A Guide to DNS Filtering - Under the Covers
DNS is both an interpreter and roadmap for the Internet. Users love friendly names while their devices and favorite websites utilize IP addresses. DNS maps friendly names to IP addresses. Normally, when the browser queries a DNS server, an IP address is returned, allowing the browser to open the website at the specific IP address. This process is duplicated for cloud applications and web protocols as well.
DNS filtering is designed to combat malware, spam, child pornography and other dangerous sites on the web. In those cases, the DNS server filters the request and blocks it rather than return an IP address. It is also useful for organizations that want to protect internal assets by blocking known malicious sites. This function is normally conducted at the router level by blocking IP addresses or filtering ports. For those without the luxury of high-end routers, DNS filtering is great alternative.
How important is DNS in security?
Due to its critical function within both the Internet and the enterprise, DNS is a primary target for hackers so securing it is imperative. An effective security strategy entails not only blocking malicious queries but also servicing good queries as well. DNS plays a judicious role in a layered network security strategy in which multiple approaches to cyber defence are required. This multi-tiered approach reduces the possibility of a successful hacking attack.
Is DNS Filtering Really the Answer?
In recent years, government bodies have attempted to introduce new ways to protect victims at the source of Internet traffic. Unfortunately, these standards are legislated by people who do not fully understand the implications of their actions. The Internet already uses a myriad of web filtering options. Organizations filter at the router level while search engines use heuristic methods to detect IP addresses that host malicious content. Web filtering software and antivirus programs block websites and downloadable suspicious content using executable footprints. All of these methods have collaboratively worked well but attackers are constantly looking for ways to circumvent protection.
DNS remains a vulnerable highly targeted component for exploits and cyberattacks. For instance, DNS replies can be spoofed, or created with false information, to redirect users from legitimate sites to malicious websites. Targeting the exploits of cybercriminals however is challenging at best due to the scalability of the Internet. Attackers constantly register new domain names and move to "clean" neighbourhoods. As soon as any security m