top of page

Why Open DNS and Cisco Umbrella?

And Yet Another Weekend Post! (YAWP)

DNS protection provides an additional first line of defense level of protection between the client and the Internet by creating a blacklist of malicious websites and filtering out dangerous content. By using a secure DNS server, users can avoid possible malicious attacks.

There is no single DNS server, but many DNS services are used to provide the backbone for Internet domain name resolution. Many users use DNS servers provided by their ISP. This is not necessary. Instead, they can use a secure and free DNS server or a secure and paid DNS server. Since most Internet connections are made via DNS, DNS protection is one of the best ways to improve security.

What is DNS?

The Domain Name System (DNS) transforms a human-readable domain such as into a linked IP address such as This allows us to use easy-to-remember domain names instead of having to remember numbers. It works like a traditional address book! DNS is the basic technology for the Internet and makes it easier for users to use it. As a network layer between the user and the Internet, it can also be used to improve security.

Why is DNS Protection Important?

DNS protection can help protect your network. Since many people have veiled their professional and personal lives, it is also important to protect the home network. Secure DNS solutions can improve BYOD policies, secure data outside and inside of the office and provide additional benefits.

The Department of Homeland Security issued an emergency policy urging US companies to defend themselves against DNS hijacking. According to guidelines, FireEye and Cisco have found evidence of a recent DNS attack

What is a great possible solution for that?☂️

Cisco Umbrella ☂️ is a tool for protecting you while browsing the internet. On an individual level it protects against Command & Control and Ransomware, Malware and Phishing Attacks, .

On enterprise level it can also help with enforcing web browsing company policies, by blocking access to certain websites either explicitly or via categories. For example you can block anyone in the business from accessing pornography websites.

How to I configure and setup Umbrella?
The steps for setting up Cisco Umbrella are:
  1. Setup your Cisco Umbrella portal

  2. Set your content and security settings

  3. Install the Cisco DNS appliance on all sites where your internal DNS servers are located

  4. Point your internal DNS to the appliance

  5. Roll out the Cisco Umbrella Roaming agents

Portal Setup

Your Cisco Umbrella partner will provide an admin login, which you will use to add the relevant people in your organisation, who require the following access:

  • Full Admin

  • Read Only

  • Block Page Bypass

  • Reporting Only

Attention: Enable Two Step Verification (recommended for every Cloud system)

Decide which region you want your logs to be stored in: Germany or North America (Lieber Daheim! 😜)

Security & Content Settings

Security Categories

Select which of the following security defenses you would like to be enabled:

  • Malware protection – (Pheniix recommendation)

  • Dynamic DNS – Default off (Pheniix recommendation. Turn it on only after enough sniffing)

  • Potentially harmful domains – (Pheniix recommendation. Turn it on only after enough sniffing) Turned off be default

  • DNS Tunnelling VPN – Pheniix recommend to be on

  • Cryptomining – Pheniix recommend to be on

  • Newly seen domains – Default off (Pheniix recommend switching on after a few weeks and monitoring and enough log gathering)

  • Command Control Callbacks – Pheniix recommend to be on

  • Phishing protection – Pheniix recommend to be on

Content Categories

Select which categories you would like to block for your enterprise from the list below, being Moderate is always a nice idea. From that point you can customize accordingly, based on your company’s web browsing policy.

Cisco Umbrella Appliance installation

The goal of the Cisco Umbrella appliance is to make sure that your DNS queries get routed correctly and are matched against the username. This enables user and group based policies to be applied. They are only required if you have internal servers. The process is very simple, your client simply points the appliance to their DNS. If the request is external the appliance sends you to OpenDNS servers, and if the request is internal the appliance directs your request to the internal on-premise DNS servers.

The installation process involves totally four stages:

  1. Download either the VMware ESXi or Microsoft Hyper-V appliance from Umbrella Doc here.

  2. Install the appliance onsite, setting the IP address, subnet and gateway.

  3. Run the Windows config script on all DCs (Domain Controllers)

  4. Install and run the Window service on all DCs (Domain Controllers)

We recommend that you install two or more appliances per site for the sake of High Availability to ensure you have resilience in case one should fail.

Mapping of internal DNS

Configure your DHCP to point all of your client’s primary and secondary DNS to the internal IP address of the new primary and secondary Cisco Umbrella appliance accordingly.

Install Cisco Umbrella Roaming Agents

To protect all of your machines whether they are in or out of the corporate network we strongly recommend you install the Cisco Umbrella roaming agent. The simplest way to do this is to utilize Webroot.

  1. Login to Webroot

  2. Select all computers you wish to install the roaming agent on (recommended)

  3. Select “Agent Commands/Advanced/Download and Run a Command”

  4. Put the following details in the prompt:

  • URL:

  • Command Line Options: “/qn ORG_ID=unique org id ORG_FINGERPRINT=unique org fingerprint USER_ID=unique user id HIDE_UI=1 HIDE_ARP=1″

  1. Ensure the machines appear in Roaming Computers in the Cisco Umbrella console *(Install the rest manually if they do no appear)


Now you can browse the internet at LEAST safer than before. DO NOT FORGET that there is no %100 security out there!


All product names, logos, and brands are the property of their respective owners in Austria or other countries. All company, product and service names used on this website are for identification purposes only. Pheniix is not affiliated with or an official partner of Cisco, CompTIA,Dimension Data, VMware, Amazon, Microsoft, Certified Ethical Hacker, (ISC)², Juniper, Wireshark, Offensive Security,Google, GNS3, F5, Python, Linux, Java, OpenStack, Vagrant, Ansible, Docker, GIT, , Blockchain or other companies. Use of these names, logos, and brands does not imply endorsement. The opinions expressed on pheniix are personal perspectives and not those of Cisco, Dimension Data or any other company. Pheniix runs as an independent blog.

#2019 #MikeGhahremani #Pheniix #SecurityCenter #IPSEC #ServiceProvider #InfoSec #CCNAServiceProvider #Encyption #NationalCyberSecurityAwarenessMonth #Cybersecurity #Cybercrime #cryptocurrency #cyberwar #NationalSecurityAgencyNSA #CCNACyberOps #PolicySet #cy #cybersecurity #CyberSecurity #DNS #Umbrella #Cisco

bottom of page