Most people that I work with run whatever DNS (domain name service) their ISP provides if they are a home user. Or they may stand up their own DNS server if they are a business user. The problem with either is that it won’t stop threat actors from potentially hitting your network with malware and ransomware just to name two threats. And the CISA backs me on this. Having a Protective DNS service is one layer of a multi-layer approach to cyber security.
That’s where HYAS Protect comes in. It’s a Protective DNS service that protects you from any cyber threat that uses DNS to communicate. Such as threats that use command and control methods of communication. Plus you can get a better insight into what is communicating to whom on your network as that might tip you off as to something amiss on your network. Like a PC that has been infected for example.
What’s really interesting here is that HYAS has a home version that is available for free. I’m assuming the logic is that if you as someone who knows what DNS is uses the home service, you’re more likely to recommend the enterprise grade version to your company. Which is why I’m testing the home version today
To start the process of setting this up, you need to go to this page and enter your information. Within five minutes, you will get this email:
Now it took another four days before I got any further communications from HYAS. And that communication was in the form of this email:
The email has a username in the form of my email address, and a temporary password (both have been redacted the screenshot above) that I was forced to change when I logged into for the first time.
I spoke to Paul Van Gool who is the Senior VP Of Engineering at HYAS, and he mentioned that right now the reason for the delay in getting this email is that any request that they get to sign up for HYAS Protect At Home goes through a manual review process. Something that I can confirm as I used my personal email address as opposed to my corporate one, and a HYAS employee had a look at my LinkedIn profile that is associated with that email address a couple of days later. Which means that they’re trying to figure out real people from threat actors for example. But the goal is to get this fully automated so that you as the end user can be using this product in minutes and not days.
Once I logged in and changed the password, I was then greeted with this screen:
There was a short video that I watched welcoming me to the product. Then I went about configuring it which was a three step operation:
First it identifies your external IP address. Then you have to enter their DNS addresses into your router. Finally you have to test it. It is kind of hard to screw this up if you know your way around a router. And the target audience of this product would know their way around a router. So this part should be trivial.
Now my ISP of the moment is Bell Canada. And they have a habit of changing my external IP address frequently. What happens at that point? According to Mr. Van Gool, you’re still protected because you’re using their DNS service. But any reporting on traffic after the external IP change won’t be reflected in the control panel until you update it with your current external IP. And doing so is a couple of clicks so it’s not a big deal to do. Mr. Van Gool also mentioned that HYAS is looking at putting this more in the user’s face so that it’s clear that this needs to be done.
Once you’re in, you’re presented with a short explainer that you can move through at your own pace:
Followed by an easy to use and reasonably clear control panel:
Now it did take me a few clicks of the control panel on the left side of the screen to figure out what everything was. But if you’ve used these sorts of tools before, it will only take you a few minutes to be up to speed. From top to bottom the functions that are:
- Overview – That’s the screen that you’re seeing above. This shows shows an aggregated view of DNS traffic activity.
- Log View – This page will display all of your organization’s DNS traffic log data.
- Reports – This will download the logs shown that have been checked off into either JSON or CSV format.
- Policy Engine – This allows you to turn on/off policies such as blocking adult sites for example.
- List Management – This allows you to block individual domains based on domain name or IP address.
- Passthrough – This is a feature that is not available in the home version of this product. But it will show any traffic that you have defined as being allowed to passthrough and not get flagged.
- Alerts – This allows you to see any alerts that you should take action on.
In my testing of this product, I can say that it works as advertised. My test was to go to a website that is known for all sorts of “shady” behaviour when it comes to what it drops onto your computer and the domains that it contacts. When I went to this site, HYAS Protect At Home reacted like this:
It blocked a bunch of sites that it deemed as untrusted. Which is good. I did some other testing with some “dark” web sites and got the same result. I also found thanks to HYAS Protect At Home that my ASUS router had a tendency to phone home to places that Protect At Home flagged as suspicious. A lot. And it was more likely to do this when I have the configuration webpage open. When it is closed, the amount of “phone home” traffic is still there, but in lower amounts.. But the fun doesn’t end there. My gaming PC is also phoning home to ASUS servers. From what I can tell, the software that is supplied for the ASUS Republic Of Gamers motherboards dials home as well. But it seems to do that on a cold start or a reboot, as well as periodically while it is online. I’ll have to go down the rabbit hole as to why my ASUS stuff seems to be so “chatty” as nothing else on my network appears to be that “chatty” at a future time. But it illustrates another benefit to HYAS Protect At Home. Which is it allows you to gain real insight into what places on the Internet that devices on your network are talking to. That way if you see something that seems odd, you can investigate and take action.
Another thing that caught my attention is that my wife has a tendency to go to sites having to do with cooking. There’s nothing wrong with that. But it looks like the sites in question have a lot of stuff that HYAS Protect At Home did not like because it blocked a lot of things coming off those sites:
When I investigated it, the source were ads that were placed on the site. Why that matters is that things like pop-up scams and malware can often come from ads placed on websites. This is knows as a “drive by attack”. Thus it’s good that these sorts of threats are being proactively blocked long before it can hit your device.
The final area that I tested was DNS resolution speed. As in how how long it takes from the time it takes you to hit enter on the address bar of your web browser before the web page that you want to go to starts to appear. According to Mr. Van Gool, it can be up to 250 milliseconds. And my “seat of the pants” observations seem to be consistent with that as nothing I did was slower than normal. In fact some things that I normally do felt a touch faster.
I have to admit that I am pretty impressed by HYAS Protect At Home. It provides an added level of security, which I was able to verify. On top of that, it has some of the best reporting and visibility tools that I have ever seen. And that’s validated by the fact that I found out stuff about my own network that I need to look into further. And the kicker is that this is the home product. If the home product is this good, imagine how good the enterprise product must be. As far as I am concerned, this is an easy two thumbs up from me. And my advice is if you are responsible for security in your enterprise, feel free to try this out on your home network and see for yourself how good this product is.