Protective DNS

Protective DNS intercepts name resolution requests to locations known to be involved in crime, malware, and distribution of undesirable content. It can also disrupt tracking and prevent advertisements.

For small residential networks that lack skill and infrastructure, some degree of Protective DNS could be provided by using the free DNS service provided by Quad9.

Quad9 provide a privacy-focussed high-security DNS service that filters malware, phishing and botnets, although they do not block adverts, trackers or unacceptable content. Using Quad9 DNS service is very easy; one simply sets forward DNS servers to be 9.9.9.9 and 149.112.112.112.

SOHO, SME and corporate networks should consider a more sophisticated local or cloud-hosted Protective DNS service, as I describe in this post.

Outbound firewalling

Outbound firewalling ensures only expected traffic leaves your network. This can block use of undesirable services and disrupt malware and ransomware, keeping you safer.

Outbound firewalling is considerably more challenging to achieve for small residential networks as consumer routers typically lack the capability to filter outbound traffic. Furthermore, a cloud-hosed firewall makes little sense without additional infrastructure and configuration. Host-based firewalls are an option but are typically complex. This leaves small residential networks in a position of risk.

SOHO, SME and corporate networks should consider an on-premises firewall. Commercial options can be expensive but as I describe in this post, easy, low cost and free options exist, such as pfSense, and their branded low-cost firewall appliance.

How I can help

I have lots of experience helping clients protect their networks using Protective DNS and Firewall. Please get in touch if I can help you too.