The body that regulates the .ca domain has officially launched a free domain name system (DNS) firewall service to improve privacy and security for individuals using computers, smartphones and tablets.
The Canadian Internet Registration Authority (CIRA) said the service, called Canadian Shield, is aimed at giving consumers the kind of protection from DNS attacks that the public and private sector get from commercial products.
“As a not-for-profit part our mandate is to help provide a protected internet for all Canadians, and this is one of the ways we can help improve the internet,” said Mark Gaudet, CIRA’s business development and product manager.
CIRA believes it’s the first deployment of a national, public DNS over HTTPS (DoH) service in the world.
The threat intelligence feed of the service will be provided by the federal government’s Canadian Centre for Cyber Security.
The new service leverages CIRA’s D-Zone DNS Firewall, which it sells to the public and private sectors and uses technology from Akamai Technologies. Four Canadian Shield nodes have been deployed in TekSavvy data centes in Toronto, Montreal and Vancouver.
Home routers/gateways need to be reconfigured to point DNS queries to Canadian Shield. CIRA offers advice for setting up routers, operating systems and other internet-connected devices like Playstation, Xbox, Nintendo Switch and 3DS. There are also apps for mobile devices through the Apple App Store and Google Play.
While most Windows, Mac or Linux computers are protected by firewalls that either come with the operating system or are part of an antivirus suite, CIRA said Canadian Shield offers protection for malware that uses a domain name for spreading infection or to communicate with command and control servers.
Today’s official launch was preceded on April 3rd with early access for healthcare workers, educational institutions and small businesses.
“As Canadians have shifted to working and learning from home en masse due to COVID-19, their personal devices and home networks are vulnerable to cyber-attacks,” CIRA said in a statement. “Canadian Shield will provide enterprise-grade privacy and cybersecurity protection.”
There are three free levels of service:
- Private – prevents the commercialization of the user’s DNS for better online privacy. This is an open recursive DNS service that offers DNS resolution but no cybersecurity or filtering. CIRA considers it private because it doesn’t a user’s IP address longer than is needed for managing the service against threats. Nor does CRIA attempt to relate it to a user or location or use it for marketing or resale purposes
- Protected – all features of Private plus added malware, botnet and phishing protection. When a user attempts to visit a domain that contains malware or engages in phishing the request is refused. The user sees either a block page (HTTP) or it won’t resolve (HTTPs)
- Family – all features of Protected plus added adult content blocking
“As a non-profit with no interest in monetizing user data we were able to bring together a group of great partners who are committed to protecting Canadians online–including the first-ever national deployment of DNS over HTTPS globally,” Jacques Latour, CIRA’s chief technology officer, said in a statement. “This will provide all Canadians and their families with the kind of online protection typically reserved for large institutions.”