How To / Security / Tech

Canadian? Here’s how to set up CIRA’s free malware and phishing protection

computer with CIRA Canadian Shield logo overlay

If you click a link and it tries to open a known malware or phishing website, the Canadian Shield DNS service will block the site and prevent it from opening.

CIRA, the Canadian Internet Registration Authority, has just released CIRA Canadian Shield — free, enterprise-grade malware and phishing protection for all Canadians. With everything being digital-reliant these days, malware and phishing attacks targeting individuals have grown exponentially over the past few years.

Canadian households are under attack by malware and phishing, and family members aren’t always equipped with the knowledge they need to avoid malicious content. Heck, even the technically savvy make mistakes from time-to-time.

So where can Canadians look for the same level of protection that large corporations have enjoyed for years without having to worry about their data being sold to advertisers? How about a Canadian non-profit that is dedicated to building a better online Canada?

CIRA website

How it works

CIRA Canadian Shield uses DNS settings to block malware and phishing threats at the DNS level. In case you’re unfamiliar with what DNS is, in a nutshell, it’s an address book for the internet. We’re all used to typing in a domain name like google.ca, for example, and not a website’s actual numeric address. When your computer or smartphone looks up that website, it first visits the DNS server it has in its settings to find out where to go.

By changing your DNS settings from your ISP-provided one to CIRA’s Canadian Shield DNS, you will be protected from known malware and phishing websites. If you click a link and it tries to open a known malware or phishing website, the Canadian Shield DNS service will block the site and prevent it from opening. CIRA Canadian Shield claims to block roughly 100,000 new malicious domains daily.

How CIRA Canadian Shield malware and phishing protection works
How CIRA Canadian Shield malware and phishing protection works (image courtesy CIRA).

The service offers up three levels of protection: Private, Protected, and Family.

  • Private: DNS resolution only
  • Protected: Malware and phishing protection
  • Family: Malware and phishing protection + blocking adult website content

The new service also increases your online privacy by making your DNS traffic private. As a not-for-profit organization, the Canadian hosted DNS is not only faster than using a DNS-server based in another country, but also helps protect your privacy.

When you use CIRA it means that your prior recursive DNS resolver can no longer know and store your DNS data. Remember that the DNS is a record of all your web activity, in terms of the sites that you and your family visit. We believe that CIRA is a trusted Canadian non-profit provider of this service. We will not retain any personal information for marketing purposes and will not resell your personal data. We retain it for the shortest time possible* to deliver a quality service.

Additionally, you can use the DNS encryption (DoH) service to further protect the privacy of your DNS look-ups by encrypting the DNS queries on the internet.

CIRA website

CIRA does note that IP address information is stored for up to 24 hours before being deleted and flushed. The reason it is temporarily stored is to help CIRA identify malicious activity that might be using the service for illegal activity.

What it doesn’t protect

As mentioned, CIRA Canadian Shield protects your devices from KNOWN malware and phishing websites. As also mentioned, the organization is constantly analyzing new threats and adds upwards of 100,000 new sites to block each day.

While this should protect you from most malware and phishing attempts, it will only protect you if that attempt is trying to connect you to, and install from, a website. If you click on an email attachment and it has the installer contained within, this service will not protect you. We reached out to the CIRA and they stated that if the malware is installing or already installed, the service will not protect you against that. That being said, depending on the way the malware works, if it uses DNS resolution while it works, you’ll likely be protected. Still, every level of protection you can add is better in the long run as a lot of malware and phishing attempts are initiated by clicking on a link from a website or an email.

On that note, if you are running a Windows 10 computer, you’ll want to enable Ransomware and Tamper Protection. We’re currently working on a guide for that and will link it here shortly.

How to set up CIRA Canadian Shield

CIRA has setup guides for everything from your router/gateway, to Windows, MacOS, smartphones/tablets, game consoles, Ubuntu, and DNS Encryption. We’ll discuss how to set it up on your router, Windows/MacOS computer, and your smartphone as these are likely to be the devices that most people will have and be familiar with. For other devices, you can check out the setup instructions on the CIRA website.

Router/Gateway setup

If you have internet at home, you should have a router. Sometimes this is built into your ISP’s modem as well. Changing your DNS setting on your router is simple when using a computer connected to it. When configuring CIRA Canadian Shield at the router level, you will be protecting any wired or wireless device connected to your home network.

As outlined by CIRA, the steps are as follows:

  1. From your browser, enter the IP address you use to access your router’s admin console. Some examples of typical IP addresses include: http://192.168.1.1 and http://192.168.0.1
    NOTE: If you don’t know the IP address of your router, you can find it on a Windows 10 computer by searching for cmd and hitting enter to open the command prompt. In the window that opens, type ipconfig then enter and look for a series of numbers beside the IPv4 Address line. Whatever the last number is, change it to a one and enter the string as indicated above. For example, if your IPv4 Address is 10.0.1.100, your router is likely at 10.0.1.1.
  2. Enter the router password to access network settings.
  3. Locate the router’s DNS settings.
  4. Enter the Canadian Shield DNS server addresses (IPv4 shown):
    1. For Private, add the following: 149.112.121.10 and 149.112.122.10
    2. For Protected, add the following: 149.112.121.20 and 149.112.122.20
    3. For Family, add the following: 149.112.121.30 and 149.112.122.30
    4. 5. Save your new DNS settings.
  5. For IPv6 addresses please visit the advanced configuration page

Once you’ve taken those steps, click the Test my configuration button on the setup instructions page. It will tell you if you’re configured properly. If not, you may have to restart your computer to get the new DNS settings.

Windows/macOS

If you can’t access your router’s settings, which is optimal to provide malware and phishing protection for all the devices in your house, you can set up the protection on individual computers. Additionally, if you take your laptop to a cafe or other public place to work, you’ll likely want to set this up on your laptop, even if you have it set up at the router level. Another case for applying a separate DNS for your computers is if you want to set a higher restriction at that level. For example, setting your router to Protected DNS is a great start and then setting kids’ computers (or phones) to Family will add even more protection for them.

For Windows computers:

  1. From the Start menu, click on the Control Panel.
  2. Click Network and Internet > Network and Sharing Center > Change adapter settings.
  3. Click Change adapter settings.
  4. Right click on the network for which you would like to configure Canadian Shield.
  5. Select Properties.
  6. Select Internet Protocol Version 4 and Internet Protocol Version 6.
  7. Click Properties.
  8. Click Use the following DNS server address.Note: If you have not already noted down the existing DNS server IP addresses, make note of them.
  9. Replace the existing DNS addresses with one of the following:
    1. For Private, enter:
      • IPv4: 149.112.121.10 and 149.112.122.10
      • IPv6: 2620:10A:80BB::10 and 2620:10A:80BC::10
    2. For Protected, enter:
      • IPv4: 149.112.121.20 and 149.112.122.20
      • IPv6: 2620:10A:80BB::20 and 2620:10A:80BC::20
    3. For Family, enter:
      • IPv4: 149.112.121.30 and 149.112.122.30
      • IPv6: 2620:10A:80BB::30 and 2620:10A:80BC::30
  10. Click OK.
  11. Click Close to save your settings.

For macOS computers:

  1. From the Apple menu, select System Preferences.
  2. Click Network.
  3. Select the network for which you would like to configure the Canadian Shield DNS servers.
  4. Click Advanced.
  5. Click the DNS tab.
  6. Click the “+” button to add or replace the IP addresses. Do the following:
    1. For Private, enter:
      • IPv4: 149.112.121.10, then click the “+” sign and enter 149.112.122.10
      • IPv6: 2620:10A:80BB::10, then click the “+” sign and enter 2620:10A:80BC::10
    2. For Protected, enter:
      • IPv4: 149.112.121.20, then click the “+” sign and enter 149.112.122.20
      • IPv6: 2620:10A:80BB::20, then click the “+” sign and enter 2620:10A:80BC::20
    3. For Family, enter:
      • IPv4: 149.112.121.30, then click the “+” sign and enter 149.112.122.30
      • IPv6: 2620:10A:80BB::30, then click the “+” sign and enter 2620:10A:80BC::30
  7. Click OK.
  8. Click Apply.

Again, once you’ve taken those steps, click the Test my configuration button on the setup instructions page. If the configuration fails, check your settings again.

Smartphones/tablets

If you’ve properly configured CIRA Candian Shield on your router, your smartphones and tablets will be protected while they are using your home Wi-Fi. However, we take our smartphones wherever we go and once you leave your home, you will no longer be protected. Fortunately, CIRA has also developed an Android and iOS app. Depending on your smartphone, visit the Google Play Store for the Android app or the Apple Store for the iOS app.

Once installed, open the app and select if you want Private, Protected, or Family level security and you’ll be good to go. You may have to accept some permissions needed for the app to run properly. After you’ve done that, your phone will have malware and phishing protection regardless of whatever network you’re on.

The app does offer up a CAD$1.99/mth premium subscription that also adds Secure Wi-Fi and Wi-Fi bonding features should you desire.

What do you think about the CIRA Canadian Shield program and its free malware and phishing protection, private DNS, and more for Canadians? Let us know in the comments below or on Twitter, Facebook, or MeWe.

Comments
To Top