Services

DNS Firewall

Protect your IT network from IT threats caused by the individual activities of your users thanks to differentiated filtering and the blocking of problematic content

En savoir plus

Challenges

Employees, teachers, and students surf the Internet every day. Whether for the proper performance of their professional duties or their studies, they use their organisations’ network. Thus, they can endanger the security of anyone using the network, without even knowing it. Indeed, if they do not have the right reflexes or if they access dubious sites, there is a great risk that malicious persons invite themselves inside the network and retrieve, block or erase internal information that might be sensitive or strategic. Beyond their own security, they jeopardise their organisations’ global safety whose guarantee is the responsibility of their IT departments.

Protecting the whole IT network, in addition to individual protection measures (including prevention and the promotion of best practices), is a real asset for institutions willing to reinforce their IT security. Using a DNS firewall, in particular, has a dual advantage. First, it protects against cyber threats, ie. phishing or malware activation. Second, it allows customisable content filtering – by blocking access to a range of websites or categories of websites - according to the sensitivities, needs and user profiles.

Features

  1. A pre-configured and customisable filtering: for the institution IP range, Restena configures a global firewall policy fed and updated by the information provided by the European CERTs and within the LuCySe4RE project. On request, Restena can also configure differentiated policies within the IP range.
  2. Autonomous management of your filtering policy: the institutions can manage their policy(ies) via a dedicated portal. This tool also enables them to configure their own parameters (threats and content to block, authorised Internet domains, etc.) as they want.
  3. Customised messages: after configuration, the DNS firewall blocks or alerts the user if he or she is trying to access an Internet domain defined as problematic. A webpage is then displayed instead of the problematic resource. The webpage content, language, design, and contact information can be fully customised via the dedicated portal. To diversify your messages, you can create as many web pages as configured policies.

Benefits

Additional and customisable tool to deal with cyber security issues allowing, among others, to give different access according to the user type defined by the institution (ie. teachers and students)

Legitimate use of the network guaranteed for employees, teachers and students

More details on the service

Who can benefit?

Organisations connected to the RESTENA network

How to benefit

  • The DNS firewall is only available for organisations using the public resolvers set up by Restena (‘Public DNS resolver’ service).
  • The firewall management is done using the DNS-Firewall Manager tool accessible from the institution LuCySe4RE management interface.

Some useful information

  • If an institution does not want to display the automatic untrusted certificate warning displayed by the DNS firewall, it can install a Root Certification Authority (CA), also operated by Restena.
  • The alert logs configured by the institutions are used within the European research project ‘Enhancing Cybersecurity Services for the Luxembourgish Research and Education community’ (LuCySe4RE) led by Restena for the period 2023-2026. That information is only available for the project and its partners (each institution does only receive its own logs). The DNS firewall service users not participating in the project do not have access.

Assistance and support

noc@restena.lu

Services

Other services that might be of interest to you

Projects

Enhancing Cybersecurity Services for the Luxembourgish Research and Education community (LuCySe4RE)

Improving protection against the cybersecurity risks faced by the Luxembourg research and education community.

Learn more

Have a question?

  • Faq

  • A Root Certification Authority (CA) is installed on the DNS firewall of my institution's IT network, will Restena inspect all my web traffic?

    No, the certification authority is used exclusively for showing you information about blocked pages by the DNS firewall.

  • Is it required to install a Root Certification Authority (CA) to benefit from the DNS Firewall service?

    No, the DNS firewall works without a certification authority. Its installation is optional and left to the discretion of the users of the service. The only difference is that an untrusted certificate warning is displayed if the certification authority is not installed.

Haven't found the information you needed?

Helpdesk page