DNS stands for Doman Name Systems and it is considered by many to be the so-called “phonebook” of the Internet. Anytime that a user wants to access to the Internet and visit sites such as YouTube, USA Today, or the Washington Post, that user is accessing information through online domain names. To do so, web browsers interact with the Internet Protocol (IP) address of that domain name.
What is DNS? What is DNS Filtering?
DNS is referred to as the phonebook of the Internet because when the web was in its infancy, user web traffic on networks required knowledge of the exact IP address in order to visit a site. Rather than typing in something such as “www.google.com,” the user would have to type in the specific IP address numbers. Domain Name Systems was born in the 1980s to automatically map IP address for various websites to the domain names, making it easier for people to browse the Internet and connect directly to specific sites.
DNS directories match domain names to IP address connecting to a network of servers around the world. No one server would be capable of housing all the world’s domains. Instead, a server network exists that allows users to access the same website through different IP address. For example, someone attempting to reach Google.com in Australia is likely to connect through a different server and IP address than a user typing that same domain name into a device in the United States.
Domain Name System filtering, or DNS filtering for short, is a means of blocking access to particular websites, pages, or IP addresses. A DNS filtering configuration restricts access to certain types of web browsing content and is capable of blocking most malicious websites that might expose a singular device or broader network to phishing malware, phishing attacks, and malicious websites.
How Does DNS Filtering work?
As already mentioned, DNS exists to make it easier for a user to connect to particular domain names without knowing the full IP address. DNS filtering offers a form of web security by exposing a request to certain controls. When a user types in the names of websites he/she wants to visit, DNS filters subject that request to controls to ensure that any given domain is safe to visit. For example, known malicious websites and IP addresses are blocked. These websites may already be listed on blacklists or the DNS filtering service’s web filters may recognize a particular domain as being malicious in nature.
Instead of simply connecting the user directly to a malicious site and exposing a device or network to security risks, DNS filtering redirects the individual to a local IP address with a block page that explains the reason that the site or sites are not accessible. DNS filtering can take place at a router level, via an ISP provider, or through a third-party web filtering service, such as a cloud service provider.
What are Content Filters?
Content filtering is a program that is available to screen and exclude access to websites deemed objectionable based on the content. Corporations typically use content filtering as part of an Internet firewall, but it is also used on an individual level for personal device security to protect computers and the user from exposure to objectionable and potentially dangerous content.
How Does Content Filtering Work?
Content filtering is a form of DNS filtering that typically works by identifying specific character strings that, if matched together, point to the undesirable nature of certain content. The content filter would then screen out sites or an individual domain with content that is malicious, inappropriate, or generally undesirable. A common example is the use of content filtering on a business network to block access to pornographic content. It can also be used to restrict access to any sites with content that is deemed violent or hate-oriented in nature.
What is DNS Filtering and Redirection?
DNS redirection is an additional DNS filtering tool that blocks access to sites based on reputation, in most cases. The reputation of sites on the web is tracked and can be blocked with DNS redirection because of known issues with phishing, malicious content, and malware, as well as the existence of poor malware protection and other security risks. DNS redirection works with a web browser to check individual websites a user tries to visit against a list of known sites with phishing malware and security concerns.
How does the Filter Know Which IP Addresses to Block?
How a filter determines which IP addresses to block comes down to configuration. The default DNS filtering from a cloud service provider offers a modest level of protection against malware. More advanced configurations boost the security of a DNS filtering service by also blocking phishing sites and vulnerable websites that have previously suffered security breaches that include viruses, spyware, adware, ransomware, and other browser hijacking instances.
Whether in the home or in a business setting, an individual user can put in place additional filters for particular sites or content. For example, businesses may block access to social media sites such as Facebook and Twitter to ensure productivity levels are maintained in the workplace. It is also possible to block access to content categories and websites based on individual user groups, but that will be discussed in-depth below.
Will a DNS Filter Block all Malicious Websites?
Although DNS filters use the reputation of websites and a blacklist to prevent web access to malicious websites, it is not quite possible to achieve 100% web security for a business or personal network. A hardware or software program on an individual device or group network tends to have a lower success rate in blocking malicious websites when compared to DNS security provided by a cloud service provider. Cloud-based DNS filtering and web filtering is more responsive to changes in the reputation of particular sites and the addition of certain websites to blacklists that track known malware and phishing offenders.
How is DNS Used by Hackers?
Hackers can subvert DNS filtering efforts through a tool known as DNS hijacking. This occurs when a cybercriminal takes control of DNS traffic on a specific network or domain. The compromised DNS server is used to return fake IP addresses to a user device when it asks for a specific website address.
What is the Difference Between Secure Web Gateway and Firewall?
A firewall is a software program that puts in place rules that determine access for data packets leaving or entering a network server. The firewall sifts web traffic and attempts to mitigate any possible security risks. A Secure Web Gateway is a more robust form of security for a network server or individual device. A Secure Web Gateway monitors and restricts suspicious malware traffic and data on a network. It is better able to secure a network server from web-based threats, malicious content, products, services, and website. Secure Web Gateways typically use various layers of inspection, such as URL filtering, data leakage prevention, and application-level controls.
What are the Potential Pros and Cons of Content Filtering?
Content filtering as a part of a DNS filtering service has its pros and cons. In a business setting, content filtering ensures the security of each individual device and server on the broader network by blocking access to sites known to harbor malware, phishing, and other malicious content. Content filtering, as mentioned earlier, can also be used to ensure productivity and focus in the workplace by blocking access to certain types of websites, such as pornographic sites, streaming sites (Netflix or YouTube), and even social media.
However, it is also possible that content filtering could potentially impact the productivity of certain departments within a company. For example, while social media can be a drain on focus for most employees by distracting them from projects, the case can be made that an individual user or users within the marketing department require access to social media sites as part of their daily job requirements.
What is an Internet Use Policy and What are Some Best Practices for Creating One?
An Internet Use Policy is a guideline employees within a business must follow as it pertains to their Internet access and usage while on the job. Such a policy can serve as an additional layer of defense for the organization to help prevent exposure to malware without putting in place specific configurations and security features as part of DNS filtering. As you consider how to apply such as policy for Internet usage, you may find the following best-practices useful in crafting a strong, sensible Internet Use Policy:
- Specific Internet Use – blocking social media sites (except for marketing team members), pornographic sites, gambling sites, and shopping sites.
- Making Exceptions – beyond social media for certain departments, consider the value of music streaming services that help employees focus and can boost mood and/or productivity in the process.
- Security steps – preventing the use of public WiFi on a company device, scheduling anti-virus, and anti-malware security updates, preventing employees from opening email attachments or links that are not expected.
DNS filtering, content filtering, and an Internet Use Policy are all part of a broader effort to prevent harm to business networks, an individual server, and employee devices. This is for the protection of both the business and its customers because it ensures operations continue as normal while also providing one layer of a security solution to protect the data of customers.
DNS web services providers offer the quickest setup and the most robust protection because security measures are monitored and updated by the provider on a regular basis. Avatara’s cloud DNS filtering system offers predictive security that identifies suspected threat origins, monitors for real-time threats, and continually works to protect your network from intrusions.