Malicious Domain Blocking and Reporting#

Malicious Domain Blocking and Reporting, or MDBR, technology prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats. This capability can block the vast majority of ransomware infections just by preventing the initial outreach to a ransomware delivery domain.

Once an organization points its domain name system (DNS) requests to the MDBR DNS server IP addresses, every DNS lookup will be compared against a list of known and suspected malicious domains. Attempts to access known malicious domains such as those associated with malware, phishing, and ransomware, among other threats, are blocked and logged.

Graphic showing MDBR working in an election office environment

MDBR in an election office environment#

Graphic showing MDBR working in an election office environment

MDBR in an election office environment#

Goals#

  1. Deploy MDBR for all internet-facing assets (Level 1 maturity)

Actions#

For Malicious Domain Blocking and Reporting, the necessary actions are the same for all maturity levels.

  1. If you’re an MS-ISAC member, you can sign up for no-cost MDBR by registering at https://mdbr.cisecurity.org. You will be asked to provide the following information:

    • Your contact information

    • Technical contact(s) for MDBR setup, troubleshooting, and general technical support

    • Reporting contact(s) for receiving reports on your MDBR service

    • Public IP addresses or CIDR netblocks from which your organization’s DNS queries are sent

  2. If you aren’t an MS-ISAC member, join today – then complete action #1 of this best practice.

The MS-ISAC provides members with a free MDBR service. Members sign up and configure their DNS server, and the MS-ISAC will then provide reporting that includes log information for all blocked requests and assist in remediation if needed.

The service is easy to implement and requires virtually no maintenance as MS-ISAC and its provider fully maintain the systems required to provide the service.

The MS-ISAC hosts all reporting data, including both successful and blocked DNS requests. It will then perform detailed analysis and reporting for the organization and the election community writ large. The MS-ISAC will provide regular reporting and intelligence services for SLTT members.

Cost-Effective Tools#

  • MS-ISAC MDBR service: A no-cost, lightweight MDBR solution for MS-ISAC members.

Mapping to CIS Controls and Safeguards#

  • 9.2: Use DNS Filtering Services

  • 9.3: Maintain and Enforce Network-Based URL Filters

Mapping to CIS Handbook Best Practices#

  • There are no relevant Handbook best practices