Why is DNS so important?
DNS is the phone book of the internet, every website that is accessed, either legitimate or malicious will get resolved by DNS. While in the office or via VPN, a corporate network usually has various security solutions to prevent users from accessing malicious websites and getting infected, but working from home is a different story. I personally think this is a great opportunity to improve cyber security on your home network as well.
- Use Cloudflare DNS to protect against malicious websites
- Manually blacklist websites and domains through the local hosts file
- Set up piHole as your DNS server
Using Cloudflare DNS
Cloudflare took a strong stance on privacy and cyber security and has improved on their public DNS service 184.108.40.206 with two new services:
- 220.127.116.11: block malicious content
- 18.104.22.168: block malicious and adult content
More info can be found on this blogpost: https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
The good part is that you can configure the DNS server for the entire network via your home router (if it has this feature), or individually for each device.
To test this out you can also use the command-line utility nslookup.
To test the malware blocking capabilities wihout the risk of actually visiting malicious websites and risk getting infected, Cloudflare has a test website available https://phishing.testcategory.com.
One interesting thing that I noticed, this does not work when using it over VPN, granted that I've used TunnelBear VPN which is hosted on DigitalOcean.
Manually updating the hosts file
While this is quite powerfull, the downside is that if you have multiple computers you have to make the changes on each and one of them. Another downside is that this is not available for mobile devices (or at least in a easy way).
To make these changes all you need is a text editor, the location for the hosts file:
- Windows: C:\Windows\System32\drivers\etc\hosts
- OSX and Linux: /etc/hosts
There are a couple of great resources on where to get blacklisted domains.
One other important aspect to be aware of, is that these will require constant updates with new malicious domains.
Dealing with tracking websites
Apart from malicious websites, legitimate websites embed a lot of tracking services. DuckDuckGo actively scans for tracking services on popular websites.
While writing this article, I've started using the DuckDuckGo Privacy Essentials Safari extension, meant at blocking trackers on website.
The ultimate DIY home network security project for tech entuziasts is piHole, or at least in my opinion. Originally it was designed for the RaspberryPi, but with Docker getting more popular, piHole can also be deployed as a container.
When I was younger I always wanted to set up and manage bind, but it was quite hard. Well, with piHole everything is quite easy, and it also provides a very nice web interface to monitor the websites that are being blocked.
- Installing piHole can be done with ease: https://docs.pi-hole.net/main/basic-install/
- It can also be installed on Docker: https://hub.docker.com/r/pihole/pihole/
Wrapping things up
There are a lot of free opportunities available to enhance the security of your home network.