What is DNS Filtering?
What is DNS filtering, how does it work, and why is it such an important cybersecurity measure for blocking phishing and malware attacks? In this post we will explain why DNS based filtering is so important and the benefits of internet content control for cybersecurity.
What is DNS Filtering?
The Domain Name System (DNS) is an integral part of the internet and is used to match alphanumeric domain names with the unique IP addresses that allow websites to be found by computers. When a request is made by a user to access a website by typing a URL into their browser or by clicking a hyperlink, before a connection is made the location of the website must be determined and that requires an IP address.
To find the IP address for a website a query is sent to a recursive DNS server. The recursive DNS server will contact other DNS servers to find the IP address. When the DNS lookup has been completed and the IP address found it is passed to the web browser, a connection is made, and the web content is loaded in the browser. The DNS is incredibly efficient at matching domain names with their IP addresses and the multi-step process is completed in a fraction of a second.
The DNS allows the location of websites to be found to enable the sites to be displayed in browsers, but no distinction is made between benign and malicious content. DNS filtering is a method used to filter out undesirable and malicious content.
The DNS is used as a basic, fast, low-bandwidth filter to make it harder for users to access malicious web content such as sites hosting phishing kits, exploit kits, or malware. Controls can also be applied to prevent users from visiting illegal or otherwise prohibited web content.
Using DNS Filtering for Web Security
Rather than using standard DNS infrastructure to perform DNS lookups and discover IP addresses, a DNS filtering service provider is inserted into the process. A service provider maintains a database of categorized websites that have been determined to be safe, along with blacklists of webpages that are not.
When users try to visit websites, the service provider will only provide DNS lookup requests if the website is safe and has not been blacklisted. Since websites have been categorized, content controls can be applied. If the administrator has set policies prohibiting the accessing of gambling websites, dating sites, gaming sites, and pornography, a connection to those sites will not be permitted.
With a DNS filter in place, when a user attempts to access a malicious or prohibited website, they will be directed to a local DNS block page and will be informed that the website cannot be accessed. By using this method of internet content control, costly phishing attacks, malware infections, and data breaches can be prevented.
Cost of a DNS Filtering Service
There are many DNS filtering service providers that offer DNS filtering for business users. At the lower end of the price spectrum you will be able to find a solution that can block malicious web content and allow you to control the content your users can access on or off the networks. At the upper end of the price spectrum are some comprehensive cloud security solutions that incorporate a DNS filtering service, but also provide a cloud-delivered firewall, and a host of advanced features.
The starting price for an effective, easy to use, DNS filtering service is around $1 per user, per month. The most advanced DNS filter with comprehensive cloud security features will cost you upwards of $5 per user per month.
DNS filtering is a fast and effective method of exercising control over the content that can be accessed by network uses and an important cybersecurity measure to prevent users from navigating to malicious web content. A DNS filter can be configured to block downloads of files frequently associated with malware and a DNS filter also acts as protection against the installation of shadow IT.
With a DNS filter in place, it is possible to block the majority of online threats before any harm is caused.
A DNS filter will allow you to:
- Block the web-based component of phishing attacks
- Prevent malware and ransomware downloads from the internet
- Control the web content employees can access to avoid HR issues
- Control bandwidth use
- Limit productivity losses
Is it possible to get a real-time view of Internet access?
Many web filtering solutions allow you to monitor the Internet activity of employees in real time, generate automatic alerts if attempts are made by users to bypass filtering controls, and regular reports can be scheduled that give full visibility into the online activities of employees.
Can a DNS filter be bypassed?
The most common way for DNS filters to be bypassed is to use anonymizer services. Web filters can be configured to block access to anonymizer services to prevent filtering controls being bypassed. You should ensure that DNS settings are locked down to prevent them being changed by employees. Some filtering service providers have mechanisms that allow filtering controls to be temporarily bypassed which can be activated by system administrators if required.
Should I enable SSL inspection?
Most websites now use Hypertext Transfer Protocol Secure (HTTPS) and encrypt the connection between the browser and the website. If SSL inspection is not enabled, the content of a web page cannot be checked. Since threat actors also use HTTPS, it is important to enable SSL inspection otherwise many threats will go undetected.
Can I apply different filtering policies for individual employees?
Most web filters will allow you to set organization-wide filtering controls and different web filtering settings for departments, user groups, and individual employees. If you choose a web filtering solution that integrates with your directory service (AD or LDAP), setting filtering policies for different users and user groups will be straightforward.
Can a DNS filter be used to control bandwidth use?
Yes. DNS filters are often used for controlling bandwidth to ensure sufficient bandwidth is available for all users. Often companies set time-based controls that restrict access to bandwidth-draining websites during the busiest times, and ease restrictions when demand on bandwidth is lower.