Share this
by DNSFilter on Sep 15, 2021 12:00:00 AM
Before we begin: Your Apple devices need to be updated
In case you missed the article from Citizen Lab and the patch update from Apple: You need to update your systems to macOS Big Sur 11.6, iOS 14.8, and watchOS 7.6.2. This is obviously critical for corporate offices (DNSFilter exclusively uses Macs, so we get it), but you also need to update your personal devices.
The NSO group is behind this zero-click Apple messenger vulnerability. If you’re a Darknet Diaries fan (like we are), you’re already well aware of NSO. Back in July, we actually started adding known NSO spyware domains to our “Trackers” category.
So if you’re looking for an additional layer of protection, adding this “Trackers” category to your block list can do just that. Learn more about our "Trackers" category here.
With that out of the way...
C2, CNC, Command & Control—Whatever you call it! What is it?
C2 servers are an important part of malware attacks. We’ll touch on them in our webinar later today, but here we want to go into detail. Also known as CNC, these abbreviations stem from the full name: Command and Control. Taking its name from the military term, NATO defined Command and Control as “the exercise of authority and direction by a properly designated individual over assigned resources in the accomplishment of a common goal.”
In this case, the authorities are threat actors and the common goal is a malicious one.
What are C2 servers? They are the servers contacted by a compromised host (a device with malware on it) and the attack servers. The attack server and compromised device communicate over a C2 channel, and the communication is mostly done over trusted traffic such as DNS. The infected host receives commands from the C2 server. The command might be to deploy the attack, begin data exfiltration, or to sit and wait.
Keep reading about C2 attacks.
Spotlight on: DNSFilter’s Relay
Our Knowledge Base has plenty of helpful articles to help you with the more technical aspects of a deployment.
You might be familiar with our Network or Roaming Client deployment. But there is a third way to deploy DNSFilter that gives you blanket protection possible at the network-level but with the granularity of end device protection: the DNSFilter Relay.
Relying on the Relay also means you can enforce individual device policies via static IPs without installing individual Roaming Clients.
In this deployment, DNS requests are performed by way of the Relay (essentially a proxy) where policy enforcement and reporting is logged. The Relay is available as a virtual machine (this is our recommended option), Docker container, or binary.
Full implementation instructions can be found here.
Are you concerned with finding out what’s the latest with DNSFilter? Check out our Changelog.
Share this
The Best Content Filter Software Checklist: A Buyer's Guide to DNS-Level Protection
Staying Ahead with Smarter Web Filtering
Across every industry and network environment, content filtering isn’t just a matter of productivity, it’s a front line of defense. From malware and phishing to compliance risks and productivity drains, the threats are real, and the stakes are high.
Smarter DNS Policies: What You Should Be Blocking (But Probably Aren’t)
DNS filtering is a foundational layer of defense and helps to fortify the strongest security stacks. Most organizations use DNSFilter to block the obvious: malware, phishing, and adult content. That’s a great start, but many are missing out on the broader potential of DNS policies.
Educating Your Clients on the Sophistication of Phishing Attacks
Imagine losing $31,583 every minute. That’s how much cybercrime cost American businesses in 2024, according to the FBI’s Internet Crime Complaint Center. Phishing was one of the top threats behind that number. If you're still thinking phishing is just about misspelled emails from a Nigerian prince, you're dangerously underestimating today’s threat.
