What Telsy SecureDNS is ?

Telsy SecureDNS is a service able to apply effective security filters on DNS requests that your computers and peripherals make to communicate to the outside world. It does this by applying risk analysis algorithms on every single “resolution” request it manages. The clear advantage of this solution is that you can drastically reduce your level of risk against many cyber threats. Another clear advantage is that…it’s free for Telsy Free SecureDNS.

What DNS is ?

The DNS protocol is the basis of the Internet and of all online activities. It allows the conversion of a domain name (such as, for example, www.google.com) into numerical addresses through which computers can communicate each other.

My computer and my devices are already using DNS ?

In order to access websites on the Internet your computer and your devices must leverage on DNS servers and they are usually configured by your ISP. So, YES!

Can normal DNS servers protect my computer and my devices from malware and / or from other threats like phishing, frauds etc.etc. ?

A normal DNS servers is limited to converting a domain name (like www.telecomitalia.it) into a numeric address. It does not make any kind of evaluation about the potential threat a website you are browsing could pose to your computer. Then, the answer is NO!

How can Telsy SecureDNS protect my computer and devices from threats such as malware, phishing, scams and data exfiltration ?

Almost all pieces of malware today refers to the DNS protocol to reach their command and control centers (CnC) and steal data from users. Cyber criminals often use malicious infrastructures and phishing / fraud websites that rely on DNS to deceive users in order to steal money and / or information (some hypothetical example could be qoogle.com, paypaal.com, microsooft.com, etc. etc.). A normal DNS server cannot prevent users from navigating / reaching these sites and be victims of scams, phishing, frauds, exploit attempts and malware. Telsy Free SecureDNS, instead, implements special evaluation algorithms for each domain name that needs to be resolved. It can classify them as trusted / suspicious / malicious. All domain names classified as “malicious” are immediately blocked, (saving the user from potential risks such as data loss or data exfiltration) while “suspicious” ones are manually investigated by Telsy analysts and eventually classified as “malicious” at a later time. This classification process is supported by Telsy Cyber Threat Intelligence and Investigation platform, from which SecureDNS acquires data feeds to maximize its effectiveness . For the freely available version of SecureDNS, users will be protected from reaching malicious domain names internally tagged as “tlp:white“.

Can Telsy ensure the latest threat intelligence and block capabilities ?

Telsy acquires threat intelligence information from OPEN, COMMERCIAL and INTERNAL sources. Most of this information are in the form of Indicators of Compromise (aka IoCs) and can be represented by malicious URLs, malicious IPs, spam emails etc.etc. and, obviously, by malicious domain names. Telsy goes to classify internally these indicators on the basis of a color matrix (white, green, amber, red). These colors represent the degree of confidentiality that Telsy assigns in information management. The “red” represents the highest degree of confidentiality. It identifies indicators of compromise acquired exclusively from internal research (extracted from malware samples still not present in Virus Total, for example) or from strickly closed sources. The free Telsy SecureDNS service blocks only the IoC classified as “white” (aka tlp:white)

Can I have a Telsy SecureDNS service that ensure the protection for indicators up to tlp:red ?

Yes, it’s a paid service (Pro SecureDNS). Use the contact section to know more.

Does Telsy Free SecureDNS store any personal data ?

We collect several information on our users such as:

1. Geo-location of the system that makes the request (country)

2. DNS records queried and their timestamp

3. Statistics about blocked domains

We do not collect the IP address of the system that makes the request or other personal information. Some exceptions can be made in case of attacks on our infrastructure.

How do I setup Telsy Free SecureDNS ?

For Windows:

Go to the Control Panel. Click Network and Internet > Network and Sharing Center > Change adapter settings.

Select the connection for which you want to configure Telsy SecureDNS.

For example:

  • To change the settings for an Ethernet connection, right-click Local Area Connection > Properties.
  • To change the settings for a wireless connection, right-click Wireless Network Connection > Properties.

Select the Networking tab. Under This connection uses the following items, select Internet Protocol Version 4 (TCP/IPv4) and then click Properties.

Click Advanced and select the DNS tab. If there are any DNS server IP addresses listed there, write them down for future reference, and remove them from this window.

Click OK.

Select Use the following DNS server addresses. If there are any IP addresses listed in the Preferred DNS server or Alternate DNS server, write them down for future reference.

Replace those addresses with the IP addresses of Telsy SecureDNS :

  • Free SecureDNS 1: 156.54.125.122
  • Free SecureDNS 2: 156.54.125.123

Restart the connection you selected in step 3.

For MacOS:

Click Apple > System Preferences > Network. If the lock icon in the lower left-hand corner of the window is locked, click the icon to make changes, and when prompted to authenticate, enter your password. Select the connection for which you want to configure Telsy SecureDNS.

For example:

  • To change the settings for an Ethernet connection, select Built-In Ethernet, and click Advanced.
  • To change the settings for a wireless connection, select Airport, and click Advanced.

Select the DNS tab. Click + to replace any listed addresses with, or add, the Telsy SecureDNS IP addresses at the top of the list:

  • Free SecureDNS 1: 156.54.125.122
  • Free SecureDNS 2: 156.54.125.123

Click Apply > OK.

I’m an organization with multiple hosts. How can I quickly setup Telsy Free SecureDNS ?

Most organizations rely on DHCP for the releasing of internal network host configuration parameters. Very often you have only to change the default DNS server released by your DHCP with the IP addresses of Telsy SecureDNS. In other cases it’s even easier as you just need to change the router connection parameters to use Telsy SecureDNS.

Can I report a malicious URL or DOMAIN NAME that Telsy Free SecureDNS is not blocking ?

Yes, use the contact section.

Can you share statistics about resolved domain names for information security and cyber threat intelligence research purpose ?

If you are a security company or a national CERT, yes, use the contact section.

Is Telsy Free SecureDNS expected to be subject to a fee in the future?

We already have two SecureDNS plans: a paid one (Pro SecureDNS, blocking threats up to tlp:red) and a free one (Free SecureDNS, blocking only tlp:white threats).

So, can you repeat what the IP addresses of Free SecureDNS are?

Yes, they are:

  • Free SecureDNS 1: 156.54.125.122
  • Free SecureDNS 2: 156.54.125.123

Is there a way i can know if i’m really protected by Telsy Free SecureDNS ?

You can try to navigate testblocked001.telsy.com with your browser. If you see a Telsy courtesy page like below, you are corretly using Telsy Free SecureDNS.

Telsy Courtesy Page

Can I have information about the Pro SecureDNS service ?

Pro SecureDNS provides the users with many more features in addition to being more effective in blocking potential threats. This service is addressed exclusively to business. The customer will have a dedicated area on a Telsy platform for viewing navigation statistics and blocked domains. For any block, a correlation is also made with the type of threat (phishing,fraud,malware etc. etc.).

Use the contact section for more information.

If I use Telsy Free SecureDNS, can I expect my organization to be contacted by Telsy analysts to inform me of any security incidents ?

No. Telsy Free SecureDNS does not collect personal information (like, for example, the source IP address) of DNS queries handled. For this reason, a hypothetical infection cannot be associated with a specific user. Instead, with Telsy Pro SecureDNS, Telsy analyst will inform you about ongoing infection within your network in order to suggest mitigation and remediation actions.

I have lots of other questions to ask. What can i do ?

You can use the contact section.