Cyber Defense - Through Protective DNS

Post date: Feb 03, 2021 7:50:9 PM

Simple security using a low cost device.

Hardware:

A "Raspberry Pi" is a very tiny, but complete, small form factor computer. These devices can be always on servers, it just depends on how you choose to use them.

Operating System:

"Ubuntu" - is an Open Source Linux Operating System that can be easily installed on this device.

Software:

"Pi-Hole": Think of it as something similar to a firewall as software, that works with your Network and/or WIFI Router to protect your network's traffic and while it's at it, it has an ad-blocker functionality that can protect every computer, tablet, device and phone connected to your Wired and Wireless networks. Pi-Hole is accessed and configured through a web page served by this device.

(Above) Pictured here is an Apple mouse on top of a Raspberry Pi.

The community that makes up the Raspberry Pi community, has made installing and configuring these devices a snap to set up and run.

The linux operating system setup is super easy, you just install the Ubuntu Server OS via the ubuntu.com website, select your raspberry pi unit, and run the utility to install it to an SD card.

Raspberry Pi - Server

Once Ubuntu Server is installed to the SD card, insert the SD into your raspberry pi, and boot up; use the credentials "ubuntu" as the user and "ubuntu" as the default password to get in, then configure it with a much better password. Run "sudo apt-get update" and press enter. Then when updated, run "sudo apt-get upgrade" and press enter. Type/Select "Y" to upgrade.

Just run these two commands every month to keep the device up to date. The update notifications for the Pi-Hole software come from its own web interface. Drop into terminal on your Pi device; The update command is: "pihole -up"

Once booted into Ubuntu Server, and your OS is updated, then, using the same terminal interface given to you -- install "Pi-Hole" with one command:

"$ curl -sSL https://install.pi-hole.net | bash"

Just follow the prompts during install. Make sure to use your favorite upstream DNS option. If you are interested, both Quad9 and OpenDNS provide an extra layer of security, which you can use for free.

Then go into your Wi-Fi routers' web configuration page (settings) and tell it to only use the raspberry pi's IP as your DNS as provided to you through this install process. That's the gist of it.

Your current Wi-Fi router will ping this device each time someone enters a URL or opens some web address. There is nothing on the computer, tablet or phone level to configure. If the URL matches something on the bad list, it simply won't go there. If it doesn't find the URL on the list, then it will reach upstream to your choice of DNS. If the DNS says it's ok, then the page will be sent to your device.

The next thing you will do is sign in to your Pi-Hole web command interface using the onscreen credentials found after the install. Make sure to use the group list(s) identified below as the Ad List/Restricted Domains lists, and after pasting it in, add it to the device with the Update Gravity Option, then click the bar to "Update" so that it uses the downloaded lists.

Source Links:

HARDWARE: https://www.raspberrypi.org/

HARDWARE - Full Build: https://www.pishop.us/product/raspberry-pi-4-desktop-kit-us/?src=raspberrypi

OS: https://ubuntu.com/raspberry-pi

Install OS: https://ubuntu.com/tutorials/how-to-install-ubuntu-on-your-raspberry-pi#1-overview

SOFTWARE: https://pi-hole.net/ https://github.com/pi-hole/pi-hole/

WiFi:

If you use Google WIFI Mesh in your organization/home: Use this article to help configure your setup... Use Option #2 to force the router to use the Raspberry for DHCP and DNS.

https://www.mbreviews.com/pi-hole-google-wifi-raspberry-pi/ This article is good for several reasons, just read it, it gives you an idea of how to deal with redirecting your routers services.

[The ideas presented will help you configure any wireless router.]

Protective DNS List:

The Basic List / Malicious Sites // Malware List: This is a list that is compiled from a couple of different sources. It's not for blocking ads and banners, It's just full of reported malicious domains. You can use this list in conjunction with your own lists or other's online lists to augment it. (This list is usually updated weekly with new domains).

https://raw.githubusercontent.com/pcwizardsinc/List/main/BasicList.txt

(This list currently contains just over 3,000 blocked/malicious domains. -Credit Card Theft domains recently added)

Just a few words about this software and the Ad List. This software helps protect your network, by intercepting domain name requests entered in to browsers purposefully, clicked links in emails, or anything typed and hit enter or Go either on purpose or by mistake. This software will compare what is presented to it, to the lists it has on file. If there are no matches, it will go "upstream" to your choice of DNS. Then the DNS upstream server will then respond back with the server IP/or name that is requested, and the computer in your network will go there and display the webpage requests.

This raspberry pi device is not a full fledged firewall. It's not meant to be. It's a protective measure, and it's an inexpensive system that gives a good layer of protection.

Also Note: You can "allow" anything that the lists above block. Just run the option on the left side of the menu bar to "Query Log", on the far right of the list presented in there is a button for each entry that allows you to add something to the block list, or if it's already blocked, you can add it to the allow list. It's very straightforward. The system manages it's own allow and block lists that are independent of the downloaded lists.

The lists of malicious domains listed in this blog article are not all inclusive, they are just a really good source of domains that your machines should not be visiting. As with all things, there are exceptions, possible false positives, etc. If you need to make an exception... go in and make it.

CISA recommends this kind of protection.

CISA - Joint NSA and CISA Guidance on Strengthening Cyber Defense Through Protective DNS

https://us-cert.cisa.gov/ncas/current-activity/2021/03/04/joint-nsa-and-cisa-guidance-strengthening-cyber-defense-through