It has become increasingly difficult to protect client workstations from
becoming compromised by malicious software. Even if workstations are
patched and running up-to-date anti-virus software, some risks remain
because of the:
- Increasing prevalence of 0-day threats (attacks that exploit
vulnerabilities for which there is no patch);
- Incomplete effectiveness of anti-virus software in detecting polymorphic
- Prevalence of malicious third-party ads hosted on otherwise legitimate
You are invited to participate in this pilot service intended to
protect client workstations at Penn from:
- Becoming infected by computers
known to host malware;
- Accessing fraudulent websites that attempt to steal login credentials; and
- Allowing malware to contact control nodes or exfiltrate data in the event that a participating workstation becomes infected.
How it Works
If a workstation is configured to use this as the DNS service, any attempt to
reach a suspected malicious host gets redirected to
the SafeDNS server itself. Web requests from the workstation will go here:
http://safedns1.security.isc.upenn.edu/ instead of to a malicious host.
How do I join?
- If you're a Local Support Provider, feel free to try out the service
yourself by setting your DNS server addresses as follows:
- Review the Terms of Service, below.
- When you're ready to set up clients to use the service,
contact ProDesk (firstname.lastname@example.org), letting them know:
- How many clients you'd like to add, so we can confirm that the service is
ready to support that number; and
- Whether you'd like to be added to a distribution list for outage
notifications and notices about service changes or enhancements.
- Once we confirm that the service is ready for you to join, notify
your users according to the Terms of Service below.
- Reconfigure clients to use the DNS server addresses above, optionally
adding a standard Penn DNS resolver (126.96.36.199) as a Tertiary for
- Give us feedback about the rate of compromises before and after joining
the pilot (as described in the Terms of Service, below). Contact
ProDesk if you see any false positives.
Terms of Service
- While we have made reasonable efforts to provide a robust and reliable
pilot service, it is provided on a best-effort basis, with no guarantees
about uptime, protection from false positives, or true negatives.
- The pilot service should not be used by servers, only client computers. For example, a system running a mail or web server should not use the pilot service.
- Participation in the pilot is free. In the event it becomes a production
service, it may be necessary to pay to use the service.
- As a condition of participation in the pilot, you agree to provide us with (1) reports of any subscribing clients that become compromised; and (2) a comparison to the rate of compromise prior to subscribing to the service, e.g. x number of computers compromised per week or month.
- Depending on the feedback received during and after the pilot, it may be either discontinued or turned into a production service.
- We recommend that you take reasonable steps to notify users prior to
deploying the service in your area. This should help minimize any unwarranted
privacy or security concerns that might otherwise arise when a user encounters
the redirect page. Notification might include incorporating the Privacy
Statement below into a notice on the web page where DHCP users register, having
LSPs "spread the word" among their users, or taking other steps that
are feasible for the deployment in your area.
What We Log
Only the information necessary to run or support the
service is logged. For example, even though all DNS requests go to the
server, the requests themselves (e.g. for www.google.com) are not logged.
The SafeDNS service reduces the likelihood that a computer will be
compromised through web browsing. The service does this by tracking web
sites known to be the source of malicious content. If the computer
attempts to reach such a site in the course of web browsing or other
activity, the service will redirect the computer to a safe location. In
the course of providing this service, certain information is tracked for
the purpose of measuring effectiveness. The information tracked includes
the IP address of the subscribed computer and the time of the activity.
The initial site (from which the computer was directed to the malicious
site) is also recorded, but without information that would link the
subscribed computer to the initial site. If malicious activity is being
logged from your device, your LSP may be contacting you to discuss
Last updated: Monday, August 25, 2014