DNS Firewall: Protection Against Botnets and Phishing

The organization Switch provides Swiss universities with so-called DNS firewall lists. These automatically protect against malicious internet addresses associated with malware, botnets, or phishing websites. This helps prevent infected computers or careless clicks on fraudulent links from causing harm.

A botnet is a network of infected computers that are controlled by an attacker without the users’ knowledge.

These computers (so-called bots, short for "robots") execute commands from a so-called command-and-control server (C&C server), for example to send spam or distribute additional malware. Since botnets often use frequently changing IP addresses or domain names, the DNS firewall blocks them dynamically. This automatically disrupts the communication between the infected device and the control server.

Phishing refers to attempts to steal passwords or personal data through fake emails or websites.

Such messages often imitate well-known services (e.g. login pages of universities or banks). When such an attack is detected, the DNS firewall blocks the fraudulent website before users can access it. This helps to prevent password theft at an early stage and limits the further spread of malware.

Stolen login credentials are often used to:

• spread malware,
• send emails in other people’s names, or
• launch further phishing campaigns.

The DNS firewall provides an additional layer of security that works automatically in the background — without users having to take any action.