We started using OpenDNS before they raised their price, and it was so inexpensive that it seemed an obvious choice and worth every penny. When that 3 year contract was up, the price increase had occurred and it was no longer obvious to me that it was worth it. When I said we wouldn't be renewing they offered a better price. It was still a significant increase over our original 3 year contract, but it was significantly better than the original price offered for the new 3 year contract. So we decided to continue and signed a new 3 year contract. We've got about a year left on that contract, so we'll see what happens when it's time to renew.
We don't have the Umbrella product, and we don't have their AD integrated DNS appliance so as others have said, it blocks the bad traffic, but we can't see what internal computer generated it. All we see is the address of our dns servers as the one requesting the resources that were blocked. On Fri, Nov 20, 2015 at 7:00 AM, Pete Hoffswell < pete.hoffsw...@davenport.edu> wrote: > We used OpenDNS back when it was inexpensive. When they upped their > price, we used the cost increase to justify licencing on our firewall to do > the job. And do it better, as the firewall offers more ways to protect our > users and data. > > - > Pete Hoffswell - Network Manager > pete.hoffsw...@davenport.edu > http://www.davenport.edu > > > On Fri, Nov 20, 2015 at 3:42 AM, Luke Whitworth < > luke.whitwo...@cranfield.ac.uk> wrote: > >> Just wondering if anyone has done a comparison of what OpenDNS offers >> over and above just using DNS RPZ internally (obviously fed by a third >> party list of known malware sites)? I had a look a while ago and it was >> clearly a more turnkey solution than configuring BIND and then setting up a >> dashboard in something like Elasticsearch/Kibana to parse the logs and give >> actionable data, just wondering if was there anything else that sold people >> on it. >> >> Cheers, >> >> Luke >> >> On 19/11/15 21:30, Randy Mahurin wrote: >> >> We are too, could be interesting. We are still working on the >> communication. We typically add these types of changes to our daily campus >> newsletter, help desk webpage, and group emails to support staff. >> >> On Thu, Nov 19, 2015 at 2:02 PM, Coehoorn, Joel <jcoeho...@york.edu> >> wrote: >> >>> I look forward to hearing your results from blocking port 53. What >>> communication have you done for this so far? >>> >>> >>> >>> Joel Coehoorn >>> Director of Information Technology >>> 402.363.5603 >>> * <jcoeho...@york.edu>jcoeho...@york.edu <jcoeho...@york.edu>* >>> >>> >>> The mission of York College is to transform lives through >>> Christ-centered education and to equip students for lifelong service to >>> God, family, and society >>> >>> On Thu, Nov 19, 2015 at 2:49 PM, Randy Mahurin < >>> <randymahu...@boisestate.edu>randymahu...@boisestate.edu> wrote: >>> >>>> Here are the comments from our Security Engineer, we've been using it >>>> for several months now: >>>> >>>> "So we've been using OpenDNS Umbrella for about 2 months now. We >>>> actually replaced our proxy server with this after some back and forth on >>>> what it gained us vs what we lost. While we've been using it for 2 months, >>>> we only recently implemented the Virtual Appliances (VA's- talked about >>>> towards the end of this) into the mix that really gave us more visibility. >>>> >>>> Long story real short, we've been happy with it so far and if you want >>>> any more info let me know. >>>> >>>> Pro's: >>>> >>>> - We use bitsighttech.com as a 3rd party to rate us against other >>>> .edu's. We were sitting in the 600 range for quite awhile, and then in >>>> july-sept, we just started getting hammered on score because of >>>> potentially >>>> exploited machines. We can track it back to pretty much the day we >>>> switched over to openDNS to a lot of those falling off the list. >>>> Systems >>>> still weren't cleaned at the time, but it since they were no longer >>>> able to >>>> go outbound, the score hit went away and then we were able to start >>>> using >>>> umbrella to track them down. >>>> - Blocks a ton of stuff that our proxy server wasn't blocking >>>> before since now it is blocking more than just 80/8080 traffic! >>>> - Scheduled reports. I get a daily last 24 hr botnet report to >>>> show me systems on campus that are blocked trying to access botnet >>>> systems, >>>> we're just starting to work through this list. >>>> >>>> >>>> Con's: >>>> >>>> - They don't auto rescan their sites, if something is blocked for >>>> malware, until someone out there using their fabric requests a site be >>>> rescanned, it doesn't happen. The first week we had 3 requests, the 2nd >>>> 3, >>>> the third 2, etc... We're probably averaging 1-2 support tickets a >>>> week on >>>> sight rescans and 80-90% have come back clean and been removed. A few >>>> have >>>> come back as still infected and we didn't unblock them. >>>> - Blocking sites, for us we used to use the proxy server to block >>>> exact pages out of phishes, so >>>> http:\\somesite.com\somefolder\phishme.html; >>>> Well now the best we can do is blocking somesite.com. Looking back >>>> at 99% of the phishes we've blocked in the past 3 years blocking the >>>> full >>>> site hasn't been an issue, but there was a site or two that this >>>> will/would >>>> have caused issues with. >>>> >>>> Other pieces >>>> >>>> - Depends on your point of view if this is a pro or a con. The >>>> virtual appliances (talked about below) auto patch if you have 2 of them >>>> (which you'd want for redundancy). If you have a strict change >>>> management >>>> policy, you have no control over when these patch beyond giving it a >>>> time >>>> window in the middle of the night and it does it automagically. It does >>>> one, waits for it to come back up and restablish contact and verify >>>> functionality (somehow, bit magically) and then it will do the other. >>>> We'll be going through this for the first time within the next month. >>>> You >>>> have to sign up to even get notices of this happening and it was >>>> basically >>>> between 11/18 and 12/8 we'll be rolling this out. So no control >>>> over it outside of the time window you provide for it to look at doing >>>> this >>>> daily. One less thing you have to patch or schedule, but something you >>>> have no control over also. >>>> - Just purchased by Cisco, waiting to see what they do on cost >>>> going forward. Part of the reason we moved away from the proxies were >>>> because cisco kept increasing the maint cost each year! >>>> >>>> >>>> >>>> If you want to make the most use out of it. >>>> 1. Roll out their Virtual Appliances and these become your primary DNS >>>> servers on campus for all of your clients (servers and workstations). They >>>> forward *.local and *.whateveryourdomain(s) are onto your other DNS >>>> servers. If you don't do this, reporting is fairly worthless as all you >>>> get is your DNS servers IP addresses, so tracking down who may be infected >>>> is difficult depending on what type of logging you have locally. These are >>>> VMs. >>>> 2. Plan on changing your outbound firewall to blocking tcp/udp 53 from >>>> all systems except your Primary DNS servers and the VA's in #1 at some >>>> point in the future. Basically make sure people aren't bypassing the extra >>>> security you've provided by going to google's DNS, their home ISP, etc. We >>>> plan on making this change over Christmas break. >>>> 3. If an AD shop, look at rolling out their VM that ties into AD and >>>> parses DC logs for login events. If/when this is in place it will match >>>> the IPs found in #1 to who was logged onto the workstation at that time. >>>> We haven't decided when to roll this out, there are some potential >>>> gotchas/changes to our setup we'd need to do. Primarily we don't like >>>> installing new services onto DC's, so we may instead install it on a stand >>>> alone system and then do log forwarding on to it. Haven't looked deep into >>>> this one yet, need to get through #2 first!" >>>> >>>> On Thu, Nov 19, 2015 at 1:31 PM, Hanson, Mike <mhan...@css.edu> wrote: >>>> >>>>> We use OpenDNS and like it very much. We do not use the Umbrella >>>>> product though. >>>>> >>>>> I pursued the purchase of OpenDNS 5 years ago to reduce our endpoint >>>>> malware infection rates. The subscription paid for itself in the first >>>>> year >>>>> by reducing the amount of time lost by the help desk, IT staff, and >>>>> employees to infections. >>>>> >>>>> It is a easy to setup and mange. >>>>> >>>>> Mike >>>>> >>>>> Mike Hanson, CISSP >>>>> Network Security Manager >>>>> The College of St. Scholastica >>>>> Duluth, MN 55811 >>>>> <mhan...@css.edu>mhan...@css.edu >>>>> >>>>> >>>>> >>>>> On Thu, Nov 19, 2015 at 2:09 PM, Gregg Heimer < <ghei...@mc3.edu> >>>>> ghei...@mc3.edu> wrote: >>>>> >>>>>> We are also investigating OpenDNS as a possible replacement for >>>>>> expensive URL filtering costs integrated into our firewall. Would also >>>>>> love to hear feedback. >>>>>> >>>>>> >>>>>> >>>>>> Gregg Heimer >>>>>> >>>>>> Sr. Network Engineer >>>>>> >>>>>> Montgomery County Community College >>>>>> >>>>>> >>>>>> >>>>>> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv >>>>>> [mailto: <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> >>>>>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jeffrey D. Sessler >>>>>> *Sent:* Thursday, November 19, 2015 11:18 AM >>>>>> *To:* <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> >>>>>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >>>>>> *Subject:* [WIRELESS-LAN] OT - Anyone using OpenDNS Umbrella DNS >>>>>> security product? >>>>>> >>>>>> >>>>>> >>>>>> Bit off topic, but I’m in the process of evaluating OpenDNS’ Umbrella >>>>>> DNS security product and looking for others that may have it deployed. So >>>>>> far it seems like a good addition to end-point security, but the devil is >>>>>> in the details. If anyone on the list is using it, I’d sure appreciate >>>>>> comments/feedback. >>>>>> >>>>>> >>>>>> >>>>>> Jeff >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Jeffrey D Sessler >>>>>> >>>>>> Director of Information Technology >>>>>> >>>>>> Scripps College >>>>>> >>>>>> >>>>>> >>>>>> ********** Participation and subscription information for this >>>>>> EDUCAUSE Constituent Group discussion list can be found at >>>>>> <http://www.educause.edu/groups/>http://www.educause.edu/groups/. >>>>>> >>>>>> ------------------------------ >>>>>> >>>>>> Montgomery County Community College is proud to be designated as an >>>>>> Achieving the Dream Leader College for its commitment to student access >>>>>> and >>>>>> success. >>>>>> ********** Participation and subscription information for this >>>>>> EDUCAUSE Constituent Group discussion list can be found at >>>>>> <http://www.educause.edu/groups/>http://www.educause.edu/groups/. >>>>>> >>>>>> >>>>> ********** Participation and subscription information for this >>>>> EDUCAUSE Constituent Group discussion list can be found at >>>>> <http://www.educause.edu/groups/>http://www.educause.edu/groups/. >>>>> >>>>> >>>> >>>> >>>> -- >>>> Randy Mahurin >>>> Office of Information Technology >>>> Boise State University >>>> 1910 University Drive, Boise, ID, 83725-1249 >>>> Phone: (208) 426-4003 <%28208%29%20426-4003> >>>> ********** Participation and subscription information for this EDUCAUSE >>>> Constituent Group discussion list can be found at >>>> <http://www.educause.edu/groups/>http://www.educause.edu/groups/. >>>> >>>> >>> ********** Participation and subscription information for this EDUCAUSE >>> Constituent Group discussion list can be found at >>> http://www.educause.edu/groups/. >>> >>> >> >> >> -- >> Randy Mahurin >> Office of Information Technology >> Boise State University >> 1910 University Drive, Boise, ID, 83725-1249 >> Phone: (208) 426-4003 >> ********** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> <http://www.educause.edu/groups/>http://www.educause.edu/groups/. >> >> >> ********** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/. >> >> > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > -- *Adam Forsyth* Director of Network and Systems Luther College Library and Information Services *700 College DriveDecorah, IA 52101563-387-1402* ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
