• Line

Active Defence Guide

Blog Author
Alon Blayer-Gat

The internet may have opened the door to unfathomable amounts of information & services, but it has also opened the door to cyberattacks. When browsing online, it only takes one stray click to find yourself the target of malware or a phishing attempt. This is why we developed Active Defence!

Safehouse's Active Defence provides additional security on the network level, specifically in the DNS layer where suspicious site content is blocked even before the connection to this site is made (blocking at the IP address level).

With Safehouse we made a conscious choice to implement the blocking on the device (aka On-device Blocking) as opposed to blocking on a remote DNS server, and here’s why: 

1. To enable you to personalize your blocked content list and choose whether you want to unblock/block a specific website.

2. To see the exact block count of malicious events you were protected from in real-time.



What Is DNS?

The Domain Name System, or DNS, acts as an online phonebook. The DNS is used to convert a hostname into an IP address for an app (that runs on your mobile) to connect with. 

DNS is used because (1) The hostname can stay the same while the underlying IP can dynamically change, and (2) The hostname is, well, a name, and therefore is much more human-friendly than an IP address (we all google for names and not IP addresses).


Why Do I Need a DNS Defence Tool? 

If left unprotected, your online activity becomes vulnerable to being tampered with by cybercriminals. For example, malicious entities can create fake websites (aka ‘social engineering’) and fool legitimate users like you into visiting them, downloading malware, or providing their credentials to steal or do other phishing crimes.

Safehouse's Active Defence protects your online activity from such phishing attempts. For example, when clicking on a link like http://www.badsite.com/bad-content the browser would try to connect to this website, and to do that, it would first issue a DNS query to retrieve the IP address (as connections are made with IP addresses).

Active Defence will intercept this query on its way to the real DNS server and check whether www.badsite.com is blacklisted. If it’s not, the query will continue to the real DNS server which will respond with the site’s IP address. Otherwise, Active Defence will “fake” a response which will ultimately result in the browser failing to connect to this website, hence, protecting the user from its malicious content.  


Isn't VPN Defence Enough?

DNS defence provides an additional level of security on top of the VPN (Virtual private network), and blocks website content on the domain level.

The DNS in Safehouse App also has an auto-enable feature, ensuring the user is always protected, even when the VPN button is toggled off! For maximum security, we recommend you keep the 'Auto-enable DNS' box checked at all times (it's always-on by default).

The Active Defence feature is available only for Android users who updated their app to the latest version on Google Play.