One of the most common requests we receive in Technology is for a recommendation on anti-virus software to install on staff or student personal computers and mobile devices. While the right anti-virus (also known as anti-malware or AV) software can help keep malware off your devices, there are a huge number of products to choose from on the internet – picking the right one can be a daunting task. In fact, you might not be surprised to find out that many so-called “free” anti-virus applications are actually delivery vehicles for malicious or unwanted software. (This is what would be known as a Trojan – hidden malicious software masquerading as a legitimate application). So, while AV software can be a great tool to help secure your personal devices, it might not be the most effective option. It certainly might not be the easiest to implement. For a quick, effective solution -- that is easy to implement -- we’ve been recommending the use of a family-friendly DNS filter on your home network.

What is DNS filtering?

To answer this question, we first need to answer the question ‘What is DNS?’ DNS, or Domain Name System, is the system that allows the URLs you type in to web browsers bring up content that is stored on web servers from anywhere on the internet. Every machine on the internet has a unique IP (or Internet Protocol) address which usually takes the form of four 3-digit numbers separated by [.]s. An example is the public IP address for the Google’s search page, 216.58.194.110. DNS simply provides a means to map the human-friendly URL (www.google.com) to a unique IP address on the internet. DNS filtering uses a database of website categorizations to change how your browser (or any web-connected application) attempts to reach a web server on the internet if that server is hosting malicious or otherwise undesirable content. Consider an example: suppose you were tricked into clicking on fake link in an email that points to ‘malware-on-this-site[.]com’; instead of connecting your browser to the malicious server at its assigned IP address, the DNS filter loads a block page hosted on a known-secure server. This prevents the malware hosted on the fake site from ever being downloaded to your computer. If there isn’t anything downloaded to your computer, then there isn’t anything for your AV program to scan/quarantine/remove!

Why is this important?

DNS filtering works behind the scenes to help prevent applications on your computer (such as web browsers or mail clients) from ever accessing malicious or inappropriate sites, significantly reducing your risk of accidentally downloading and executing malware on your personal devices. Research suggests more than 90% of malware can be blocked using DNS filtering (source). When applied at the system or network level, DNS filtering can even prevent some malware from functioning correctly. Suppose for example you have accidentally run a malicious macro from a phishing email; many such macros launch hidden connections to a hacker-controlled site on the internet to download a ‘payload’, or malware that will complete the malicious action on your machine. DNS filtering can block this connection without any action on your part – malicious macros use DNS to reach their payload-hosting servers and can’t pull down the malware if your DNS filter intercepts the connection.

How can I start using DNS filtering?

There are also some no-cost options you can implement on your home network today with no strings attached. Cisco offers the OpenDNS Home product, which leverages the same web categorization databases as the commercial Umbrella offering adopted by many organizations (including school districts and other government agencies). Cloudflare offers a similar solution with their 1.1.1.1 for Families solution. Both solutions provide detailed instructions on how to set up DNS filtering on a specific device or your home network, and both provide vibrant community-based support for their free products. Both services are easy to set up and can start protecting your internet browsing in minutes.

Do I still need anti-virus?

The short answer is yes. DNS filtering is an effective tool to help keep you safe online, but it isn’t a comprehensive solution. We recommend you implement DNS filtering as a first step while you determine which AV solution is right for you. In future articles, we'll take a look at some free or low-cost solutions to help you make the right decision when hunting for your home AV software.

In the last post we discussed the potential problems with reusing your Denton ISD credentials to sign up for accounts on other platforms. After reading that post, you might be wondering what you can do to avoid this problem. This post provides a few practical steps you can take to help protect your info (and the district's computer systems) from cyber criminals.

1) Just <don't> do it!

One way to solve the problem of password reuse is to simply not reuse passwords. Create a unique password for each service you sign up for online. Change them frequently and whenever you are concerned that service may have been compromised. Clearly, if you sign up for a lot of online services, this can get unwieldy. Which brings us to recommendation #2...

2) Password Managers

If you can’t or don’t want to manage hundreds of passwords across hundreds of websites and services (and who does, really?), how are you supposed to have unique passwords for each one? Memorization is not really an option.

Luckily there are tools available that can help and might even make logging into multiple sites and services much easier and more efficient. They’re called password managers. They store all your passwords securely and can generate new passwords for you during the account creation process at a website. Most of them will also autofill your user and password info in a browser or mobile app and remind you to change passwords on a schedule. This allows you to remember just one password to your password manager app. It will remember the rest for you. This also allows you to use good, unique, and difficult to remember passphrases. Some more popular password managers are LastPass, 1Password, Keeper, Dashlane, and Bitwarden. Sure, the initial configuration of these tools can be a little daunting, but the resulting convenience and added security are worth the initial pain.

3) Multifactor Authentication

Another option to use in conjunction with password managers is multi-factor authentication, MFA. This may be the single most effective way to keep accounts safe from cybercriminals.

MFA requires that you enter a soft token, or digital code, retrieved from an authenticator app every time you login to a site from a new location or device. Some sites may even require it every time you login. This method might seem annoying at first, and again the initial setup requires some small amount of work. Users generally become quickly acclimated to the process, however, and the added security it provides is so valuable that a slight occasional aggravation and some minor lifting to get it setup seems a small price to pay.

Some popular MFA apps include Google Authenticator, Microsoft Authenticator, Authy, and many if not all password manager apps include some built in MFA apps.

What if my account has already been compromised?

Finally, how do you know if your favorite user/password combo is out there on the internet somewhere just waiting to be purchased by a cybercriminal? There are several sites available that let you check your email addresses against known data breaches. The most popular is haveibeenpwned[.]com.

This site will allow you to enter your email address and see what breaches it has been involved in over the years. Once you find that your email address was involved in a breach, you can visit that site and any site that you may have reused that password and email combination on and change your password. Other similar sites include breachalarm[.]com and dehashed[.]com.

Bringing it all together

With any security measures there is always a trade-off between convenience and security. How important is your bank account number? Your credit card balances? Your employer’s financial data? The three simple methods we've discussed today can go a long way in protecting your information online. And in keeping bad guys from using your district credentials to attack other Denton ISD staff and computer assets. Don’t let a lack of security awareness on that free math problems website compromise your (or the district's) sensitive data. #BeCyberSmart

How many websites or services have you joined in the last 5 years?  If you’re like most of us, there are probably too many to count. Which email address do you use for all those accounts? A personal email address? Your work email address? For all those sites and services, do you create a new password every time? Not using a unique password for every account that you create is called password reuse. And most of us are guilty of it to some extent. In this post, I hope to highlight why password reuse is a problem and give you some ways to avoid it.

The Problem
Reusing passwords to create multiple accounts can make a user vulnerable to compromise.  Consider the following scenario: you create an account on a site that provides free math practice problems. You use your district email address to sign up since it is a site you will use for work purposes. Because you have your work password memorized, you also use that password for this new site.

Fast-forward a few months and your email address is being used to send out malicious emails to everyone in the organization. What happened? Most likely, the free-math-problems site suffered a breach. In that breach, the hacker might've stolen all the user data that the site owns. Sometimes, that data could include paired user and password info. That data then ends up for sale on a forum somewhere on the dark web.

Once the data is purchased, a technique called credential stuffing is frequently used by an attacker. Credential stuffing is a method in which attackers use a list of compromised credentials along with a script or ‘bot’ that attempts to sign in, with all accounts in the list, across multiple sites and services. If a user has multiple accounts using the same email address/username and password, all those accounts are now potentially compromised.

This scenario describes business email compromise (BEC), an issue that affects millions of individuals and organizations every year. As the name suggests, this form of email compromise can be particularly dangerous because it allows attackers to bypass many email security filters applied to mail sent from external mailboxes. BEC is one of the most common methods attackers use to distribute phishing messages or malicious software (including ransomware), and can do significant damage to an organization's information assets.

In our next post, we will discuss steps you can take to prevent BEC and help keep Denton ISD data and systems safe from would-be attackers.