In this post we explain what a DNS filter is, why DNS filtering is important for cybersecurity, and other advantages of DNS filtering, but first it is useful to explain what the DNS is and why it is essential to the correct functioning of the internet.
What is the Domain Name System?
The Domain Name System (DNS) is the brainchild of Paul Mockapetris. In 1983, Mockapetris and his team developed the DNS to support the growth of email communications on the Advanced Research Projects Agency Network (ARPANET), long before the creation of the internet in 1989. The DNS was created to allow the use of alphanumeric domain names rather than IP addresses that are difficult to remember. What was needed was a decentralized model that allowed lookups to be performed quickly to match domain names with their IP addresses.
When you type in a domain name into your web browser, a DNS lookup is performed. A query is sent to a recursive DNS server, which then makes contact with other DNS servers to find the web server hosting the domain. If the website exists, a reply is received with the correct IP address which is passed to the browser. This process is very efficient and fast. Even if multiple servers need to be contacted, the process takes just a fraction of a second.
What is a DNS Filter?
A DNS filter uses the DNS to exercise control over the websites that can be accessed on a computer, laptop, tablet or smartphone. A DNS filter prevents individuals from accessing malicious websites such as those hosting exploit kits, malware, viruses, and phishing forms and is also used to enforce their internet usage policies and block access to productivity sinks such as social media networks and not suitable for work (NSFW) web content such as pornography.
DNS filtering service providers maintain a database of categorized websites. When a request is made by a user to access a particular website, the DNS filtering solution will only return the IP address of a website if it does not violate policies set by the administrator.
If an attempt is made to access a malicious or otherwise prohibited website, rather than allow the website to be accessed, the user will be directed to a local block page that advises them that the website cannot be accessed because it violates their organization’s policies. If the requested website is deemed safe and acceptable, the IP address will be provided, and the user will be directed to the requested website.
DNS Filtering takes place instantaneously. There is next to no latency with a DNS filter. The speed at which a connection is made to a website is unaffected, which is why this method of web filtering is so popular. With a DNS filter in place, all users connecting to the Wi-Fi or wired network will be provided with a safe browsing environment.
Why is a DNS Filter Important for Cybersecurity?
Accessing the internet is not without risk. Cybercriminals hijack websites and use the sites to host phishing kits that obtain login credentials. Websites are also used for distributing malware and ransomware. If DNS filters or other types of web filters are not used, there will be nothing preventing users from accessing malicious web content.
A DNS filter will block websites that are known to be malicious and can be configured to block risky websites; sites that may not be malicious but have potential to cause harm. Controls can also be put in place to prevent the downloading of certain file types, such as .exe, .js, and .scr files which are often associated with malware.
A DNS based web filtering solution is constantly updated with threat intelligence on newly created malicious websites. These zero-day updates ensure all users remain protected and are prevented from accessing harmful web content.
DNS filters are now an essential party of the security stack. They add an important extra layer of protection against malware, ransomware, and phishing attacks.
Will a DNS filter protect against phishing attacks?
A DNS filter will be updated by threat intelligence feeds that will ensure that known phishing webpages are blocked. New sites will be assessed in real-time and blocked if determined to contain phishing forms. A DNS filter will block access to phishing websites no matter how access is attempted, including web browsing or via links sent via email, SMS, social media, or instant messaging services.
How can I use a DNS filter to control access to certain websites?
DNS filters offer several methods of controlling online activity. The easiest to implement are category-based controls, such as blocking adult content or gambling websites. Keyword-based controls can also be applied to block access to websites containing certain keywords. You can also use blacklists to prevent viewing of malicious or illegal web content.
What are the main reasons for using a DNS filter?
DNS filters allow you to carefully control the online activities of users connected to your network or those accessing the Internet through your access point. DNS filters allow you to provide a family-friendly browsing environment, block malware and ransomware downloads, prevent users accessing phishing websites, and block access to categories of website or individual websites that violate your policies.
Is DNS filtering expensive?
DNS filtering costs range from around $1 per user per month to $3 or more per user per month, depending on the solution, contract term, and any add-on services. Most businesses that use DNS filtering will recover the cost of the DNS filter by avoiding cyberattacks and the productivity gains from blocking access to non-work-related websites.
How can I tell if the DNS filter is working properly?
You can generate a range of reports through your administration panel that will show you the websites that have been blocked, why they were blocked, any attempts to access prohibited content, and the users who have tried to access restricted websites. The reports will tell you if the filters are working correctly and will help you to fine tune your filtering controls.