Millions of new Internet hosts (domains and subdomains) are born every day.
This feature is available on Artica v4.30 Service Pack 970 or Artica v4.40
¶ Why blocking NRDs ?
The vast majority of Newly Registered Domains (NRDs) exist for less than 7 days.
Analysis reveals that while the majority of these hosts may have valid purposes, many of them are tools for hackers.
They can be used to carry spam, false information (phishing) or even viruses.
They are primarily used in:
- Phishing attacks: Usually sent over email, domains that resemble familiar and popular domains entice unsuspecting users to click on their links.
- Malware distribution: This includes viruses, worms and Trojans. The initial distribution is usually through a phishing attack or a compromised website.
These sites, whether valid or malicious, are often not quickly categorized and analyzed for risk because they have a fleeting reputation.
Without categorizing, classifying or assigning a risk profile, security professionals face a real challenge.
By nature, these newly born sites are rarely visited by your users.
It is therefore wise to identify them and block them by default.
¶ How to block Newly Registered Domains ?
¶ Activate the The Newly Registered Domains category
- The first operation is to activate the use of the NRDs category
- On the
Filtering serviceparameters, click on “Enable” button inside the “Category: Newly Registered Domains” widget
- The widget will be turned to green and you will see the number of records stored in the The Newly Registered Domains category database.
This Database is updated every 12 hours.
¶ Create your Proxy ACL rule.
- Go to your Proxy ACLs and create a new deny rule
- Add a new Artica Categories object
- Click on Add Category to open the available categories
- On the search field, type “Newly”
- On Click on Select on the “Newly Registered Domains” row
- So we have a deny rule that stores an object “Artica categories ” with the The Newly Registered Domains category
- In the realtime monitor, you will be able to see “Newly Registered Domains” category deny accesses.
