Skyway West Launches Skyway DNS Firewall
Skyway West’s DNS Firewall is delivered as a cloud service located in Canadian Internet Exchange points and powered by CIRA (Canadian Internet Registration Authority). At the heart of Skyway’s DNS Firewall is a policy-enabled DNS server, which analyzes every outgoing query and response, comparing them to a block list to enforce security. This block list is dynamically updated for close to real time protection.
The internet has become a much more dangerous place since Skyway West began providing Internet services in 1996 — so dangerous that we have decided it is our corporate responsibility to use our Domain Name Servers to help protect our customers. Over 80% of all malware types use the DNS for command and control so this will provide our clients with a strong first layer of internet security and protection. We are adjusting our existing DNS servers and adding new fully redundant DNS servers to automatically block replies and queries our customers make to phishing attacks, malware, viruses, and fraudulent websites. This is a free service for customers using our DNS, and particularly important for people using IoT devices (e.g., cameras, VoIP phones, etc.) IT World Canada recently reported that 70% of the most common IoT machines currently on the market are susceptible to attack.
It is our corporate responsibility to use our Domain Name Servers to help protect our customers
How Dangerous is the Internet?
The threat is real, and it isn’t just from hobbyist hackers anymore. Nation states, hacktivists, disgruntled employees and professional thieves have all leapt at the opportunities afforded by cyber crime. It has been reported the cost of this is now upwards of US $600 billion a year and that two-thirds of the people online (more than two billion individuals) have had their personal information stolen or compromised. More than 70 percent of attacks target small businesses and 62 percent of hacked SMBs go out of business within six months of a successful attack. Businesses with 1,000 employees or less have a 90 percent likelihood of having a data breach costing more than $216,000.
How do I use Skyway West’s DNS Firewall?
Skyway West customers using our current DNS servers do not have to do anything immediately. We will, however, be retiring the IP addresses associated with our current and legacy DNS services over the next several months, and urge all customers to change your Nameserver IP addresses to 220.127.116.11 and 18.104.22.168. The new servers are more powerful and are fully redundant, using multiple providers and data centres to ensure high availability to our customers.
Customers using a third party DNS like Google’s free public DNS service can use Skyway’s service just by changing their DNS settings as instructed above. In order for this to be effective, you must use our Nameserver addresses, and delete any third party address. If you do not wish to use the Skyway DNS Firewall, you may continue to use your own DNS resolver servers, or any public 3rd party resolver.
Contact Skyway Support to add premium filtering services or to force all DNS queries made on your premises through our DNS Firewall. Forcing all DNS queries through a DNS firewall is best practice to ensure mobile devices use the service.
Can I use this service if my IP address is not provided by Skyway?
You must be using a Skyway West provided IP address to access these services. To add sites not served by Skyway, contact our support team to register your static IP addresses. For internet access customers not served by Skyway, we charge $30/month per site served by DSL, cable or fixed wireless, $75/month for sites served by fibre speeds under 1000 Mbps, and $125/month for sites at 1000 Mbps or higher.
How can I see if the service is working?
Please visit http://blocklist.skywaywest.net If you have configured your DNS server correctly, you will receive a notice to say this page is blocked. If it shows anything else, please flush your cache and verify your settings.
How does a DNS firewall work?
Domain Name Servers (DNS) maintain a directory of domain names and translate them to Internet Protocol (IP) addresses, much like a phone book matches names to a phone number. Resolving domain names to IP addresses is necessary because computers and other machines access internet sites based on IP addresses. A DNS firewall blocks access to domain names that resolve to IP addresses associated with phishing attacks, malware, viruses, and fraudulent websites. A computer that is blocked will display a popup informing the user and asking them to inform their technical support. Note: we can only block traffic that uses the DNS to resolve a host name to an IP address, and therefore will not prevent the 9% of infected devices that reach an IP address without passing through a DNS.
Why use Skyway West’s DNS firewall?
Best practice internet security solutions use a “defence-in-depth” approach, layering levels of security beginning with the DNS as the outermost layer. This layer will not stop everything, but since 80% of all malware types have been shown to use the DNS it’s a great starting point for internet protection. Skyway West‘s DNS Firewall is delivered as a cloud service located in Canadian Internet Exchange points and powered by CIRA (Canadian Internet Registration Authority). At the heart of Skyway’s DNS Firewall is a policy-enabled DNS server, which analyzes every outgoing query and response, comparing them to a block list to enforce security. This block list is dynamically updated for close to real time protection. CIRA analyzes over 100 billion DNS queries every day, and each day adds over 100,000 new threats to the block list, managing this in part using data from Akamai‘s subsidiary Nominum who specialize in analyzing DNS queries from all over the world.
Best practice internet security solutions use a “defence-in-depth” approach, layering levels of security beginning with the DNS as the outermost layer. This layer will not stop everything, but since 80% of all malware types have been shown to use the DNS it’s a great starting point for internet security.
CIRA‘s mandate is to manage .ca domains, improve the Internet for Canadians and keep traffic within Canada. The Skyway DNS Firewall is similar to Cisco‘s Umbrella DNS firewall, but with two notable advantages: Skyway offers it for free, and we keep your traffic in Canada. Unlike Google‘s free public DNS services, Skyway West‘s DNS service is a firewall, keeps your DNS inquiries within Canada and is faster to respond because it is closer to you. Most importantly, we do not store the history of your DNS queries for marketing and promotional purposes. However, like Umbrella and Google, our DNS firewall service powered by CIRA‘s D-Zone is fully redundant using multiple providers and regions to ensure high availability to our customers.
Can Skyway West’s DNS firewall block a valid website?
The security of the internet is a constantly changing landscape. A site that was safe and secure yesterday may have been compromised overnight and may now be a known attack source. Though a rare occurrence, blocking valid sites is a concern with any firewall. If you feel a valid site is blocked, please send the full URL of the site in a message to our support team. We have a hot line directly to CIRA to unblock sites for specific customers until CIRA confirms the site is valid and permanently removes them from the block list.
For more information, please contact our Support at 604-482-1212 or firstname.lastname@example.org.
Interested in this blog post? Sign up for a free consultation from Skyway West.
Sign up and we'll be in touch to arrange a one-on-one consultation.