NetFort Advertising

Business Use Case

Large university with 32,000+ students. Security administrator wanted to identify usage of external DNS servers. They were worried that clients were using bad DNS servers. Criminals have learned that if they can control a user’s DNS servers, they can control what sites the user connects to on the Internet. By controlling DNS, a criminal can get an unsuspecting user to connect to a fraudulent website or to interfere with that user’s online web browsing.

An DNS server report was created using a whitelist of approved DNS servers. 11 clients were found to be using a DNS server hosted in China which are referenced on this page.

How to setup an alert if a network device is using an unauthorized DNS server

  1. Create a DNS server whitelist
  2. Create a custom DNS server report using this whitelist
  3. Use alerts based on reports feature to generate an alert if unauthorized DNS server activity is detected
Unauthorized DNS servers