In regions of the world where data is expensive and therefore limited, subscribers utilize DNS tunneling software to bypass data limits, which enables them to access the internet without paying for it. This usage of a service provider’s bandwidth without compensation leads to loss of revenue for the provider.
Bypassing wifi controls with DNS Tunneling
The open nature of the DNS, which enables tunneling for bandwidth theft, is also used by attackers as a method to exfiltrate stolen data. This data can be proprietary corporate data, private credit card or other financial data, or sensitive government information. In some countries, service providers are required to prevent the exfiltration of data with penalties for non-compliance.
Exfiltrating Data from a Corporate Network
Blocking DNS Tunneling with Secure64
Blocking DNS tunnels with Secure64 is done with an on-box security service, Secure64®TunnelGuard™, that detects and automatically blocks DNS tunnels. The service is:
Comprehensive: Proprietary algorithm uses behavioral analytics to detect and block many types of tunnels
Accurate: Built to be highly accurate, but threshold levels can be tuned
Real-time: TunnelGuard detects tunnels after only a small number of DNS queries – the on-box detection enables tunnels to be detected before they have a chance to cause harm
Efficient: Intelligent system only inspects suspicious cache misses, while deep packet inspections use highly optimized algorithms. Altogether this provides minimal affect on performance.
TunnelGuard is part of Secure64® DNS Guard™, a security service that works with Secure64® DNS Cache™ to block malware, phishing, bots and DNS tunneling. TunnelGuard can be purchased alone or with one or both of the other modules, FraudGuard and MalwareGuard. To learn more about DNS Guard, click here.