed of infected systems via security reports. The reports are based on the DNS RPZ log data sent by the organisation to SWITCH-CERT.

All systems have a redundant configuration distributed between several locations. Using an anycast implementation, the nearest advertised location is chosen to maximize access speed. 

________

Technical requirements

Integrating the DNS Firewall service is easy: DNS RPZ must be enabled on the resolver which allows you to subscribe to the desired DNS RPZ feeds. This requires DNS service software that supports RPZ or a DNS appliance on which DNS RPZ can be activated.

SWITCH offers its customers wide-ranging expertise in the connection and integration of RPZ technology.

DNS Server software

• BIND
• PowerDNS Recursor
• Knot Resolver

 DNS applicances

• Infoblox
• BlueCat
• EfficientIP
• Nokia VitalQIP