Published in Cyber security, all | 10 minutes reading time

How to get started with Dualog® Protect

Stay up to date!

* By subscribing to the latest news from our blog, you consent to us storing your email address, and sending you monthly emails. You can, at any time, retract this consent.

Dualog® Protect is the first – and best – line of defence in a multilayered approach to cybersecurity onboard ships. Learn how to quickly get the service up and running protecting your vessels.

In an environment where always-on satellite connections have exposed shipping to viruses, malware and hacking attacks, Dualog® Protect provides the level of protection you need to maintain connectivity and safe operation across your fleet.

As discussed in a previous article, endpoint security – keeping devices like desktops, laptops and smartphones secure – is no longer enough, as cybercrime methods continuously keep evolving. You need DNS protection, which means providing an additional layer of protection between a crew member on board and the Internet by blacklisting dangerous sites and filtering out unwanted content.

This is exactly what Dualog® Protect does. Besides, DNS filtering is a must-have in order to comply with the upcoming IMO rule. 

Read more: Why Dualog® Protect operates at the DNS level

So, before we look at how to get up and running with Dualog® Protect, how exactly does the service work? I’ll explain it easily!  

 

How Dualog® Protect works

Dualog® Protect has a DNS server installed onboard your ships, which sends all DNS queries to the Dualog Cloud. In the cloud, every DNS request is analysed to validate whether the user is allowed to access that site or not. A query will be blocked if the site is of a malicious nature, like a Command-and-Control, malware, or similar queries. 

Sites can also be blocked based on content types. For example, you can decide to block all video streaming sites. 

All of this configuration is done in the Dualog Cloud. In a matter of seconds, you can reconfigure tens or even hundreds of ships to have a new policy in their onboard networks. You also store information on DNS queries, where you can have a full overview of the situation across all your ships. This is what enables you to react to abnormalities the second they occur. 

Read more: Dualog® Protect – easily explained

Here’s a short video that illustrates how Dualog® Protect works:

 

Dualog_protect_Draft_08_Final_Cut_1



Get started in a matter of minutes

Setting up Dualog® Protect on your ships is done in three easy steps:

  1. Configuration
  2. Installation of the Dualog® Protect client on your ship
  3. Monitoring (to make sure that everything works)

Let’s go through each of these steps in detail.

 

1. Configuration

Before installing the client on your ships, you need to set up Protect to your liking.

 

Create a ship

‘Ships’ in the Dualog portal is the system’s representation of your physical ships, but it can also be test installations. The first step is to create one or more ships in the system.

Go to ‘Edit Organisation’ and scroll down to ‘Ships’. 

Here, simply click ‘Add ship’, insert a name, and click ‘Add ship’ – you’re done!

 

 

 

Create a Protect policy

Dualog Protect policies are a set of rules that you want to apply to your ships. The policies will assign the Protect tier you want to apply. Optionally, you can add your custom whitelist and blacklist. You can create as many policies as you like.

To create your Protect policy, go to Configuration and click on "Create Policy". You will then have to:

  • choose your protection level
  • add your whitelist and blacklist (optional)
  • assign a name to your policy

 

Once you click on "Save and quit", you will be asked whether you want to assign your new policy to any of your active ships.

It is possible to assign any policy to one or more ships at the same time.

 

Prerequisites

Before you start installing Dualog® Protect, you will need to…

 

 

  • Disable any existing DNS service on the PC where Dualog® Protect will be installed. Typical examples:

Any external DNS relay/forwarder

If you are running Network Control, go to Remote Config > choose the ship > Network Control. Make sure to untick the options ‘DNS Relay’ and ‘DNS cache’ and save. 

 

 

2. Installation 

Dualog® Protect can be installed on any client PC on board, as long as the system requirements are met. If you are running Active Directory on your ship, Dualog® Protect cannot be installed on the Domain Controller, as it would create a DNS loop.

Typically, you want to install Dualog® Protect on a PC or server that is reachable from all onboard subnets you wish to protect. If you are running Dualog Network Control, that PC is a good candidate to install Protect. If unsure about where to install, get in touch with us. We will be happy to help.

The standard installation process is described here. Follow the procedure and, once completed, continue with the steps below to complete the deployment of Dualog® Protect.

Assign the Dualog® Protect policy

You can now proceed to assign the ship to your Protect policy. Go to the Protect 'Configuration' tab. Now click on ‘Assign’ and make sure your ship is ticked for this policy.

 

 

DNS routing

Dualog® Protect is now active and ready to handle the DNS requests on board.

 

On the Dualog® Protect PC

Make sure your WAN network adapter uses 127.0.0.1 as primary DNS.

 

On all the client PCs

Any client PC you wish to protect will need to have the Dualog® Protect PC's IP address as their primary DNS server.

You can now go ahead and test Dualog® Protect.

 

3. Monitoring

As soon as Protect is installed and properly configured on your ship, you will see data start flowing through the system in real time.

Go to https://apps.dualog.com/protect/status to monitor your traffic.

There are two important aspects to pay close attention to:

 

C2 DNS Requests

C2 traffic, or Command-and-Control, is traffic from malware trying to reach a command center somewhere in the cloud. Dualog Protect intercepts and blocks this traffic, and will give you updated information in real time about any device sending such traffic. 

 

If a device is sending C2 traffic, there is a high likelihood the device is infected with some type of malware. 

 

Read more about C2 traffic here.

 

Blocked site attempts

‘Blocked site attempts’ is an updated list of all traffic Protect has blocked across your ships. The list is expected to always have data in it, and the amount will increase depending on how strict your Protect Policies are. If your policy blocks social media, expect to see e.g. a lot of blocked traffic towards Facebook.

You can inspect and filter this traffic to identify exactly what ships and what devices on those ships are trying to access specific domains.

 

Conclusion

By monitoring all activity at the DNS level, Dualog® Protect stops most malware, ransomware, Trojan and phishing attempts, ultimately blocking unsafe or suspicious Internet resources before any harm is done.

Dualog® Protect is easy to set up and install. It allows you to centrally configure content type and access policies across your fleet, and it gives you a simple overview of all the traffic. 

 

Want to learn more about how to get up and running protecting your vessels with Dualog® Protect? 

Check out our 15-minute webinar, where I give a brief introduction to Dualog® Protect and how to get started in less than 15 minutes.

 

Try dualog protect

 

How to get started with Dualog® Protect
Written by Mikael Johannessen, Product Manager

Mikael Johannessen is a Product Manager at Dualog, with his current focus being on improving the self-service experience across the product offerings. He joined the company in 2014 as part of the Support Team and has since had a wide span of responsibilities ranging from being the Support Team Lead to later spearheading the effort of establishing a Product Design team and making design processes a crucial part of product development. His combination of technical skill and insatiable curiosity brings an innovative spirit to the company.

Related blog posts