ISP, Mornington Communications holistically defend users and network with Spamhaus IP & Domain reputation data

Meet Mornington Communications

Mornington are a community-focused Canadian co-operative telecommunications company. Over the past 100 years, they have provided telecommunications services, becoming an Internet Service Provider in the mid-1990s. Now they offer everything from mobile to TV to home security.

Today, with over 5,000 customers on the network, security threats are an ongoing battle. Network Manager, Dave Godglick, knows all too well. Led by a small but mighty network team, they ‘get’ the importance of proactive protection at every level of the infrastructure. We caught up with Dave to find out how Spamhaus’ data is helping Mornington to protect their customers and keep their network clean.

It started with a blocklist

Having tested several datasets over the years, Mornington opted to implement Spamhaus DNSBLs. The real-time blocklists easily integrated into Mornington’s existing email infrastructure, protecting them from spam and other email-borne threats. Dave explains, ‘We tried many datasets and experienced many problems such as users being blocked and we couldn’t unblock them very easily or they wouldn’t time out quickly enough – however, not with Spamhaus. The datasets are great. They’re easy to deploy, accurate, and cleaned up quickly.’ As an early adopter of Spamhaus blocklists, it was simply a natural progression for Mornington to enhance customer protection with additional layers of reputation data.

Phishing problems

With many customers falling foul of phishing and clickbait, DNS Firewall was an obvious next step for Mornington. At the DNS level, DNS Firewall Threat Feeds provide automatic protection against malicious traffic, phishing sites, and malware downloads. For Mornington, the phishing, malware and botnet feeds specifically were a no-brainer.

Utilizing the response policy zones (RPZs) has allowed Mornington to help protect those customers that do not know how to defend themselves. One of the biggest successes was for Mornington’s Support Services, with the number of incoming customer calls significantly dropping within days of deploying DNS Firewall. In Dave’s words, “Bringing on DNS Firewall led to huge improvements, particularly correcting most of our phishing issues.”

However, with the surge in IoT devices preconfigured with their own DNS settings and clients wishing to bypass the name servers, Mornington was again left with some vulnerabilities to botnets.

Protection at the network edge

The timing was perfect. Spamhaus already had a solution to protect customers right at the edge of the network, including the Botnet C&C and Drop lists – Border Gateway Protocol Firewall. A cost-effective, automatic network edge solution that drops communication with the worst of the worst, including botnet command and control servers.

For a small team, set-and-forget methods that provide automatic protection from malicious traffic are like gold – especially when they are easy to implement. For Mornington, configuration was straightforward. The edge routers are configured for eBGP with Spamhaus BGP feed (BGPf), then using iBGP the routes are shared internally. And the impact appeared to be instantaneous, leading to almost zero reports of viruses! Dave shares, “With the botnet C&C listings on BGP Firewall, and the botnet C&Cs on the DNS Firewall utilizing similar data, it’s like two extra layers of protection.“

In it together

For ISPs like Mornington, botnets and malware have long been a serious problem, with any malicious outbreak reflecting poorly on the business. When a customer becomes infected, the whole network is at risk – including Mornington. Yet, rather than blaming the customer who failed to protect themselves, Mornington takes a pragmatic approach, Dave shares, ‘To protect a customer is to protect the entire network, including ourselves. The mission is to find proactive ways of protecting people from themselves!’.

Mornington, we LOVE this approach – keep up the great work!