Tuesday, September 2, 2008

Security Tip - Hosts File Security Filtering

Here is another option for DNS filtering. As Suzanne described, OpenDNS is a great way to provide content filtering. But here at MPL, we simply won’t do any content filtering at all. On the other hand, as the guy who has to keep all things tech working, I am very interested in filtering access to sites that can do us harm. So I would like to filter not content, but malware.

Let me digress into techspeak for a moment. DNS is all about translating human language to computer language. You want to type blahblah.com but your computer needs to know it is 55.555.55.55. This translation can occur at a variety of places, for example at a DNS server at your ISP or the OpenDNS server. But before your computer checks some other machine, it will check its own records to see if it has the translation stored from a previous visit to the site. You can manipulate these records yourself. So if you know you want to never access the site malware.com, you can lie to your PC and tell it malware.com is found at That IP is a dummy IP address. So when your computer checks its records as it tries to get to malware.com, it gets lied to and it can’t get there. End techspeak section.

But there are thousands of bad sites that you would potentially block for security reasons. Wouldn’t it somewhat time consuming finding those sites and changing all your records? It would. So have somebody else do it for you. That is what they do at www.mvps.org/winhelp2002/hosts.htm. The ‘records’ I refer to above are kept in a file called “Hosts” deep in your file system. This site creates a custom Hosts file with thousands of entries. It is up to you to download it and put it in the right place on your PC. I won’t tell you how to do that because there are instructions at the site. You have to be at least a little tech savvy to do it though.

I have automated the process of disseminating the current hosts file to all my PCs by using logon scripts. I still have a couple glitches but I almost have it right. If you are running a server in your environment and you would like the description of how I have automated it, drop me a line at jims@missoula.lib.mt.us and I’ll send you the description when I get it right. Or, if enough of you drop me a line, I’ll just post the description here at Montana Bibliotechies (http://mtbibliotechie.blogspot.com/). Thanks y’all.

Addendum: The IP address is not really a dummy address. It has a definite meaning. It means the present PC, regardless which PC that is. It’s called the “Home” PC. That is why you see those bumper stickers on geek cars that say “There is no place like”.

No comments: