- About Us
- Security Center
Every connection with the Internet, good and bad, starts with a DNS query. Your users rely on DNS to make connections to mission critical applications, websites, and resources on your network. Malware needs DNS to communicate back to their command and control servers to corrupt or steal your data, or complete whatever sinister mission for which the malware was created.
How secure is your DNS server? By turning your DNS server into a ThreatSTOP DNS Firewall, you will ensure that your users can safely connect with the Internet, while preventing threat actors from using them as an attack vector to ransom or exfiltrate your data or turn your network into a botnet for criminal use.
DNS Firewalls prevent your systems from communicating with harmful external resources. ThreatSTOP delivers continuous updates containing IP addresses and domains used by threat actors to intercept dangerous and unwanted traffic heading out of your network so the traffic can be blocked, monitored, or redirected to safe locations such as a walled-garden.
One of the biggest advantages of DNS Firewalls is the granular control afforded over the behavior of outbound traffic on the network. The DNS Firewall provides the flexibility to:
Deploying and configuring the ThreatSTOP DNS Firewall is fast and easy, usually requiring less than an hour before it is actively blocking threats. Because of this simplicity:
ThreatSTOP's DNS firewall product is fully customizable using our standard portal and UI. It only takes a few minutes for subscribers to select one of our standard policies or create their own custom policy in our portal. Policies can specify different rules so that, for example, attempts to contact botnet C&C servers can simply be denied while users who click on phishing links see a redirection to a walled garden.
These new rules, customized for their precise policy name, are obtained from the portal and are added to the BIND DNS server configuration files. The DNS server automatically downloads the policy and applies it to all lookups it receives. The policy is automatically updated (by default this is every two hours) so that the policy can block new threats and no longer block access to locations that have been remediated.
RPZ takes action based on the domain name queried (QNAME), the IP address returned (RPZ IP) or the fully qualified domain name (FQDN) or IP address of any of the name servers used in the resolution process (NS IP and NS DNAME). Depending on the match the name server can opt to:
The ThreatSTOP threat intelligence Web service works with most firewalls and other traffic management devices that can make a forwarding decision based on a DNS lookup. Our RPZ solution works with Bind Server 9.0 +. BIND is open source software that implements the Domain Name System (DNS) protocols for the Internet. It is a reference implementation of those protocols, but it is also production-grade software, suitable for use in high-volume and high-reliability applications. The service also works with the following devices: