LuJam combines threat intelligence from a wide range of sources to provide the best protection we can for our customer networks. Before going on to look at what sites we block, it's important to say that a blocked site shouldn't be cause for concern -- the connection has been blocked and nothing bad has happened. However, if you do see significant numbers of sites being blocked (e.g. hundreds or thousands per day) this could indicate a problem and you should get in touch with our support team as soon as possible.
We collect all blocked sites together into three categories:
- suspicious: this covers a range of sites, including know malware, crypto jacking, piracy, and phishing sites. It also includes less obvious activities including dynamic DNS services and HTTP proxies that can be used to bypass your company's security and HT policy. As malware is always evolving, we also block registered domains that have gone live in the last 24-hours: typically over 80% of these are associated with criminal activity. These are blocked for a 24-hour period to allow our other intelligence feeds to catch up.
- ads: this relates to online advertising. While they do take up part fo your screen and need to be downloaded via your Internet connection, they are not a security risk. However, ad trackers are a huge privacy risk, and have led to significant legislation being introduced (GDPR probably being the most well known in Europe). If anyone has any doubt on this issue, please spend a few minutes reading this article. At LuJam we want to protect your privacy as much as we want to make you secure. As such, we block a whole range of ad sites. This does cause some problems, but we believe it's worth the extra effort. If you disagree, we'll happily disable your ad blocker for your network.
- others: this relates to a range of sites that may not be appropriate to be viewed at work. While it does include adult and gambling sites, it also includes a range of new papers, magazines, and even a number of political sites, such as Hansards. At LuJam, no one has access to see which sites you visit, so feel free to white list any sites you are happy for your team to access in the office.
As we value your privacy, we only provide information on devices that have accessed suspicious sites. All other types of access (ads and others) are rolled up and marked as 'general': as there is no security risk associated with these attempted accesses, we do not allow the LuJam network admin to have access to this information. The only exception is businesses that involve children, such as schools, sports clubs etc. For these networks, the weekly update will include a full listing of devices that attempted to access sites covered by the 'others' category. If you think your network should be receiving this information, please raise a ticket with our support team.
What does the orange triangle mean?
LuJam provides what is known as a DNS firewall: basically, we can only block sites that have been requested via DNS lookup. In a normal environment, this should account for 99% of all activity. However, there are ways for people to bypass this type of security. While this should be rare, it can be quite common in the service industry, where team members may have a lot of spare time while waiting for customers etc. When LuJam doesn't see the expected DNS lookups happening, the device will be flagged with an orange triangle, and will appear in the weekly update email. If this happens, feel free to get in touch with our support team, who will talk you through how to resolve the issue.