Router

A router is one of the network devices that handles network traffic. It does it by forwarding data packets between different computer networks. When the router receives the data packets, it will check it, and it will compare it with its routing table. Then it will decide to send it to the next network toward the destination of the packets or not. Most of you are probably familiar with the routers. You probably have one at home, which manages packets from the home computer to the internet.

Functionalities of routers 

• IP address management: Routers assign IP addresses to devices within a network and provide network address translation (NAT) functionality to map multiple private IP addresses to a single public IP address.
• Traffic management: Routers implement Quality of Service (QoS) mechanisms to prioritize and manage network traffic based on predefined rules.
• Network segmentation: Routers allow for the creation of separate network segments, known as subnets, to enhance security and optimize network performance.

Firewall

Firewall, as the name suggests, is a barrier. Its purpose is to protect the devices behind it by filtering the data from coming to them and going from them and protecting from harmful communications like spam or viruses. It can be hardware, with router capability or just software, like the one Windows has.

Key features of firewalls

• Packet filtering: Firewalls examine packets based on predefined rules, such as source/destination IP addresses, ports, and protocols, to determine whether they should be allowed or blocked.
• Stateful inspection: Firewalls maintain state information about established connections, allowing them to make intelligent decisions regarding packet filtering and preventing unauthorized access.
• Application-level filtering: Some firewalls can perform deep packet inspection to analyze the content of packets at the application layer (Layer 7), enabling them to detect and block specific application-layer threats.

Importance of Firewall Monitoring

Firewall monitoring is a critical aspect of network security management. It involves continuous monitoring, analysis, and maintenance of firewall rules and logs to ensure optimal firewall performance and detect potential security incidents. Effective Dynamic Host Configuration Protocol provides the following 4 benefits:

1. Threat detection and prevention: By monitoring firewall logs and analyzing network traffic patterns, administrators can identify suspicious activities, such as unauthorized access attempts, malware infections, or data exfiltration, and take proactive measures to mitigate them.
2. Policy compliance: Firewall monitoring helps ensure that security policies and rules are consistently enforced, reducing the risk of policy violations and non-compliance with industry regulations.
3. Performance optimization: Regular monitoring enables administrators to identify and resolve performance bottlenecks, fine-tune firewall configurations, and optimize network traffic flow, thus enhancing overall network performance.
4. Incident response: In the event of a security incident, firewall logs provide crucial information for forensic analysis and incident response. Monitoring allows for the timely detection and response to security breaches, minimizing potential damage.

Router vs firewall

To easily understand the router vs firewall topic, see this table:

Hardware firewall vs software firewall

Now to a bit of a different subject, hardware firewall vs software firewall. Both protect you from malicious traffic, but they have some differences.

The hardware firewall can be a stand-alone device or a part of a router. Such a router is a simple and effective protection solution for your network. It reviews the headers of the data packets and decides if it can be trusted. If it thinks the packet is safe, it will forward it, if no, it will drop it.

A software firewall is a program that you can install on your computer. It can be a part of an antivirus suite or separate. It will protect from uncontrolled access to your computer. Depending on the software, it can keep you safe from Trojans and worms too. The difference with the hardware one, this one will protect just the device that has the firewall installed. If you need a firewall on all of your devices, you would need to install it on all of them. Another disadvantage of it is that it will run in the background, which will take some system resources and may lead to slowdowns.

How do DHCP, routers, and firewalls work together?

DHCP, which stands for Dynamic Host Configuration Protocol, is responsible for assigning IP addresses to devices within a network. It acts as a mediator between routers and firewalls, ensuring that devices can communicate with each other and stay secure.

Routers are like traffic directors. They help direct data packets between different networks, ensuring they reach their intended destinations. Some routers also have built-in DHCP server functionality, allowing them to assign IP addresses to devices in the network.

Firewalls, on the other hand, are like security guards. They monitor and control the flow of network traffic to protect against unauthorized access and potential threats. While firewalls primarily focus on security, they can interact with DHCP in a couple of ways.

Firstly, firewalls can act as DHCP relays. If devices and DHCP servers are on different network segments, the firewall helps relay the DHCP messages between them, ensuring that devices can still get their assigned IP addresses.

Secondly, firewalls can inspect DHCP traffic and apply rules to allow or block it. This filtering capability helps prevent unauthorized DHCP servers or DHCP attacks from compromising the network’s security.

Lastly, firewalls can use DHCP lease information to enforce security policies. By looking at the DHCP lease table, they can identify devices based on their assigned IP addresses and apply specific security rules or identify potential unauthorized devices on the network.

In simpler terms, DHCP ensures devices have IP addresses to communicate, routers direct the traffic, and firewalls protect the network by working alongside DHCP to manage IP addresses and filter network traffic.

Switches vs routers vs firewalls: How do they fit together?

In a typical network setup, devices such as computers and printers connect to a switch. The switch facilitates internal communication within the local network by forwarding data packets based on MAC addresses.

The switch then connects to a router. The router manages traffic between different networks by using IP addresses to route data packets. It ensures that data from your local network reaches its destination on other networks, such as the internet.

Finally, the router connects to a firewall. The firewall acts as a barrier, inspecting and filtering traffic to protect your network from unauthorized access and cyber threats. By examining data packets based on security rules, the firewall ensures that only safe and authorized traffic enters or leaves the network.

Example Setup:

Devices -> Switch -> Router -> Firewall -> Internet

This configuration ensures that devices can communicate within the local network, that traffic is efficiently managed and routed to appropriate destinations, and that the network is protected from external threats. This collaborative setup of switches, routers, and firewalls provides a robust, efficient, and secure network infrastructure.

Conclusion

Routers and firewalls play vital roles in securing networks and protecting sensitive information. While routers focus on efficiently forwarding data packets between networks, firewalls provide an additional layer of security by monitoring and controlling network traffic based on predefined rules. Both are essential components of a robust network security architecture.

The post Router vs firewall, can you guess which is better? appeared first on ClouDNS Blog.

Many IT specialists say that whitelisting leads to better protection, but it has too many limitations. It takes too much time and needs continuous changes. This generates more expenses. On the other side is the blacklisting. You simply put all the problematic devices in a blacklist and they no longer can engage with your network. But can you block all of them?

What is DNS filtering? Do you need it?

Let’s check them out and we later you can make your choice on the “Whitelisting vs Blacklisting” debate.

Blacklisting

Many companies build their business on top of the blacklisting. This is the case of all the antivirus firms. They create a massive list of malware, including every new one there. If we think about it, we can see that it is a very practical approach to the common attacks.

The purpose of blacklisting is often to protect against potential harm, maintain integrity, or enforce compliance with certain standards. It can be implemented by various entities such as companies, organizations, or even governments to restrict access to resources, services, employment opportunities, or other privileges. 

Blacklisting can be used for blocking specific applications and websites. This will reduce the risk that your employees introduce with their actions.

Pros and Cons of Blacklisting

Pros of Blacklisting:

Simple and scalable. Yes, it is basic protection, but it stops many of the attacks. It is also straightforward to apply it to different devices. You just install the software. A system administrator can do it to all of the computers at the same time.

Easy to administrate. The primary responsibility to maintain the blacklist is on the third party (the software provider of the antivirus). The provider is often updating the list and searching actively for new threads while the IT specialists inside the protected company, don’t need to do a thing.

Protection: Blacklisting helps organizations and communities protect themselves by excluding individuals with a history of misconduct or violation from certain activities.

Cons of Blacklisting:

Potential for abuse: There is a risk of false accusations or unfair targeting, leading to the unjust exclusion of innocent individuals or entities.

Lack of due process: Blacklisting can infringe upon an individual’s rights and reputation without providing a fair opportunity for defense or redemption.

Hindrance to rehabilitation: Blacklisting can limit opportunities for personal growth and reintegration, potentially perpetuating a cycle of exclusion.

Whitelisting

Whitelisting is about prevention, not about reacting. People do blacklisting after they have found a problem, whitelisting stops everything except the allowed on the list.

The system administrator can apply the whitelist on the scale of the network. Doing this, they can allow just specific websites or only individual applications. This is good for limiting the threads, but it can affect the work when somebody needs a new app or visit a new site. It will require more work from the admins.

Whitelisting is very practical for remote access. Imagine you want to allow some of your employees to work from home. You can’t use blacklisting, because it will take you forever to block all the IPs from other people, outside of your company. You will use the whitelisting and add just a few IPs (they need to have static IPs).

Pros and Cons of Whitelisting

Pros of Whitelisting:

Enhanced Security: Whitelisting provides a high level of security by only allowing pre-approved programs, applications, or entities to access a system or network.

Prevents Unauthorized Access: By explicitly specifying what is allowed, whitelisting ensures that only trusted and authorized sources can interact with a system, reducing the risk of unauthorized access or malware infiltration.

Granular Control: Whitelisting allows for fine-grained control over what is permitted, allowing administrators to define specific rules and permissions for different entities or processes.

Cons of Whitelisting:

Administration Overhead: Maintaining and managing a whitelist can be time-consuming and require regular updates as new legitimate entities or processes need to be added.

Potential for Overblocking: In some cases, legitimate sources or applications may not be included in the whitelist, leading to unintentional blocking or access restrictions.

False Sense of Security: While whitelisting provides robust protection against unauthorized access, it does not guarantee complete immunity from security breaches, as sophisticated attackers may find ways to exploit authorized entities or processes.

Whitelisting vs Blacklisting table comparison

Examples

Here are some specific examples of whitelisting and blacklisting that may apply to business:

Software:

• Whitelisting: The business limits access to specific applications utilized by select employees for their designated roles. These roles include accounting, human resources, and payroll. Organizations limit access to these applications to the machines or servers dedicated to these functions.
• Blacklisting: The business blocks access to games or applications that could potentially contain malware or pose security risks to the company’s systems.

Email:

• Whitelisting: The business configures its email system to only receive emails from trusted sources, such as clients or internal employees, ensuring that important communications are not missed.
• Blacklisting: The business blocks domains or email addresses known for sending spam, junk, or phishing emails, protecting the company’s network and employees from potential security threats.

DMARC, the solution for your phishing problems

Websites:

• Whitelisting: The business restricts access to specific websites that are essential for employees to perform their job functions, such as accounting-related sites or industry-specific resources.
• Blacklisting: The business blocks access to websites that may interfere with workplace productivity or pose security risks, such as pornography sites, gaming platforms, or social networking sites.

These examples illustrate how businesses can implement whitelisting and blacklisting to enhance security, productivity, and compliance with company policies.

What is Greylisting?

Greylisting is an SMTP-based email filtering technique used to combat spam. When an email is received from an unknown sender or IP address, the receiving mail server temporarily rejects the message with a “soft bounce” response, specifically a temporary SMTP error code (usually 4xx). Legitimate email servers are designed to retry sending the email after a specified delay, typically within a few minutes or hours. In the meantime, the greylisting server records the details of the incoming email (sender, recipient, and IP address) and adds them to a temporary whitelist. Once the email is re-sent, the server checks the whitelist and, if the details match, accepts the message. Greylisting exploits the fact that most legitimate email servers will retry delivery, while many spam systems do not, thereby effectively reducing spam volumes. However, this technique may introduce a slight delay in email delivery due to the initial rejection and delay period.

Whitelisting and Blacklisting with AI, ML, and Blockchain

The evolution of technology continuously shapes the effectiveness and implementation of whitelisting and blacklisting:

• Artificial Intelligence (AI) and Machine Learning (ML): AI and ML are revolutionizing whitelisting and blacklisting by enabling dynamic lists that can adapt based on behavior patterns and emerging threats. For example, AI can automate the process of updating whitelists with legitimate applications or detect anomalies that might indicate a need to blacklist new threats. These technologies are particularly effective in environments where security needs to quickly adapt to new and evolving challenges.
• Blockchain Technology: Some security platforms are starting to utilize blockchain to manage and securely distribute whitelists and blacklists. Because blockchain data is immutable and transparent, it can provide a secure, decentralized method for managing these lists that is resistant to tampering and fraud. This application of blockchain in cybersecurity leverages its inherent strengths to enhance the integrity and reliability of traditional security measures.

Conclusion

Whitelisting vs Blacklisting, did we find which is better? No, they have their good and bad sides. The best option is a combination of the two, depending on your IT specialists’ capacity. You can use antivirus software (blacklisting) and block some specific list of websites that you don’t want to be accessible from your company. At the same time, you could use whitelisting for your remote access and more sensitive data inside your company.

The post Whitelisting vs Blacklisting, preventing or reacting appeared first on ClouDNS Blog.

DMARC explained

DMARC is an authentication, policy and also reporting protocol. It uses both SPF and DKIM and adds linkage to the “From” domain name, policies for handling the incoming email in case of failure and something very important – report for the sender. That way the sender can see if there is a problem, and act on it.

The main purpose of DMARC is to protect against direct domain spoofing. If an attacker tries to send email from not authorized, DMARC will detect it and block it.

Combined with BIMI, you will also give proper protection to your brand reputation by providing authentic messages.

Why SPF and DKIM are not enough?

SPF – Sender Policy Framework has the goal to validate the senders’ servers. The receivers check the SPF record and see the IP address. It should be matching the IP address of the domain of the sender.

A problem with the SPF is that the SPF record applies to the return path of the domains, not to the domain, that shows in the “From” on the user interface. DMARC fixes this flaw with alignment, a match, between the visible “From” and the server authenticated by SPF.

DKIM – DomainKeys Identified Mail. The owner can use DKIM record to sign the emails that it sends. The emails will have extra data (encrypted) in the header that can be verified through the DNS. This technology is not flawless too. Many companies don’t rotate the key, and that can be a big problem. This is another thing, DMARC fixes. It provides rotating keys.

How does DMARC work?

We mention already that DMARC uses policies. The administrator sets them, defining the email authentication practices and what should the receiving email server do if an email violates a policy.

When the receiving email server gets a new email, it makes a DNS lookup to check the DMARC record. It will look for:

• If the DKIM signature is valid.
• The IP address of the sender, if is one of the allowed by him (SPF record).
• If the header shows proper “domain alignment”.

With all of the above in consideration, the server DMARC policy to accept, reject or flag the email.

In the end, the server will send a message to the sender with a report.

Benefits of DMARC

Here are some of the main advantages of implementing this advanced protocol.

For the sender:

• Shows that the email uses authentication – SPF and DKIM.
• Receives a feedback about the sent email.
• Policy for failed email.

For the receiver:

• Provide authentication for the incoming emails
• Evaluating the SPF and DKIM
• See what the sender prefer – policy
• Returns feedback to the sender

DMARC Record example

DMARC records are a simple text (TXT) DNS records. They look like this:

“v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@dmarcdomain.com”

• V – the version of the protocol. In the example is version 1
• Pct – % of the messages that are subject to filtering (pct=20)
• Ruf – URI for forensic reports (ruf=mailto:authfail@example.com)
• Rua – URI for aggregate reporting (rua=mailto:aggrep@example.com)
• P – Policy, organizational domain (p=quarantine)
• Sp – Policy, subdomains of the organizational domain (sp=reject)
• Adkim – Alignment for DKIM (adkim=s)
• Aspf – Alignment for SPF (aspf=r)

DMARC record generator by ClouDNS

Why use DMARC?

DMARC is a protocol used to help prevent email fraud and phishing attacks. Here’s why it’s important and why you should use it:

• Prevention of Email Spoofing: It helps prevent attackers from spoofing your domain, a common tactic in phishing attacks. By authenticating emails sent from your domain, DMARC ensures that only authorized senders can use your domain name.
• Improved Email Deliverability: Implementing it can help improve your email deliverability by reducing the chances of your legitimate emails being flagged as spam or being rejected by email servers. When email receivers see that your domain is protected by DMARC, they are more likely to deliver your emails to the inbox.
• Protection of Brand Reputation: Phishing attacks that use your domain can harm your organization’s reputation and trustworthiness. DMARC helps protect your brand reputation by preventing unauthorized use of your domain in phishing emails, thereby maintaining trust with your customers and partners.
• Visibility and Control: DMARC provides visibility into email traffic sent from your domain through reporting mechanisms. You can monitor email authentication results and receive reports on email activity, including information about legitimate and fraudulent email senders. This allows you to take proactive measures to protect your domain and email infrastructure.

What is an MX record?

Conclusion

DMARC can significantly lower the number of fraud emails and spam. It is not 100% bulletproof, but it adds a lot of extra protection in comparison with the other two solutions – SPF and DKIM. The reporting functionality is welcome plus too.

The post DMARC, the solution for your phishing problems appeared first on ClouDNS Blog.

DNS Failover

When you have a DNS, your clients can reach your site through from different locations by connecting to the closest Point of presence (PoP). This point can be down for some reason – maintenance, overload, hardware problems, etc. The client who try to connect to this PoP when it is down, can’t access your site.

Your IT staff can change the A or AAAA record to another IP manually, but first, they need to get notified that the PoP is down and later to take actions.

Having a DNS Failover activated will save a lot of troubles. It is a feature, available on all our DNS plans except the free one. ClouDNS DNS Failover provides you the security that your website will be up during network outage by redirecting the traffic to one of the 5 backup IPs that you can define in the settings. Even in a situation where more than 1 PoP is down, your website will stay live. The DNS Failover provides different monitoring options using DNS, UDP, TCP, HTTP(S), and ICMP Ping requests. The DNS Failover monitoring happens every minute, far more often than most of our competitors.

Suggested page: What is HTTP/HTTPS monitoring?

You can set up when exactly, the system must take action. Automate the process and don’t worry anymore about the downtime.

If you want to see the full list of actions and the setting you can put for it, you can check DNS Failover and Monitoring Documentation.

Conclusion:

The failover will keep your website up. It will guarantee that all your clients, no matter where they are, will be able to visit your site even if a few of your PoP are down. This means no problems for you, more potential sales and better customer satisfaction level. If you have a paid DNS plan form ClouDNS, you can set it up from your control panel. If you don’t have, check out our DNS Failover.
We hope this article was useful to you and you never ever have network problems!

The post DNS Failover, the backup that keeps your site online appeared first on ClouDNS Blog.