Lap 7: DNS Malicious domain blocking

DNS malicious domain blocking is a cybersecurity measure that uses your network's Domain Name System (DNS) to prevent access to known harmful websites. This is a service that filters internal DNS requests for external websites or IP Addresses; blocking known malicious sites, this is different from CIPA or COPPA DNS Filtering.

Main Points:

When a device requests a web address, the DNS server checks it against a list of malicious domains (e.g., those associated with malware, phishing, and ransomware) and blocks the request if a match is found, often redirecting the user to a warning page instead.

Protection against malware: It can stop drive-by downloads, where malware is installed just by visiting an infected website.
Defense against phishing: It blocks access to fake websites that are designed to steal your login credentials.
Enhanced security: It adds a proactive layer of defense for both individuals and organizations, helping to prevent data breaches and other cyberattacks.
Compliance: It can help organizations meet regulatory requirements for data security.

Actions to Take:

MS-ISAC: Malicious Domain Blocking and Reporting (MDBR) (Free service for all public schools)

More information here: https://www.cisecurity.org/ms-isac/services/mdbr
Register here: Malicious Domain Blocking and Reporting

Cloudflare Secure DNS (free for qualifying schools

Provide free to small K-12 school districts in the US DNS Filtering with no time limit.
For more information

Filtering Malware via Web Filter

Check with your firewall or web filtering vendor for malware blocking instructions within your product.

Related Resources:

What is DNS? How does it work.

Cybersecurity Security Plan Controls

Texas Cybersecurity Framework: SC-21	NIST Cybersecurity Framework: SC-21
Center for Internet Security (CIS) v8: 9.2	CISA Cybersecurity Performance Goal (CPGs): 1.E
K12six Essentials Cybersecurity Protection: 1.1	TEA cyber initiative: FY25-26 Looking ahead survey