Black Basta Team and double extortion ransomware attacks

Protect smartphones and tablets from cyber risks: the mobile security

 View all
CYBERSECURITY

Strengthen Android privacy and security via Telsy free secure DNS over TLS

Starting from Android 9 Pie (https://www.android.com/versions/pie-9-0/ ), Google has released some interesting features related to the tuning of its mobile operating system and in particular the possibility of modifying some settings in order to increase its security and privacy. Indeed, anyone who has browsed the network settings tabs once obtained this release of the OS may have already noticed the possibility of setting his/her own private DNS with TLS (Transport Layer Security) support.

This new feature represents a big step forward in simplifying some procedures that were previously necessary to achieve acceptable levels of privacy and security for Android devices. For example, during normal browsing, an Android device, like other peripherals, make use of a protocol, called DNS (Domain Name System), which normally works in an unencrypted way. This means that any network node placed between us and the site we are browsing can see our DNS requests in the clear and without any restriction.

However, by configuring the use of a DNS over TLS server on your device can be possible to prevent this from happening as communications are encrypted and secure. In addition to using strong cryptographic algorithms to ensure browsing privacy, Telsy SecureDNS servers also implement resolution filters that prevent our mobile devices from contacting malicious sites that could undermine the security of the system or exfiltrate data and information from it.

 

Configuring Telsy secure DNS over TLS on Android

It’s really simple:

[EN] : Go to Settings -> Connections -> Advanced -> Private DNS

[IT] : Vai su Impostazioni -> Connessioni – > Altre Impostazioni di rete -> DNS privato

Set the private DNS as on the model of the following image :

Telsy SecureDNS over TLS: dns01.telsy.com

you can, alternatively, use dns02.telsy.com as well.

 

FAQ

What DNS is ?

The DNS protocol is the basis of the Internet and of all online activities. It allows the conversion of a domain name (such as, for example, www.google.com) into numerical addresses through which computers can communicate each other.

My computer and my devices are already using DNS ?

In order to access websites on the Internet your computer and your devices must leverage on DNS servers and they are usually configured by your ISP. So, YES!

Can normal DNS servers protect my computer and my devices from malware and / or from other threats like phishing, frauds etc.etc. ?

A normal DNS servers is limited to converting a domain name (like www.telecomitalia.it) into a numeric address. It does not make any kind of evaluation about the potential threat a website you are browsing could pose to your computer. Then, the answer is NO!

How can Telsy SecureDNS protect my computer and devices from threats such as malware, phishing, scams and data exfiltration ?

Almost all pieces of malware today refers to the DNS protocol to reach their command and control centers (CnC) and steal data from users. Cyber criminals often use malicious infrastructures and phishing / fraud websites that rely on DNS to deceive users in order to steal money and / or information (some hypothetical example could be qoogle.com, paypaal.com, microsooft.com, etc. etc.). A normal DNS server cannot prevent users from navigating / reaching these sites and be victims of scams, phishing, frauds, exploit attempts and malware. Telsy Free SecureDNS, instead, implements special evaluation algorithms for each domain name that needs to be resolved. It can classify them as trusted / suspicious / malicious. All domain names classified as “malicious” are immediately blocked, (saving the user from potential risks such as data loss or data exfiltration) while “suspicious” ones are manually investigated by Telsy analysts and eventually classified as “malicious” at a later time. This classification process is supported by Telsy Cyber Threat Intelligence and Investigation platform, from which SecureDNS acquires data feeds to maximize its effectiveness . For the freely available version of SecureDNS, users will be protected only from reaching malicious domain names internally flagged as “tlp:white“.

Can Telsy ensure the latest threat intelligence and block capabilities ?

Telsy acquires threat intelligence information from OPEN, COMMERCIAL and INTERNAL sources. Most of this information are in the form of Indicators of Compromise (aka IoCs) and can be represented by malicious URLs, malicious IPs, spam emails etc.etc. and, obviously, by malicious domain names. Telsy goes to classify internally these indicators on the basis of a color matrix (white, green, amber, red). These colors represent the degree of confidentiality that Telsy assigns in information management. The “red” represents the highest degree of confidentiality. It identifies indicators of compromise acquired almost exclusively from internal research (extracted from malware samples for example) or from strickly closed sources. The free Telsy SecureDNS service blocks only the IoC classified as “white” (aka tlp:white)

Can I have a Telsy SecureDNS service that ensure the protection for indicators up to tlp:red ?

Yes, it’s a paid service (Pro SecureDNS). Use the contact section to know more or read more on https://www.telsy.com/it/overview_details/orion/

Does Telsy Free SecureDNS store any personal data ?

We collect several information on our users such as:

1. Geo-location of the system that makes the request (only countries)

2. DNS records queried and their timestamp

3. Statistics about blocked domains

We do not collect the IP address of the system that makes the request or other personal information. Some exceptions can be made in case of attacks on our infrastructure.

Can I use Telsy SecureDNS for my deskop as well ?

Yes ! Read more on https://blog.telsy.com/free-secure-dns-telsy/

Is Telsy Free SecureDNS expected to be subject to a fee in the future?

We already have two SecureDNS plans: a paid one (Pro SecureDNS, aka Testudo, blocking threats up to tlp:red) and a free one (Free SecureDNS, blocking only tlp:white threats). So, the answer is NO !

Is there a way I can know if i’m really protected by Telsy Free SecureDNS ?

You can try to navigate testforblock.telsy.com with your browser. If you see a Telsy courtesy page like below, you are corretly using Telsy Free SecureDNS.

If I use Telsy Free secure DNS over TLS, can I expect my organization to be contacted by Telsy analysts to inform me of any security incidents ?

No. Telsy Free SecureDNS does not collect personal information (like, for example, the source IP address) of DNS queries handled. For this reason, a hypothetical infection cannot be associated with a specific user. Instead, with Telsy Pro SecureDNS, Telsy analyst will inform you about ongoing infection within your network in order to suggest mitigation and remediation actions.

I have lots of other questions to ask. What can i do ?

You can use the contact section.