What is OpenDNS and What can it do for me?
OpenDNS is a Domain Name System (DNS) service that you can use as an alternative to the DNS system that your internet service provider offers.
For those not familiar with DNS , it can be summarized as the service on the internet that takes the website address or server name you type in and translates that into something your computer and systems on the Internet can use to find your website or server.
So why use OpenDNS?
Whether your know it or not, when you are hooked up to your cable modem or DSL line, your internet service provider (ISP) automatically tells your systems which “DNS” servers they should use. Is this a bad thing? No, but using OpenDNS can give you much more functionality than than the DNS servers your ISP gives you to use.
What does OpenDNS do that my ISP’s DNS servers don’t do?
The OpenDNS servers offer many services that regular DNS servers do not. Below is a list of the services that OpenDNS can provide.
- Phishing & Botnet Protction
- Web Content Filtering
- Constant Updates
- Whitelist/Blacklist Mode
- Detailed Statistics
- Typo Correction
Isn’t there sofware I could install that does this?
Yes. But the problem with software is that it only works on each machine after you install it. The software must also be updated from time to time. It is also possible to bypass web filtering software installed on computers if you really want to. By using DNS servers to provide this function, you don’t have to install or maintain any software on your computers, it doesn’t slow anything down, and it is much easier to maintain. Once you are using OpenDNS it is maintenance free.
Also, does your website filtering software run on your iphone or samsung tablet or MAC or Linux machine? Probably not. But OpenDNS can provide the functionality at your home without having to install anything.
So how do I use OpenDNS?
Go to http://www.opendns.com and sign up for an account. Once you do you can find information on how to configure your computers to start using OpenDNS. OpenDNS is an easy way to help restrict access to websites that are inappropriate for children and protect your computers from bad websites overall. The alternatives require more work or more cost, and don’t typically provide any more features.
What is the difference between “Authenticated” and “Unauthenticated” Scanning or Testing?
Unauthenticated = No usernames and passwords are used in the scanning or testing.
- This means if your website allows users to create a shopping cart tied to a user, the testing will not attempt to use a username and password to replicate a user’s usage of that shopping cart.
- This type of testing is typically less intense because it will only be able to find basic configuration issues or input and output validation type errors that don’t include the code base that handles user transactions like shopping carts.
- Unauthenticated scanning and testing do not attempt username and password combinations to attempt to logon to your system.
Authenticated = The scanning or testing is able to use usernames and passwords to simulate a user being on that system or website.
- Authenticated testing can be much more intense and have the possibility of causing impact to your website or system.
- Authenticated testing will usually find more vulnerabilities than unauthenticated testing if a vulnerability scanner is given credentials into a system. This is simply due to a scanner’s ability to see more of the system due to being able to get “inside” the system and validate issues instead of the guesses that a scanner or tester must make without authentication.
- Authenticated testing has much better code coverage on applications since it can simulate much more of the user based functionality like transactions.
- Some authenticated scans can simulate “brute-force” style attacks, which could cause account lockouts depending on your system configurations.
Why should I care?
- Authenticated testing is much more thorough and is often able to find more issues than unauthenticated. However, it is also more likely to cause issues on a system or application.
- Since authenticated testing will often find more, you will spend more time parsing through data and trying to determine which findings are higher risk.
- Finally, unauthenticated testing alone will not simulate targeted attacks on your application or system, and is therefore unable to find a wide range of possible issues.
Ask yourself these questions to decide what kind of testing or scanning you need.
- What is the purpose of the scan or test? (Specific compliance requirement??)
- Do my scanning or testing requirements give preference to authenticated or unauthenticated testing?
- Do I want to simulate what a user on the system could do? (Go with Authenticated)
- Do I want to start at the highest risk findings that any scanner or user on my network could find? (Go with unauthenticated)
- Is this the first time the system or network has ever been scanned or tested? (Go with unauthenticated unless you have other requirements.
So what should my approach be?
Using a risk based approach, you could start with unauthenticated scanning and testing because it will typically find the highest risk and most significant issues. Once you have the unauthenticated findings, you can gradually start authenticated testing once you have a good comfort level that it will not impact systems.
Note*** In large environments you may need to be wary of old printers and devices that may have old network stacks. You will typically only see scan issues on legacy network appliances or devices like old network printers.