Skip to content

SafeDNS Renames & Regroups Several Content Categories and Introduces New Ones

SafeDNS’s changed the names of several content categories and regrouped the categories, so it is easier for our users to grasp their essence to decide which of the categories to block or allow with the web filtering service.

So, we have renamed the category containing sites with child sexual abuse images, criminally obscene adult and child sexual abuse content from a list compiled by Internet Watch Foundation/IWF (UK). Now the category is called ‘Child Sexual Abuse (IWF)’, and we have moved to a large group of categories called ‘Illegal Activity’. To the same group, we have moved two more categories – ‘German Youth Protection’ and ‘Child Sexual Abuse (Arachnid)’.

A new category, ‘Crypto-Mining’, is added to the ‘Illegal Activity’ group. The category contains sites that are known to stealthily mine cryptocurrencies.

Two more categories are renamed – the one we used to call ‘Banner Ads’ into ‘Online Ads’, and the ‘Politics’ category is now called ‘Politics, Society and Law’.

A significant change is that we now have an entirely new group of categories, called ‘Security’. In this group, we have moved the three long-existing categories you know well – ‘Virus Propagation’, ‘Phishing’, and ‘Botnets’.

In the large group of categories, called ‘General Sites’, there’s a new category, ‘Online Libraries’. Its name is pretty much self-explanatory. The category contains online library sites.

We sincerely hope the new names of the filtering categories and new way of grouping them makes it clearer what content the categories have and whether to ban them or not.

Go to the Web Filtering tab of your SafeDNS Dashboard and check the changes. You might want to block some of the new categories to improve your internet security further!

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

THE FIREWALL ISN’T A FIX-ALL

Understanding the limitations of perimeter security

Firewalls.

Everybody in IT knows what they are and nearly every company has them, some even without knowing it. They prevent unwanted communication. In most cases, it’s the first line of defense against network threats. They are effective, and are part of the list of basic requirements for any network security infrastructure.

But are firewalls enough? How about “Next Generation Firewalls”? To answer that, it is helpful to have at least a basic understanding of how firewalls work. Firewalls work like a ticket agent at the airport – you have a ticket? Great, you’re on the flight. No ticket? Go away. In technical terms, firewalls are based on rules that describe the network communication, which can, for example, allow or deny communication only from specific subnets, IP addresses, on particular ports, or no communication at all.

Firewalls haven’t stayed static, and they have become more advanced; like Next Generation Firewalls or Web Application Firewalls. Next Generation Firewalls are like a gatekeeper on steroids – not only will they not let you in if you don’t have a ticket, but will kick you out if you misbehave during the communication for which you had access. Essentially like a bouncer at a bar on New Year’s – you can come in if you have a ticket, but if you start being “fresh” with your fellow party-goers, you get tossed out. Beside basic firewall features, Next Generation Firewalls also contain Application Firewalls, which controls specific services or applications (not just IPs and ports) and Intrusion Prevention Systems, which block unwanted or malicious communication and are also referred to as IPS.

That’s a lot of walls.

Now, let’s look at whether they are as effective as they are expected to be.

Physical access

Picture a situation where an attacker tries to get into your network the easy way – through physical means. Firewalls are configured to ignore any communication that originates in the external network and is aimed at the core switch. The physical attack can include interaction with employees (more on that in our previous blog post), dumpster diving, physical access to areas, even the restricted ones, and more. In most cases, it’s enough to get into a conference room (sometimes even alone), plug your device into the network via wire and the attacker is into the network and off to the races. It’s then possible to set up a remote connection from within the network, because firewall policies for internal networks are often much less restrictive than those for external network (employees need to be able to work), allowing undisturbed access inside the network, not cut off by a firewall.

Remote access

Of course, access can be gained even without any physical access. For example, a new critical vulnerability is discovered for a popular network device provider which allows anyone to execute commands from the console on that device. Cases like this don’t happen every day, but they happen nevertheless. And when they happen, they can be catastrophic, because they are unknown to the existing network security tools or network/network security administrators. An attacker with remote shell access on such a device is then able to do anything. At that point, network is his, not yours.

While vulnerabilities like this are not as common, there are other remote attacks that are efficient, effective, and more common. In our previous blogpost we described one phishing scenario and we can build on that here. Say an attacker sends a crafted .pdf file via email to the victim. Since email communication is something that nearly every company needs, the email itself is not blocked. Maybe it’s disguised as an invoice or as a charity offer (as in the previous blog post), but once that file opens, the attacker gains full access to that computer and possibly even anything that’s available from there. You might think “but we use tools that prevent any malware in emails, we’re safe.” You might be right, but these are functionally just protection against spambots. Keep in mind that this will catch only known files – that are known to the security tool. If someone sends new malware, or specially created malware (which is usually how this attack is accomplished), then it won’t help.

 

 

BYOD

Finally, consider the example of the “personal device” – where (for example) Karen in the Accounting Department brings her phone to the office, and connects it to the network. Karen likes to watch MMA, but happens to use her mobile to stream content from sites which don’t respect authors and performance rights – what might be called a “bootleg feed” or a torrent site. As these streaming sites are notoriously rife with malware, Karen’s device is now infected – because she isn’t deploying mobile device security. When she accesses the trusted internal wifi network via her phone, she is opening up a direct pipeline for all of the malware on her phone, without having to go through the firewall.

In all of these scenarios, the firewall is ineffective, because not all of the communication comes through the firewall. This means that while a firewall is effective, it doesn’t offer 100% protection. Gaps exist, just a few of which have been included here.

But how to close the gap?

With enough time and effort, any network can be penetrated. To minimize the damage, you need to take precautions steps and close gaps left by tools like firewalls. How can you do this? To be able to identify what dangers have escaped your firewall, you need to be able to visualize every communication and every device in the network. Network Traffic Analysis (NTA) solutions monitor network traffic from communications not just through the firewall, but within the firewall as well – closing the gap on not just targeted attacks from outside, but also on BYOD, and other “safe” communications within the network. With full visibility, you know about everything that happens, right when it happens, which means you can respond to detected attacks before any serious damage happens to your organization, saving money, reputation, and your IT team’s sanity.

Identify anomalies

But what good is a mere visibility if there are countless packets every second? No one will be able to go through it all in real time – even with a team of thousands. So how to make sure that this incident gets the attention it deserves? NTA technology also helps to identify anomalous communications – devices acting strangely – on the network. Since an infected device starts to behave differently than it’s normal behavior – even in hard-to-identify ways – NTA technology; like MENDEL from GREYCORTEX, solves the problem, because it analyzes all network traffic and is able to spot these anomalous behaviors nearly immediately. It then informs the network team, allowing them to isolate infected or questionable devices from the rest of the network, preventing further damage, as well as to further investigate the incident without any risk of compromising further devices.

Having a firewall greatly improves the security of your network, but relying only on firewalls is irresponsible for many reasons – poor configuration, advanced threats or above-mentioned gaps. To be sure that nothing leaves your network without you knowing about it or having a say in it, you need bigger guns than just a firewall, even a next generation one. For significant improvement in your security, you need NTA solution to identify the hidden connected devices on the network, as well as to identify anomalous behavior that shows the hidden work of a compromised device.


About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

SafeDNS Now Supports Filtering IPv6 Sites

Two years ago, we added support for IPv6 site blocking to all of our solutions – for home, education, business, and telecom – that allow SafeDNS cloud service users to restrict access to sites using the IPv6 protocol. 

In 2021, after having received loads of requests, we’ve finally released the beta version of our IPv6 resolver that comes to pile up on all our web filtering solution features aiming at making our solutions more robust, as we are permanently fighting web-based threats. 

The beta version includes enhanced security, more flexible subnetting, a simple address assignment, and a larger address webspace to name a few features. Therefore, because cyber threats evolve every day and we always strive to strengthen our solutions, we invite you to try and test our IPv6 resolver.

In our upcoming posts, we will inform you about any updates. Meanwhile, if you have any issues with the setup, here is the link on how to install the IPv6 resolver or simply contact one of our support team members.

What IPv6 is

IPv6 is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the internet. Unlike the widely used IPv4 protocol, IPv6 has a larger addressing space as this modern-day protocol uses a 128-bit address system and is a successor to IPv4, designed to replace the latter with its 32-bit address system, which will soon run out of IPv4 addresses.

IPv6 is widely used in different industries for the interaction of M2M sensor systems. The IPv6 protocol is at the heart of IoT networks and is used, along with IPv4, on many popular websites and mail services. SafeDNS is aware of the growing popularity of IPv6 and its influence on contemporary computer networks. In anticipation of a mass transition to this more advanced protocol, we are taking steps to be fully ready for it.

 

Why supporting IPv6 is important

Despite a relatively small number of IPv6 sites existing now, the SafeDNS support for blocking both IPv4 and IPv6 sites is significant for more comprehensive protection of the company’s users against all kinds of cyber threats. Previously, the SafeDNS filtering service just skipped sites on IPv6. Starting from today, SafeDNS makes the internet safer for you – by filtering out sites using IPv6 as well as IPv4. The opportunity to block IPv6 sites is supported on all the SafeDNS plans.

First and foremost, SafeDNS support for IPv6 is likely to be in demand with internet service providers that use IPv6 on their networks (including for their internal services). However, home and corporate users of the SafeDNS service will find the new opportunity quite useful cause the number of sites on IPv6 (including dangerous ones) is increasing every year.

How to enable IPv6 site blocking with the SafeDNS service

It is simple. You do not have to do anything. IPv6 support is already available for all of the SafeDNS users on any service plan. So there’s a need to change anything in your filtering settings. From now on, the sites using IPv6 are correctly blocked according to your SafeDNS settings.

Stay tuned!

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

NetJapan Releases ActiveImage Protector™ 2018 Virtual Edition Update With HyperAgent™

Download PDF

Tokyo – NetJapan, Inc., publisher of disk imaging backup, disaster recovery, and virtualization software, announces the release of ActiveImage Protector™ 2018 Virtual Edition Update. This update includes NetJapan’s HyperAgent™, a new agentless backup feature for backing up virtual machines or hosts.

Typical agent-based backup of virtual machines consume CPU and memory resources during various stages of backup. The HyperAgent, installed on a remote machine, runs the tasks, minimizing the consumption of CPU and memory resources on host and guest machines. HyperAgent on Microsoft Storage Server achieves highly efficient storage driven virtual machine backups. Backup an unlimited number of virtual machines from a single host using either agent-based or agentless methods.

ActiveImage Protector 2018 Virtual Edition Update utilizes iSCSI to serve backup images as iSCSI targets to any local or remote iSCSI initiator for attaching backup images as local disks; not only useful for recovering files and folders from a backup, but enables booting of backup images on a physical machine or a hypervisor. Additionally, using VMware vMotion can streamline the recovery process by seamlessly migrating live virtual machines booted from the iSCSI disk to a hypervisor in a production environment.

Additional Features:

  • NetJapan’s Advanced VHDX Block Delta technology makes incremental backups of VMs without the need for an agent or drivers to be installed on the Hyper-V host.
  • Supports Microsoft Resilient Change Tracking for incremental backups of Hyper-V virtual machines.
  • HyperRestore™ restores physical or virtual machine backups to dissimilar hypervisors.
  • NetJapan’s new ImageIsolate™ technology reduces potential malware or ransomware attacks by disconnecting access to backup storage drives after backups complete.
  • HyperStandby™ uses NetJapan’s vStandby™ technology to create and maintain standby virtual machines from backup images for instant switch-over.
  • Backup multiple VMs into a single image file to gain additional benefits from NetJapan’s Inline Data Deduplication Compression.
  • New scheduling options include selecting a monthly range, and then designate specific days within that range for backup tasks.

For further product information and system requirements, please visit: https://www.netjapan.com/en-us/backup-dr-solutions/agentless/


About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Actiphy
Actiphy founded in 2007, focuses on developing and offering innovative backup and disaster recovery solutions for complete protection of all your systems and data. ActiveImage Protector backs up Windows, Linux machines on physical and virtual environments and restore systems and data fast for you to be up and running with minimal downtime and data loss. Today Actiphy hold 20% of the image backup market in Japan and are expanding our services in the Asia/Pacific and North American regions, as well as in Europe, the Middle East and Africa.

BEING “SMART” DOESN’T MAKE YOU SAFE

As you may have noticed, we have posted a lot on LinkedIn recently about new cyber attacks. The biggest link between these is that those attacks are commonly caused by not following best practices, or relying only on “legacy” security tools and/or the use of weak passwords.

Even with the use of today’s most advanced security tools, it can all fail at the weakest link of the security chain – people. According to csoonline, 56% of IT decision-makers claim that targeted phishing attacks are their top security threat. And this fear isn’t wrong. Everyone can be conned, even conmen. In many cases, it’s easier to get inside of the network if you abuse that fact. The most commonly used methods of exploiting people are phishing and blackmailing.

Phishing in its simplest form can be easily detected by regular humans. Because it’s not targeted, people on the receiving end can simply ask question “why did I get this email when it has nothing to do with me?” When it comes to more advanced phishing forms, like “whale” (going for the big target, e.g. top management or CEO) or spear phishing (targeted attacks against certain group/ individual), the attacker does the research and gets to know as much as possible about victims, which can be done with a search on the Internet or dumpster diving (think about what you throw away – are there any documents?). Once equipped with knowledge about the target, those attempts are way more effective.

Let’s examine it the security context. In this example, paraphrased from Christopher Hadnagy’s book “Social Engineering: The Art of Human Hacking,” an overconfident CEO is the target. The CEO thought that it’s not possible to hack him mainly for two reasons: he doesn’t utilize much technology in his personal life, and he thought that he was too smart to fall for phishing. Turns out he wasn’t that smart after all. In this example, the CEO expected an audit and readied himself for it. After scouring various sources of information, attackers decided to go with: the name of his favorite baseball team, favorite restaurant, and that he contributed funding to cancer research. On one Friday evening, a phone call took place. In it, the attacker approached the CEO with a plea asking about small contribution to the cancer cure research stating that here will be also a contest for contributors – winners will get two tickets to CEO’s favorite baseball team match (claiming that they know that baseball is not everyone’s cup of tea) and a voucher to one of three restaurants, including CEO’s favorite one. The CEO was willing to contribute, motivated by his desire to cure cancer and the possibility of winning tickets and a voucher, he told the attacker his email address, so they would be able to send him a .pdf file. That file contained a malicious code and CEO opened it, thus providing the attacker with access to his computer and everything in its reach.

Now that his computer has been compromised, as well as access to everything within the organization his authority (and passwords) will let him touch. So what to do? The attacker has access from his computer, so access rights to sensitive files are not an issue, nor is it an issue for the security team that the CEO is accessing files throughout the company. Is there a way to identify that the “CEO” accessing sensitive data is not actually the “real” CEO? Here’s where NTA technology can help. The next step following gaining access to the CEO’s accounts is to exfiltrate data. Network traffic analysis identifies that the computer in question is transmitting data where it shouldn’t, and/or in volumes that it shouldn’t. The computer can then be quarantined, the CEO alerted, and the attacker caught.

But while phishing may be the attack that’s on the mind of management, IT teams understand that “legacy” security tools, like sandbox, IDS, endpoint security or even a firewall, are not sufficient anymore. Let’s look at why.

Modern malware has many methods of detecting if it has infiltrated a “real” environment, or in cases of targeted attacks, if it has hit the right target. When such malware determines that it could be exposed, it lies dormant. This means that if you check everything that enters your company using a sandbox, malicious software can still enter the network if it is sufficiently advanced.

Known threats are usually detected by known patterns or hashes used by endpoint security or IDS, which makes them ineffective against new or advanced threats. Some endpoint security tools use AI to determine malicious behavior and are better equipped to fight new threats, but not every device can have endpoint security. Personal or “bring your own device (BYOD)” are a great example – like a laptop that an employee brings from home and connects to the network – or an IoT sensor where endpoint software cannot be installed. These devices are connected, but not secured by endpoint security.

Firewalls are essential to any networks security infrastructure, and stop communication that goes through them, meaning that generally they are able to protect the company for any threat that comes from the external network. But what if the attack starts after a user accidentally opens a communication link which allows the attacker to get behind the firewall and inside the network? What if the threat was brought inside the company by other means than through the Internet and then tries to spread in the internal network?

While the technology is different in each of these possible attacks, they all have one thing in common – attackers who exploit a gap in the security. The best gap fillers currently available are NTA solutions, like MENDEL from GREYCORTEX. MENDEL monitors all network traffic and analyzes changes of behavior in hosts, detects policy violations, data leaks, and much more. Not every unauthorized entry can be prevented before hit happens. Relying on legacy security tools means it can take months (some statistics reference nearly 200 days) to detect attackers as they move in the network. NTA solutions like MENDEL lower this time to between minutes and a few hours, often before actual damage happens in the network or the attacker knows they’ve gained access.

The question is not if you will get hacked. The question is when you will get hacked. And when that happens, are you ready for it and can you stop it, or will you still rely solely on best practices, as the CEO did, or on “legacy” security tools?


About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×