To those unfamiliar with DNS filtering, it is a form of web filtering that is used to filter out unwanted and undesirable web content, whether that is webpages containing objectionable material such as pornographic images or cyber threats such as websites used for phishing or malware distribution.
The Domain Name System (DNS) is what makes it possible for websites to have easy-to-remember domain names. A domain name, such as google.com, is easy for people to remember, but no use to a computer, which requires an IP address to find that resource on a remote server. The DNS is used to convert a domain name into its corresponding IP address, and DNS filtering is web filtering that takes place at the DNS lookup stage of a web request before a connection is made to the server hosting the web content.
DNS Filtering Myths
DNS filtering has several advantages over standard web filtering. Filtering occurs before any content is downloaded, which is better for speed and security. With DNS filtering, there is next to no latency – page load speeds are unaffected.
Many businesses fail to appreciate the importance of DNS filtering, after all, what is the point of blocking malware and ransomware threats on the Internet when antivirus software is installed on all end points? While AV software is effective at blocking known malware threats, it will not block new threats that have not been seen before, as the signatures of those malware variants are not in the virus definition lists of AV software. New variants of old malware versions are constantly being released to bypass signature-based AV defenses, so additional protection is needed. DNS filters can block these threats based on the reputation of IP addresses and will block downloads of file types associated with malware.
DNS filtering also improves defenses against phishing attacks, which all too commonly result in costly data breaches. Phishers are constantly devising new methods to get their emails into inboxes and trick end users into clicking on links and disclosing their credentials. Spam filters will block most of these messages but not all, and security awareness training only goes so far. A web filter will block access to phishing content and can significantly improve an organizations’ phishing defenses. When links to phishing websites are clicked the request is blocked and DNS filter logs will show which links were clicked. That can help to improve the effectiveness of spam filters and security awareness training programs.
DNS filters are also used for content control. Most businesses will have acceptable Internet usage policies in place, and employees will be aware of the risks of accessing prohibited web content, but DNS filters are ideal for enforcing those policies. Thew can prevent lawsuits from downloads of copyright infringing cracked software and other pirated content onto business network or users’ devices.
There is a common misconception that DNS filtering is complicated and time consuming when that is not the case. A DNS filtering solution is actually very quick and easy to configure. Simply point the DNS to the service provider, and you can set your filtering controls quickly and easily through the user interface. WebTitan for instance can be up and running in around 30 minutes and after the initial set up and little ongoing maintenance is required.
Another common misconception is that DNS filters are easy to bypass. While no web filtering solution is impossible to bypass, it is fairly easy to ensure that most users will not be able to bypass the filtering controls. You just need to configure the solution to block proxies and anonymizers and lock down the DNS settings. It is also recommended to block DNS requests to anything other than your approved DNS service at the firewall for good measure.
If you have your own, locally hosted, internal DNS server, you should allow only port 53/UDP outbound requests from your internal DNS server’s internal IP address to the external IP addresses of the primary and secondary DNS servers that your internal DNS server is configured to use. That means local computers query your local DNS server, and only your DNS server queries the web filtering DNS service on the Internet.
Key Benefits of DNS Filtering
- Block access to malicious and risky websites with no latency
- Enforce acceptable Internet usage policies
- Block malware downloads and file downloads associated with malware
- Prevent users from visiting phishing websites
- Block copyright infringing file downloads
- Protect against zero-day malware threats
- Have highly granular control over the content that network users can access
- Protect employees and devices when they are working off-site
- Stop employees from accessing productivity-draining websites
DNS Filtering with WebTitan
WebTitan Cloud offers a quick, easy, and painless way for businesses to filter the Internet and block malicious and undesirable web content. WebTitan can be used to apply filtering controls to users of wired and wireless networks, with controls effective no matter where employees use their devices to access the Internet – in the office, while travelling, or working remotely.
WebTitan Cloud uses three mechanisms for filtering the Internet – First there are SURBL & URIBL filters to block access to known malicious web content, then there are category filters – 53 pre-set categories plus customizable categories – that are used to block content such as pornography, gambling, gaming, and dating sites, and the third tier involves keyword filters that fine tune category controls and block sites based on the presence of keywords and web pages that exceed certain keyword scores.
WebTitan Cloud can be configured to block certain files from being downloaded, acceptable Internet usage policies can easily be applied, and sites can be easily blacklisted using third-party blacklists, or whitelisted to ensure they can always be accessed.
When an attempt is made to visit a prohibited website, the request will be denied, and the user will be directed to a customizable local block page. All web activity is logged, and it is easy to see what requests have been made, the access attempts that have been allowed or blocked, and what content has been viewed, with extensive reporting and real time views of Internet activity.
The result is total control over what users can access and full visibility into Internet activity, while greatly improving cybersecurity by blocking web-based threats.
With WebTitan you get:
- Best-in-class malicious URL detection
- Malware, phishing, and ransomware protection
- Real-time filtering
- Instant categorization of web content
- Infinitely scalable DNS filtering
- Flexible policies
- An extensive web filtering API allowing incorporating into existing monitoring systems
- Immediate live updates
- Zero-day updates to protect your customers as threats arise.
- No bandwidth limits
- No latency issues
- Remote management and monitoring
- SSL is supported
- Multiple hosting options
- Flexible pricing policies
- Low-cost web filtering
For more information about DNS filtering in general, the WebTitan suite of DNS filtering solutions, or to book a product demonstration or to register for a free trial, give the TitanHQ team a call.