DNS Internet Filter
You can keep hackers at bay with a firewall, you can block email threats with a spam filter, and a DNS internet filter allows you to control the websites your employees can access and block web-based threats such as exploit kits, drive-by malware downloads, and phishing attacks.
How Does a DNS Internet Filter Work?
When an attempt is made by a user to visit a website, before they can be connected the IP of the website must be found. The DNS – Domain Name System – is used to find the IP address. A request is sent to a recursive DNS server, which contacts other servers looking for the IP address. The domain name is then matched with its IP address, and the IP address is then passed to the browser.
With a DNS internet filter in place, when the request is sent to a DNS server, before the IP address is returned, filtering controls are applied. A check is performed to see if the URL is on a blacklist of sites. Checks will also be performed to determine if the website violates administrator-defined policies. If these checks are passed, the user will be allowed to access the desired web resource. If any of the checks fail, the IP address will not be provided and the user will be directed to a DNS block page that informs them the website cannot be displayed.
Will a DNS Filter Block all Malware and Ransomware Threats?
A DNS filter will reduce the risk of a malware or ransomware infection, but it will not block all web-based threats. A DNS filter can only be used to block websites known to be used for malicious purposes and sites with questionable reputations. DNS internet filters can also be configured to block attempts to download certain types of files, such as executable files, to reduce the risk of a malware infection and to prevent the installation of shadow IT.
With a DNS filter in place, the risk of a malware download or phishing attack can be significantly reduced, but it is still important to provide security awareness training to employees and to implement endpoint security solutions on all devices.
Is it Possible to Bypass a DNS Internet Filter?
To implement a DNS filtering service, you simply change your DNS settings to point to your service provider’s DNS server. If an end user wants to bypass a DNS block, they will need to use a different DNS server. DNS filtering services will only work if the service provider’s DNS servers are used. An end user could bypass the DNS filter by making a change to the DNS settings on their computer. You must therefore lockdown your DNS settings to make sure they cannot be changed.
It is also possible to bypass a DNS filter using an anonymizer service. As far as the DNS filter is concerned, the user will be on the anonymizer website, not that actual website they are viewing. However, most category-based DNS filters allow users to block access to anonymizer services.
Determined employees may be able to find a way to bypass DNS-based filters so it is important to make it clear that attempts to do so will result in sanctions. For most employees however, the safeguards that can be implemented to prevent DNS filter bypasses will be sufficient.
How Much Does a DNS Internet Filter Cost?
A DNS filtering solution will cost substantially less than a phishing attack or malware infection and the productivity gains that can be made from limiting access to certain types of websites mean a DNS-based internet filtering solution will more than pay for itself.
The cost of a DNS internet filter can vary considerably from provider to provider. For a product such as Cisco Umbrella, a business may have to pay $3 per user per month. Lower cost solutions such as WebTitan Cloud are approximately $1 per user, per month. For most businesses, the lower cost solution will provide ample protection from web-based threats while allowing them to easily apply content controls.