DNS filtering is the process of using the Domain Name System to block malicious websites and filter out harmful or inappropriate content. This ensures that company data remains secure and allows companies to have control over what their employees can access on company-managed networks. DNS filtering is often part of a larger access control strategy.
How do DNS filtering services work?
All DNS queries go to a DNS resolver. Specially configured DNS resolvers can also act as filters by refusing to resolve queries for certain domains that are tracked in a blocklist, thus blocking users from reaching those domains. DNS filtering services can also use an allowlist instead of a blocklist (more below).
Suppose a company employee receives a phishing email and is tricked into clicking a link that leads to malicious-website.com. Before the employee’s computer loads the website, it first sends a query to the company’s DNS resolving service, which uses DNS filtering. If that malicious site is on that company’s blocklist, the DNS resolver will block the request, preventing malicious-website.com from loading and thwarting the phishing attack.
DNS filtering can blocklist web properties either by domain name or by IP address:
By domain: The DNS resolver does not resolve, or look up, the IP addresses for certain domains at all.
By IP address: The DNS resolver attempts to resolve all domains, but if the IP address is on the blocklist, the resolver will not send it back to the requesting device.
How does DNS filtering help block malware and phishing attacks?
DNS filtering can help keep malware, or malicious software, out of company networks and off of user devices. It can also help block some kinds of phishing attacks.
1. Blocking malicious websites
A website that hosts malware can either attempt to trick users into downloading a malicious program, or execute a drive-by download: a download of a malicious piece of software that is automatically triggered when the webpage loads. A number of other attacks are possible as well. For instance, webpages run JavaScript code, and as a full programming language, JavaScript can be used in a range of ways to compromise user devices.
DNS filtering can prevent these kinds of attacks by blocking users from loading malicious webpages at all.
2. Blocking phishing websites
A phishing website is a fake website that is set up to steal login credentials in phishing attacks. The domain used could be a spoofed domain or just an official-looking domain that most users will not think to question. Regardless of the method, the goal is to fool the user into giving their account credentials to an attacker. These websites can be blocked using DNS filtering.
Goliath Cyber Security Group offers an all-in-one, comprehensive cybersecurity solution that includes DNS Filtering.
If you are interested in learning how our team can help protect your brand and customers while helping to drive your bottom line, contact the Goliath Cyber Advisory team.
Comments are closed