Security Quest #6 – OpenDNS

OpenDNS is a standalone DNS service that anyone can use. The term “Open” in this case means open to anyone, not open source. When you switch to the OpenDNS servers for name resolution you’ll stop using your ISP’s servers and you’ll be using the OpenDNS servers. This could provide a performance benefit if your ISP’s name resolution is slowing things down.

Switching to OpenDNS is fairly simple, simply type in their DNS server addresses (208.67.222.222 and 208.67.220.220) in the appropriate spot in your network configuration. If you have a home network you should do this at the router. The OpenDNS website has instructions for many routers. If your making the changes on a computer they also have instructions for most OS’s.

All OpenDNS features are free. If you type in a bad URL they will display a search page that contains advertising.

Faster DNS is good, but the security features that OpenDNS brings are even better. You’ll need to sign up for a free account to manage these features. Anti-Phishing is on by default (no account needed to leave it on) but the others are off by default and you’ll need an account to turn them on and configure them.

Anti-Phishing

OpenDNS provides anti-phishing protection which is on by default. OpenDNS uses (and operates) PhishTank to identify phishing sites. If the URL is identified as a phishing sites it’s blocked and a block message is displayed. PhishTank is used by others such as Yahoo Mail and there’s a Firefox add-on that used it.

Domain Blocking

OpenDNS can also be used to block domains. You can also block a sub-domain. The example they use is mail.yahoo.com to block Yahoo Mail but allow the rest of Yahoo or yahoo.com to block all of Yahoo. In my case I block domains for the pop-up ads (and any ad that annoys me) that make it through the Firefox popup blocker. You could even go so far as to block doubleclick.net to block all their ads. It takes about 10 minutes for a block to take affect.

Adult Site Blocking

OpenDNS can also block several categories of adult sites. Data for this service is provided by St. Bernard’s iGuard. There are various categories of adult sites, from what some may not consider adult to one called “tasteless”. Since many adult sites may be used to spread malware this can provide some protection against typos or errant clicks.

Whitelists

While the above features block sites, there may be cases where you want to allow a site which would otherwise be blocked. You can add these sites to a whitelist which will prevent it from eve being blocked.

Additional Features

OpenDNS also includes several features that aren’t security related.

Typo correction – changes google.cmo to google.com

Shortcuts – create a keyword that goes to a URL. For example, mw can go to www.mywebsite.com

Statistics – you can view statistics about your DNS requests (optional and is off by default).

Security Software

CNet reviewed three Windows PC security packages this week. They rated McAfee VirusScan Plus 2008 – complete package a 7.0 out of 10. Panda AntiVirus 2008 was rated 6.0 out of 10. CA AntiVirus Plus AntiSpyware was also rated 6.0 out of 10. None were an editor’s choice

News & Information

ArsTechnica.com – Hackers target Finnish forum, crack logins for almost 80,000 users– Good example of why it’s a good idea to use different passwords on different sites.

ArsTechnica.com: Comcast’s law enforcement handbook leaked, could teach telecoms a thing or two– Comcast document leaked. Makes them look good compared to telcos.

ArsTechnica.com: Verizon Wireless: If you don’t opt out, we get to share your CPNI call data– Verizon Wireless will start sharing your calling data unless you opt-out

Lifehacker.com: Featured Firefox Extension: Create Strong Passwords with Password Hasher– Lifehacker brings a Firefox extension for creating strong passwords.

Macworld.com: I will be smarter about how I handle e-mail– Some tips about safe mail use. While a few product mentions are Mac specific, the tips can apply to anyone.

Macworld.com: I will behave cautiously online– Some tips for safe browsing. Even Mac users are vulnerable in this area since the operating system is irrelevant.

Macworld.com: I will keep my Mac safe from other users– Some tips on securing a Mac. Can’t say I do all these things

Macworld.com: I will use good passwords– Some tips for using passwords