Published in Dualog, cybersecurity, all | 6 minutes reading time

Why Dualog® Protect operates at the DNS level

Stay up to date!

* By subscribing to the latest news from our blog, you consent to us storing your email address, and sending you monthly emails. You can, at any time, retract this consent.

Think before you click!

Every shipping company should drill this mantra into its crews. 

90% of all cyberattacks start with email. Are your shore staff and vessel crew aware of what can happen when they take the bait in a phishing email?

You need to train them to be very careful in handling emails and not letting their guard down. 

Nonetheless, people will still make mistakes. An unsuspecting crew member could activate malware by clicking on a link in an email or simply by visiting an infected website from a computer or device with outdated software.

DNS-level protection is critical

Even though awareness and training should be an essential part of your cybersecurity risk management processes, attacks relayed by email are challenging to mitigate without reliable technological solutions in place.

Endpoint security such as firewalls can’t prevent laser-targeted social engineering attacks, which the recent onslaught of Emotet and Trickbot trojan malware demonstrates. 

Like most shipping companies, you probably have vessel IoT devices that are sending data back to the system provider via the cloud. This requires an open DNS – which, in turn, paves the way for attackers to bypass your firewall. 

DNS – the Internet's phone book:

The Domain Name System (DNS) is the core technology that directs users to different websites and other Internet locations. Simply put, the system turns humanly understandable domain names into internet protocol (IP) addresses understood by machines.

For example, when you type in the domain name www.dualog.com, this is converted into (the very difficult to remember) IP address 104.17.119.180, where the computer will fetch the data from.

DNS is sometimes called the Internet's phone book because it converts a website's name that people know to a number that the Internet actually uses.

As the all-Internet-catalogue (for both good and bad stuff), DNS is easily accessible to users with good intentions – but also to threat actors.

 

DNS-level protection prevents most command-and-control (C2) callbacks and data exfiltration

Your onboard computers and mobile devices use recursive DNS as the first step to connect to sites on the Internet. Unfortunately, attacks with the objective of data exfiltration are executed over DNS – namely, command-and-control callbacks

This is how a C2 attack happens: Malware that has compromised your vessel network communicates back with the infrastructure (a command-and-control server) set up by the attacker, which then takes command of the targeted system onboard. This can be computers used by the captain and/or deck officers, smartphones used by crew members, and even IoT devices connected to the network.

DNS protection identifies where these hacker command centres are staged, and blocks requests over any port or protocol, preventing both infiltration and exfiltration attempts.

Read more: What are command-and-control (C2) callbacks?

Watertight maritime cybersecurity starts at the DNS level

DNS is a great place for plugging in a defence layer that protects against threats that traditional security solutions, such as antivirus or firewalls, often miss.

As DNS is the first step in making a connection on the Internet, it makes sense to detect and respond to potential cyberattacks there, before any data is downloaded by deck officers or crew members heedless of the ‘Think before you click’ advice.

Any malicious connection blocked at the DNS level stops there.

 

The new cybersecurity standard

Dualog® Protect provides an additional layer of security that is simple to implement and highly effective. By operating at the DNS level – blocking malicious content before it can access the site – the service allows your crews to use the Internet safely.

Equally important, Dualog® Protect provides a detailed dashboard with complete insight into all DNS requests and highlights and alerts for any malicious (or potentially malicious) activity.

Dualog® Protect protects all computers and devices attached to all of your shipboard networks, drastically reducing the risk of malware attacks on any of your vessels.

Read more: Dualog® Protect – easily explained

 

 

Get started using Dualog® Protect in a matter of minutes

Dualog® Protect is easy to set up and configure, with four levels of predefined policies to choose from, applied fleetwide or individually per ship or even per network. You can even design company policies only to allow specific services or sites and block others.

And from the moment it’s deployed onboard, the dashboard starts getting populated with live and statistical information. 

 

I want to set up a free trial

 

Why Dualog® Protect operates at the DNS level
Written by Walter Hannemann, Product Manager

Walter Hannemann started his career in a computer factory product development laboratory in 1983, while taking his education in Electronics and Information Systems. Since then, his jobs have involved software architecture and development, infrastructure design and overall IT management, in both large enterprises and startups. With a passion for “making things work”, shipping applications and all digital things onboard ships became his interest after joining Maersk in 2008. Managing IT in large companies like Maersk Tankers and Torm has given him insider’s knowledge in the shipping industry and enticed his entrepreneurship to help moving the industry into the digital future. Based in Copenhagen as Product Manager for Dualog, Walter enjoys finding solutions for big (and small) problems while keeping the overview and a forward-looking approach, with deep dives in technical subjects when necessary – or possible.

Related blog posts