The website uses cookies to deliver services in accordance with the Cookies Policy. You can define the conditions for storing or accessing the cookie mechanism in your browser.
DNS filtering provides protection against Internet threats such as viruses, malware, ransomware, phishing attacks and botnets. The Domain Name System (DNS) makes it possible for us to use the Internet by remembering names, and computers
and other hardware translate them into machine-readable IP addresses to transfer information from websites, mail servers, and files to client browsers. Passwords are hard to remember - imagine that instead of domain names we have to remember IP addresses.
While the concept of DNS filtering is simple and easy to understand, there are some misconceptions that can affect its reliable and secure operation.
Below, we share the most common problems IT engineers face when securing DNS infrastructure, and which are not entirely true.
4 myths about DNS filtering
1. Myth One: We don't need DNS filtering, we already have endpoint antivirus
Unfortunately, antivirus can only detect threats when it's running - and end users often turn off antivirus and firewall software on their devices to avoid hardware slowdowns. However, keep in mind that antiviruses cannot block content that is not infected with DNS viruses, but still unfit for work. These include websites related to gambling, pornography, politics or social media.
Malware delivered over the Internet can affect your entire business. If CryptoLocker, Petya or one of the other constantly evolving variants destroys a shared drive containing, for example, hour logs or customer invoices, the entire organization loses. Then there are viruses undetected for years that silently steal information or wait to deliver destructive content.
A DNS filter will not prevent all threats, but having multiple layers of security reduces the risk. Which of them are needed the most? To keep your business safe, you should have DNS and spam filtering, endpoint antivirus, sensible firewall rules, up-to-date software, regular, reliable backups, and informed employees. Without it, all other protections are pointless.
2. Myth two: DNS filtering is complicated
No, it's not! It starts with just three steps:
Query: You enter the DNS address in your browser by running a DNS query
Lookup: The DNS server specified in the configuration of the network interface (usually provided automatically by the DHCP server) receives the request and looks up the IP address that refers to this domain
Answer: as long as the domain name exists, the corresponding IP address is returned and the browser uses it to communicate directly with the web server for that domain and usually caches it for future use
After receiving a DNS response with the IP address of the domain name server, DNS is no longer involved in the communication between the browser (or other software) and the server.
This process gives you the ability to use DNS as a primary, low-bandwidth, fast filter to protect users from phishing sites, botnets, and other risky websites, and a way to prevent access to inappropriate NSFW (not suitable for work) sites.
By using DNS security with a database of categorized websites, you can ensure security in no time. The filter protects the web by providing search requests with only a valid IP address for safe sites, but returns a local IP address to give a block page for banned sites.
3. Myth three: DNS filtering is easy to circumvent
In most cases, simply setting the primary DNS servers as cloud web filters on a DHCP server (usually in a small business gateway device that includes a router, network switch, and firewall) is sufficient to block most Internet-delivered malware and prevent access to all productivity-killing and bandwidth-intensive sites.
Of course, employees can try to circumvent the restrictions. However, there is an easy way to do this: set firewall rules on your Internet gateway or router. You can also block DNS requests to anything other than an approved service and stop all other activity.
4. Myth Four: Setting up DNS filtering is a lot of work
Incorporating DNS filtering into your security package is a simple and easy option. Most routers and firewalls allow you to block port 53 - DNS traffic. By editing internal MX records and a single configuration change in one place
(in most small businesses this is the router) you can effectively protect access to dangerous sites and protect your network.
The truth about DNS filtering
First, technology is not the only part of solving web access. An acceptable internet usage policy is also required. Employees should be informed of what is allowed and what is prohibited and aware of the consequences. With their behavior, they not only risk losing their jobs, but they also put other users and the company at risk.
Second, the speed and performance of DNS servers can vary. Slow or poor domain resolution will result in less efficient web browsing. However, you can run speed tests to compare the performance of DNS servers.
How DNS filtering works
Web Titan is a DNS-based web filtering product that allows you to monitor, control and secure your business against external attacks. It is cloud-based and easy to use. Its two key functions are network security and web control. The user enters the URL in the browser, this request is sent to the Titan Web servers, where it is executed or blocked based on a predefined policy. If the latter happens, the user will be shown why the request was stopped. Once the user gets permission, they will be redirected to the requested URL.
Benefits of DNS filtering:
• Improved security by blocking access to malicious websites,
• Prevention of downloading malware from websites,
• Keep your protection up-to-date with targeted threat intelligence and Zero-Day applications,
• Leverage policy-based control to manage access with highly granular blocking and filtering,
• Prevent users from accessing sites that may reduce productivity or cause crime.
Web Titan has many features that allow you to protect users from malware, phishing and viruses, as well as enforce Internet rules without the need for local hardware or software.
Product offers cloud-based DNS filtering and eliminates browser latency while providing secure and comprehensive web security for all offsite users.
To learn more about the solution, please contact Patryk Wojcieszczak, who is its maintainer.
If you are interested in Web Titan in the MSP model, write to Renata Kuts, who is responsible for the solution in the form of managed services.
VAT ID 6762466740
REGON 122894922
KRS 0000467615
ph. +48 12 340 90 30