Switch DNS Firewall

The Switch DNS Firewall allows specific DNS information to be overwritten. This makes it possible to generate alternative responses to DNS queries and to protect all devices effectively before a connection is established to any malicious systems.

Prevention

Blocking access to infected sites can prevent further infection.

Detection

Systems that have already been infected can bedetected by Switch. Customers are promptly notified of any such infections via security reports.

Information

When accessing a malicious domain name, users are redirected to a secure landing page.

Switch CERT – a leading national centre of expertise

Your trusted partner for cyber security The Switch Computer Emergency Response Team (CERT) is a leading independent centre of expertise for information security. It was set up in 1994 and was one of the first CERTs in Switzerland to receive international certification in 1996. Its aim is to support Swiss universities in combating cyber threats.

Today, the team provides services as a multi-sector CERT for universities, the domain registry, banks, industry and logistics, and the energy sector. Our areas of expertise include incident response, threat intelligence, detection and trusted community building. We are part of a global network for exchanging alerts and knowledge about cyber threats and work closely with the federal government's National Cyber Security Centre (NCSC). Switch CERT is one of two national CERTs and is considered part of Switzerland's critical infrastructure by the Federal Office for Civil Protection (FOCP)

Independence and transparency

Switch has been responsible for a secure internet for over 25 years and works without any conflicts of interest with manufacturers or suppliers.

Threat information sharing

Comprehensive threat information from the monitoring of university networks and various sectors in Switzerland, supplemented by international partners.

National and international networking

Switch has been cooperating with national and international players from various areas of cyber security since 1994.

Interdisciplinary security expertise

Switch offers comprehensive IT security expertise, including incident response, threat hunting, domain security, malware analysis and more.

Unique synergie

By monitoring and working with different sectors, Switch CERT creates synergies in the fight against cybercrime.

Critical infrastructure protection

Switch operates important infrastructures for Switzerland, such as the.ch registry and national research networks.

Switch DNS Firewall modules

The following modules can be freely combined:

Website blocked- DNS — Switch landing page (Screenshot)

Technical requirements

Integrating the DNS Firewall service is easy: DNS RPZ must be enabled on the resolver which allows you to subscribe to the desired DNS RPZ feeds. This requires a DNS appliance or DNS service software that supports DNS RPZ.

Switch offers its customers wide-ranging expertise in the connection and integration of RPZ technology.

DNS Software

→ BIND

→ PowerDNS Recursor

→ Knot Resolver

→ Unbound

DNS Appliance

→ Infoblox

→ BlueCat

→ EfficientIP

→ Nokia VitalQIP

Testimonials

«The Switch DNS Firewall is a smart and straightforward solution that provides an effective complement to security solutions already in place at our organisation. The landing page clearly explains the reason for a blocked access to the user, which alleviates confusion. We’ve used it since July 2017 here at EPFL and are completely satisfied with it.»
Patrick Saladino
Head of Operational IT Security, École polytechnique fédérale de Lausanne, 16,000 users

« CERN is using the Switch DNS Firewall since Q4 2015 for pro-actively preventing our user community accessing malicious domain names and phishing websites. Using the Switch DNS Firewall, unfortunate users are redirected to an internal webpage informing them about the risks of browsing the WWW. So far, we have made great experience with it, also thanks to the quick response of Switch to our queries and input, and observed no false positives nor mayor issues.»
Stefan Lüders
Computer Security Officer, CERN, The European Organisation for Nuclear Research, 3,000 users

«The University of Bern has been using the Switch DNS Firewall from Switch since 2015. It is very easy to integrate into an existing environment. It is low-maintenance and very effective at preventing phishing and malware. As soon as a university user tries to access a malicious website, the Switch DNS Firewall returns an alternative response in the form of a secure landing page with an explanation of the potential threat posed by the page the user was trying to access. Switch's DNS RPZ feed is extremely helpful and focuses on threats to Swiss organisations. »
Thushjandan Ponnudurai
Network Security Engineer, University of Bern, 21,000 users

«Jisc has worked and collaborated closely with Switch for over 5 years, helping shape and support Jisc’s Janet Network Resolver Service, a protective DNS service which supports over 300 Higher and Further Education organisations in the UK, representing over 2.7 million users. Switch's DNS Firewall data feeds have proved an effective tool in trying to prevent common attack vectors such as phishing and ransomware aimed at the UK education community. We look forward to continuing our close partnership with Switch in tackling a common threat.»
Andrew Davis
Jisc, Infrastructure and Critical Services Manager (Cyber security)