Wednesday 1 November 2023

UK NCSC's Protective DNS service

08:09 Posted by G No comments

I have done some work as part of my day job with the UK NCSC (National Cyber Security Centre), they have always been great to deal with, and all the people I've met have been very passionate about protecting the UK from cyber threats.

They have a number of services that I'm not sure get the recognition or usage that they should.  At work we use their Early Warning system, that does a simple daily (I think) perimeter scan of your IP addresses to try and find vulnerabilities. We have had a recent alert for a NetScaler vulnerability that was very timely (we were already in the process of patching it). I highly recommend this free service - link here

They also have some good incident simulation tools, I've not personally used them, but their Exercise in a box is another free service for running desktop drills for cyber incidents.  One of the key steps we tell our customers to take is to practice for events like a ransomware attack. Building up a muscle memory of how to react or at least planning for that event makes it much less scary if it ever does happen. Link here

However the point of this blog post is that last week the NCSC released another tool to help schools last week. This is a protective DNS services, which in essence replaces an ISP DNS services, and will filter out requests to known malicious sites.

As the NCSC says :

" PDNS is already a tried and tested solution as it’s been freely available to organisations like central government, local authorities and devolved administrations for several years "

It's a simple configure once service that's invisible to the end users, but provides an additional level of security. Kudos to the NCSC for rolling this out further.

We did look at offering this to our customers, but asking SME's to reconfigure their ISP's router settings proved to be too complicated to do in a simple and scalable manner.

However there are a number of similar services that are available to home users for free. Google, Cloudflare and some of the other large internet scale companies offer a free service.  Most of these are based around performance rather than security benefits, but there is quite a wide range of options. I found this article really useful, it's a couple of years old now, but provides a good in-depth comparison.