In this post we explain what a DNS filter is, why DNS filtering is important for cybersecurity, and other advantages of DNS filtering, but first it is useful to explain what the DNS is and why it is essential to the correct functioning of the internet.
What is the Domain Name System?
The Domain Name System (DNS) is the brainchild of Paul Mockapetris. In 1983, Mockapetris and his team developed the DNS to support the growth of email communications on the Advanced Research Projects Agency Network (ARPANET), long before the creation of the internet in 1989. The DNS was created to allow the use of alphanumeric domain names rather than IP addresses that are difficult to remember. What was needed was a decentralized model that allowed lookups to be performed quickly to match domain names with their IP addresses.
When you type in a domain name into your web browser, a DNS lookup is performed. A query is sent to a recursive DNS server, which then makes contact with other DNS servers to find the web server hosting the domain. If the website exists, a reply is received with the correct IP address which is passed to the browser. This process is very efficient and fast. Even if multiple servers need to be contacted, the process takes just a fraction of a second.
What is a DNS Filter?
A DNS filter uses the DNS to exercise control over the websites that can be accessed on a computer, laptop, tablet or smartphone. A DNS filter prevents individuals from accessing malicious websites such as those hosting exploit kits, malware, viruses, and phishing forms and is also used to enforce their internet usage policies and block access to productivity sinks such as social media networks and not suitable for work (NSFW) web content such as pornography.
DNS filtering service providers maintain a database of categorized websites. When a request is made by a user to access a particular website, the DNS filtering solution will only return the IP address of a website if it does not violate policies set by the administrator.
If an attempt is made to access a malicious or otherwise prohibited website, rather than allow the website to be accessed, the user will be directed to a local block page that advises them that the website cannot be accessed because it violates their organization’s policies. If the requested website is deemed safe and acceptable, the IP address will be provided, and the user will be directed to the requested website.
DNS Filtering takes place instantaneously. There is next to no latency with a DNS filter. The speed at which a connection is made to a website is unaffected, which is why this method of web filtering is so popular. With a DNS filter in place, all users connecting to the Wi-Fi or wired network will be provided with a safe browsing environment.
Why is a DNS Filter Important for Cybersecurity?
Accessing the internet is not without risk. Cybercriminals hijack websites and use the sites to host phishing kits that obtain login credentials. Websites are also used for distributing malware and ransomware. If DNS filters or other types of web filters are not used, there will be nothing preventing users from accessing malicious web content.
A DNS filter will block websites that are known to be malicious and can be configured to block risky websites; sites that may not be malicious but have potential to cause harm. Controls can also be put in place to prevent the downloading of certain file types, such as .exe, .js, and .scr files which are often associated with malware.
A DNS based web filtering solution is constantly updated with threat intelligence on newly created malicious websites. These zero-day updates ensure all users remain protected and are prevented from accessing harmful web content.
DNS filters are now an essential party of the security stack. They add an important extra layer of protection against malware, ransomware, and phishing attacks.