DNS Filtering has been a protective technique known to the infosec community since 1997.  Many IT professionals would argue that it should go hand-in-hand with antivirus, password keepers, and cybersecurity training as part of any entry-level cybersecurity implementation.  So why is it that DNS Filtering remains a lesser-known term, with few non-professionals being aware of its protective benefits?  Let’s dig deeper.

How does DNS Work?

To understand DNS Filtering, we first need to look at how DNS works. As usual, we’re sacrificing some technical precision by offering a definition that we feel is very accessible:

“DNS (Domain Name System) converts human-readable domain names into the IP addresses (numeric addresses) assigned to the server hosting the domain name’s website.”

So, when you want to look up something on Google — you don’t have to remember to browse to 172.217.5.14 — you just have to remember to browse to google.com.  Lucky for you, the Domain Name System handles the lookup to figure out that google.com is hosted at 172.217.5.14, and your web browser behind-the-scenes relies on DNS to “resolve” that lookup for you.  From there, it’s smooth sailing to retrieve Google’s homepage from 172.217.5.14, all without you ever having to see or type that IP address.

How does DNS Filtering Work?

Imagine that instead of typing google.com, you typed gogol.com.  For the thousands and thousands of times we type a URL into a browser or click a link, it’s unavoidable that sometimes we’ll either have a typo, or face a devious phishing attack that tries to fool us into clicking a link that we shouldn’t.

Here’s where DNS Filtering kicks into action.  If you don’t have DNS filtering — your browser will gladly take you to gogol.com (continuing to use that one as an example).  But, if you do have DNS filtering, your DNS Filtering solution (you really should use Havoc Shield 🙂 ), will catch the lookup request for “gogol.com”, and if it concludes that this website is dangerous, it will block you from continuing.

How?  It’ll refuse to complete the DNS lookup to convert “gogol.com” into an IP address.  Without an IP address, there’s no way to proceed to the potentially-harmful site.

The Battle Between DNS Filtering and Phishing Attacks

In our explanation above, we’ve simplified something that we now need to come clean about: the list of harmful websites changes every day.  Many times a day.  As phishing attacks proliferate, new/dangerous domains are registered every day — ones that are part of phishing attacks, malware distribution schemes, and more.  So, part of the job of DNS Filtering providers is to continue to (always!) rapidly update the list of dangerous domain names, to keep you safe from visiting problematic websites.  In other words, no solution is perfect — but you are far better off having one than not.

 

 

 

Tags: phishing emails