What is DNS Based Web Filtering?

If you have arrived on this page, you will no doubt be looking for information on DNS based web filtering. Before covering why DNS based web filtering is so important, it is useful to first explain the role DNS based web filtering plays in cybersecurity, and provide a simple explanation of what the DNS is and why it is essential to the correct functioning of the internet.

DNS Based Filtering is Important for Cybersecurity

Picture this common scenario in healthcare. A worker receives a security alert email that requires them to login to their Office 365 account immediately. The message appears to have come from the IT department, and the sender name looks correct. The user clicks the hyperlink and is directed to a website where they are presented with the Office 365 login prompt they are familiar with. Login credentials are entered, and the security issue is resolved. Except it isn’t. The user has been phished. Everything about this exchange appeared correct but nothing was. The message was fake, the website was faked, and the attacker obtained their credentials.

There are many other ways that a user could arrive at a malicious website. They could be redirected to the site by a malicious advert, or they could navigate to a genuine website that has been hacked and is being used to host malicious content that is silently downloaded.

These cyberattacks are occurring every day in great numbers and blocking these attacks can be difficult. Taking the phishing attack as an example, there are several points where control measures can be implemented to block the attack. An email security solution can be used to prevent the message from reaching the user’s inbox. The user can be trained how to recognize a phishing email. The attempt to visit the malicious website can be blocked using a web filter, and multi-factor authentication can be used to prevent the stolen credentials from being used to remotely access the account. Having antivirus software on endpoints will also help in the event of a malware download.

All of these measures are important as no single cybersecurity solution can block all attacks. By having several overlapping layers of security, if any one solution fails, another one, two or three measures are in place to continue to provide protection. DNS based filtering is an important part of cybersecurity defenses that it is utilized by web filtering solutions to prevent users from visiting malicious websites. It is, however, a cybersecurity measure that is often not implemented.

What is DNS?

To understand how DNS based web filtering works, it helps to know a little about the Domain Name System (DNS) that it uses. In order to display a website, the user’s browser must know where to look for the website. A domain name such as hipaajournal.com doesn’t tell the browser where the site is located. It could be hosted in any country on any web server. The location of the site must be discovered through the DNS. A query is sent to the DNS, which matches the domain name with its IP address, the unique identifier that pinpoints the exact location of the website. The DNS tells the web browser the IP address, which allows the website to be located and loaded.

The role of the DNS is simple. It matches a domain with an IP address. It therefore acts like a smartphone contact list. Like a smartphone contact list, the directory of information is not stored in one place. It is distributed around the world on domain name servers that all talk to one another. Information is also cached locally for speed. The DNS system is extremely efficient. A DNS lookup will take about a tenth of a second. It was developed to be extremely fast but some 30 plus years ago security wasn’t really a major concern. Cybercriminals have now devised ways of manipulating the DNS for malicious purposes. For example, false records can be inserted into the DNS, termed DNS cache poisoning, to direct users to malicious websites. It is therefore important to secure the DNS.

What is DNS Based Web Filtering

DNS based web filtering is a method of securing the DNS against attack and ensuring a safe browsing environment. DNS based filtering is used to block attempts by users to visit malicious websites, such as those used for malware distribution or phishing. Instead of an organization using their own DNS infrastructure to find websites, which can be vulnerable to attack, the DNS infrastructure is changed to a third-party service provider. That service provider maintains a database of categorized websites and webpages and the DNS lookup is conducted through the service provider. There is no impact on the speed of lookups, so end users will not notice any change. The difference is, in the most part, they will only be allowed to access safe websites. If they attempt to visit a website and it is not malicious, they will be connected to the appropriate IP address. If the website they are attempting to visit is determined to be malicious or highly suspect, they will instead be directed to a local IP address that hosts a DNS block page advising them they have been prevented from connecting. They could be prevented from connecting to a website or webpage for three reasons:

  1. The website they are trying to reach does not exist
  2. The website was found to host malicious content
  3. The website violates their organization’s internet usage policy

The attempt to visit the website will be recorded through DNS logging so administrators of the DNS based web filtering solution (your IT security team) will be able to check the access attempt and take appropriate action.

Benefits of DNS Based Web Filtering

DNS based web filtering has a huge benefit over other forms of internet control. Since it uses DNS, it is exceptionally quick. There is no latency and internet speed is unaffected. A cloud-based DNS filtering service requires no appliance purchases nor software downloads. You simply use the service provider’s DNS infrastructure, which is as simple as using a DNS redirect to the service provider’s DNS servers. DNS based web filtering facilitates scale. You are not confined by the limited capacity of appliances. To all intents and purposes, you can scale up cloud-based DNS filtering protection for any number of users.

Setting up a DNS based web filter is quick and easy and you get almost immediate results. In a few minutes you can be blocking access to malicious websites and enforcing your internet usage policies. DNS based filtering solutions integrate with Active Directory and LDAP, so it is easy to set controls for the entire organization, different locations, user groups, by role, and for individuals.

You also get full visibility into the online activities of the entire workforce through a web-based management console which you can use to run reports and set internet control policies with a high degree of granularity. Modern web filters do not cause problems with overblocking of web content as category-based and keyword-based filtering is now far more accurate. What you get is a safe, clean internet service that is largely free of threats. You won’t block every web-based threat, but you will be able to significantly improve your security posture.

In summary, using a DNS based web filtering service will allow you to:

  • Block access to malicious and risky websites
  • Block malware downloads
  • Create a safe and secure browsing environment for network users, Wi-Fi users, and guests
  • Enforce internet usage policies
  • Prevent users from accessing inappropriate and NSFW content
  • Improve productivity by blocking access to internet productivity sinks
  • Limit the potential for HIPAA violations by blocking access to messenger services, personal webmail, and social media networks