Earlier this year, Comcast completed DNSSEC, which made us the first major ISP in the nation to provide customers with a secure DNS service. You can read more about our DNSSEC deployment in this previous Comcast Voices post.
We're taking this a step further and we've recently added a new feature, called DNS Lock, to our Constant Guard Protection Suite to help prevent Xfinity Internet customers from connecting to fraudulent websites. While Constant Guard has always provided protection for your online banking/shopping, this new protection really extends to all of your online activities.
To demonstrate how DNS Lock works, let's use as an example, the holiday season. Say you want to send an eCard for the holidays to your relative across the country. You type in the name of the well known card company in the browser, and then enter things like your email address and the recipient's email address. In the main body of the card you enter data like your phone number with a request to get together. If you're using Comcast's DNS Servers, then you can be confident knowing that you would actually be connected to this eCard Company's Web servers (in technical terms, that the domain name you entered as the URL would resolve to the proper IP address of their Web server). However, if a cyber criminal changed your DNS Server, then it's possible that the domain name you entered would resolve to a fraudulent Web server, and the information that you entered could be stolen. In this case, the Constant Guard Protection Suite would prevent you from connecting to a non-Comcast DNS Server and it would alert you if your DNS settings have been tampered with to help avoid this situation.
DNS Lock has been added to the Constant Guard Protection Suite in response to new and emerging malware that can alter DNS settings on a consumer's computer without their knowledge making them susceptible to online fraud. This enhancement is another example of how Comcast continues to provide new and innovative ways to bring online security to its customers. The feature can be manually turned off if the customer wishes to use a different DNS service.
For more information about DNS Lock or the Constant Guard Protection Suite, please visit http://xfinity.com/constantguard.