/ TitanHQ Blog
/ Protect your Home Workers from Malicious Websites and Drive by Downloads using DNS
Posted by Geraldine Hunt on Wed, Apr 15th, 2020
In the wake of the initial Coronavirus outbreak and the introduction of COVID-19, the world has moved towards a home-based workforce to stop the spread of viral infection. Unfortunately, the consequences of the outbreak have given attackers a new focus – remote workers. Because remote workers use their own resources, attackers know that home networks and computers are usually less secured compared to resources supplied by enterprise employers. Businesses with remote workers should take precautions to protect sensitive data, and one easy way to stop attackers is using DNS security.
Risk Factors with Home Users
As more people shift to at-home working, additional insecure resources will be used to obtain private company data. Most users have at least one private device at home, and this device will likely be used while they work at home. For every insecure device added to the user’s network, risk factors increase for the business. Attackers know that these resources will not have the enterprise-level protection compared to corporate devices, so they’ve been targeting these users.
For users with private laptops, the issue of possible vulnerabilities and exploits increases significantly. As of January 2020, Microsoft no longer supports Windows 7, so any devices running the old operating system are especially vulnerable. Users will occasionally turn off antivirus and firewall settings, which add additional risks. Users at home also have other family members on their Wi-Fi network, so it’s possible that these user devices could be unprotected.
Without proper Wi-Fi security, it’s possible that the user’s network is compromised. Malware such as ransomware scans a network for open directory and drive shares where files are then encrypted and held for ransom. Other malware will scan the network to steal data from shared locations and send it to an attacker-controlled server. Root kits and trojan horse malware give the attacker remote control of the local device.
If the Wi-Fi router is poorly secured, the home user could be unaware of another unauthorized user accessing the network. These anonymous users and their devices would also be a risk. Any data stored on the network could be available to attackers. If any of this data is the responsibility of the corporation, the home user could be the reason for a data breach. Attackers that perform reconnaissance and find the home user’s information could use social engineering and phishing to obtain sensitive data and account credentials.
Protecting Users with Corporate DNS Security
You could require users to connect with VPN, but VPN only protects data transferred from the home network to the corporate location. It doesn’t protect data stored on the user’s home network or any data on the user’s local device. It also doesn’t protect from phishing and social engineering attacks. By adding DNS security to your at-home workforce, you can stop many of these attacks and protect not only the enterprise network but the home user’s as well.
DNS is a necessary part of the Internet. For every friendly name entered into a browser, the browser first sends a query to DNS servers that return an IP address. The IP address is then used to send a request to the website server where content is returned. You can add a security layer during the name server query to protect users from phishing attacks.
To add a layer of security during DNS lookups, filters (usually cloud-based) can be added to identify common attack sites and stop browsers from loading malicious content. In many phishing attacks, email messages include a link to a malicious website. This site could ask a user to enter network credentials or private information that could later be used to access sensitive accounts. The web page often looks exactly like the official business, so users are unaware that they are giving an attacker sensitive information.
DNS security blocks users from ever accessing the site. As long as the user is using the company DNS servers, full control of site access can be configured by the administrator. In addition to having better phishing protection, the administrator can also get updates on the latest attack site IPs and domains equipped with notifications when users frequently access blocked sites. If the same domain is accessed frequently, the administrator can assume that the company is the target of a phishing attack. When administrators are aware of a current attack, emails and training material can be sent to users to let them know to be on high alert.
Together with VPN, DNS security filters can protect applications, user accounts and company data from malware and phishing attacks. With remote work as the primary environment for several months, organizations should take extra steps to ensure these users will be safe from common attacks. DNS security is one way to protect devices when administrators are unable to ensure security of personal devices storing company data.