ISMS Essentials: The How and Why of Quad9
A new and free cyber security capability that you should consider as a control in your Information Security Management System (ISMS), Quad9 is promoted by the Global Cyber Alliance and members like Huntsman Security.
Quad9 protects systems and networks against common cyber threats. Read this short post to find out how.
The ISMS, Quad9 and DNS
A defined ISMS helps an organisation to better understand their information assets, the vulnerabilities and risks. Vulnerabilities require risk assessment and controls to be implemented that are proportionate to the risk. Controls can be broadly categorised as People, Process or Technology driven.
Quad9 (a technology control) is relevant to the Domain Name System (DNS) which we covered previously in our DMARC post. As a quick reminder, all organisations have a Domain Name System (DNS) handled by a DNS server and all websites have an Internet Protocol (IP) address that looks like a unique string of numbers.
E.g. A “DNS lookup” of www.bbc.co.uk returns “Domain Name Server 220.127.116.11” and “18.104.22.168 “
It would not be practical for an internet user to remember strings of numbers to gain access to sites. To get around this the DNS stores the information that translates and resolves IP addresses to more meaningful and logical names such as the “BBC”. This in turn makes web browsing, “googling” and other search activity more effective. Talking of IP addresses, “Quad9” is taken from the IP address “22.214.171.124” that has been assigned to it.
What ISMS challenges does Quad9 solve?
Quad9 identifies websites that are believed to carry malware and other similar cyber threats. Quad9 prevents users accessing those malicious sites, adding privacy and security as they browse.
Quad9 does this by comparing the requests of users as they click on web links, with rich sources of threat intelligence. When a match is found between requests and the threat intelligence, Quad9 prevents any onward access and the chance of users inadvertently downloading harmful code.
This video briefing gives you some statistics about the likelihood of attacks such as malware:
The threat intelligence is built and maintained by organisations collaborating as part of the Global Cyber Alliance. It is maintained and updated on a series of Quad9 servers located around the world and identifies potentially “unsafe” websites. Quad9 is being geographically rolled out – the UK went live in November 2017.
Which devices does Quad9 cover?
As you would expect, business terminals and laptops are well within the scope of Quad9. Personal computers are also compatible to be secured with Quad9 and it is very easy to configure. This video tutorial shows you how to do this.
Quad9 also considers the ISMS challenges associated with the Internet of Things (IoT), devices that have only recently adopted internet connectivity. IoT devices often only have limited security and primitive firmware (the program code embedded on the chips during manufacture). IoT devices also frequently ship with standard security credentials that never change. All this means that IoT devices can often be susceptible to being co-opted as part of a Botnet driven attack. Botnets are most often associated with Distributed Denial of Service attacks.
Consider devices such as smart home thermostats and the “internet connected fridge”. Unlike the terminal on your desk these devices rarely receive security updates and patches. Also unlike your terminal, they can be difficult to secure using cyber defences such as firewalls and anti-virus software. Security is further complicated if additional connectivity such as Bluetooth also features.
Given the rise of IoT and the inclusion of connectivity as standard, having the ability to monitor and secure IoT devices is becoming increasingly important.
Implementing Quad9 in an organisation
The tutorial showed how easy it is to implement Quad9 on a single computer at home. However, it is more likely that you are interested in implementation on networks.
As long as you have the right change control permission and access to the right IT administrator, then implementation is no more difficult than on a single machine. It involves the configuration of the Dynamic Host Configuration Protocol (DHCP) server. The DHCP server administrates network configuration including IP addresses.
The DHCP server automates the required bulk administration of IP addresses and without one, every machine on the network would have to be manually assigned an individual IP. This would be a painful process for your IT personnel and would likely be impossible to administer on large networks.
When promoting Quad9 for implementation in your organisation, it is important to secure the support of your IT lead and Senior Information Risk Owner. This is because you will need to formally agree the change within your change control process. To help obtain agreement, point out that Quad9 does not affect the performance or speed of internet browsing for the end user and, like DMARC protection, it is free!
Strengthen the ISMS: Quad9 Blog Summary
To summarise the Quad9 capability consider the following:
- It improves browsing security and prevents attacks
- Quad9 is free, simple and quick to install on your home computer
- Network installation is undertaken with the support of the DHCP administrator
- Don’t forget the ISMS change control process
- Quad9 secures IoT devices
- Threat intelligence is maintained on behalf of Quad9 users
- Quad9 does not impact web browsing performance.