Laptop Security Secure Your DNS
Posted on Mar 02, 2009 - 5:43pm by Wayne Weisser in Laptop Security
If you’ve been following this Laptop Security series, your laptop is now secure, protected, up to date and you’ve protected your Admin account while you’re online. If not, catch up by reading the Laptop Security Category.
Do you know where you’re really surfing to on the Internet? Every single website on the Internet is assigned a number. No one (there are exceptions to this) types in the IP address to get to a website and because a lot of websites can share one IP address, you need an even longer number to get to the website.
DNS – Domain Name Service acts like a giant phone book for the Internet. You type a website’s name in your browser’s address bar and hit enter. Your browser stops at the nearest DNS server and looks up the number for the website you entered before it knows where to go.
Normal people don’t worry about this step because it’s always done automatically and it always works, until recently.
Worse Case
What if you could get into the DNS system and change what site people go to. Say you want to change the site people actually go to when they type in citi.com to go to your site instead of the real Citibank’s citi.com. You could make your site look just like the normal Citi.com, gather people’s userids and passwords when they think they’re trying to log into the real citi.com. Thanks to an exploit found last year in the DNS system someone could do exactly that.
Your Internet Service Provider, usually provides the DNS system. Depending on how your computer or router is configured, the default is to use your ISP to look up DNS info however you’re connecting to the Internet. This exploit and the fix has been out for awhile. Some ISPs have implemented the fix, while others have been slow.
Is this something you really need to worry about? Maybe. If you want to check out your ISP go to http://entropy.dns-oarc.net/test But if you’re changing locations all the time, you’re also changing your ISP every time to move your laptop to another hotspot.
OpenDNS
But why worry about it at all? If you use a free service called OpenDNS you’ll know for sure that you’re going where you really want to go. OpenDNS was one of the first to fix this exploit and even the large ISPs like COX have been slow implement the fix in all of their locations.
If you have a router at home you can change the settings in your router. The changes involve a few steps, but the OpenDNS site has great tutorials no matter what operating system or router you’re using.
Filtering, Stats, Faster
OpenDNS is faster than most other DNS servers, it’s free and the advanced settings are worth signing up for.
One of the side benefits to OpenDNS is if you create a free account can use it as a filter for your PCs at home. You don’t need an account to use the DNS, only if you want to use the filtering and advanced features they offer. If you have kids at home and are concerned where they are surfing, instead of installing some sort of “net-nanny” that was already hacked and all they have to do is use google for instructions how to bypass it. This requires a little more technical savvy to even know it’s being used or to bypass it.
If you’re using Vista or XP and have a password on your admin account that you’re kids (or whoever) don’t know, it’s a little harder to bypass. You can setup OpenDNS to filter proxy services to really hinder any effort to go around it.
Another side benefit of OpenDNS is stats. You can see where your family is surfing to. I’ll leave any clandestine ideas up to the user.
If you have any questions about how to setup OpenDNS or a non-admin account on XP or Vista or anything else, let me know in the comments. Or you can find me on my support site.
Links:
Details of DNS Flaw Leaked; Exploit Expected by End of Today
Domain Name System
OpenDNS
RSS feed for comments on this post | Trackback URI
We're on Twitter!
No comments yet.