There is a saying in automotive safety, the safest accident is the one that never happens. Applied to IT Security, the best security incident is the one that never occurs. This is where DNS filtering is perhaps the most powerful tool in your arsenal, both in terms of cost for level of protection and ease of obtaining end-user buy-in.
Before we delve into why DNS protection is so important let’s examine what DNS is. DNS stands for Domain Name System, what it does is translate a human friendly name like google.com to an IP address such as 220.127.116.11. The easiest way to think of DNS is as a phone book for the internet. Just as you do not remember phone numbers for all of your contacts, you do not have to remember the IP address for every website. What started as a convenience for users became a way to ensure high availability, redundancy, and load balancing for various web services. With DNS, a name is tied to an IP address but can quickly be changed to another IP if one of them becomes unresponsive. So, a server crash does not lead to downtime, but instead just gets re-directed to the first responding server. Obviously, all of this is much more involved on the backend, but this provides a 60,000-foot view into how the internet works.
Now we know that DNS is the backbone of all internet requests but why is it so important for Security? This can be broken down into two sections.
For a service provider having security around DNS means secure DNS record management. If an attacker can modify your DNS record, he can change the address the requests will be sent to. So rather than your clients going to your website, they can go to his malicious site where users will be served malware instead of the expected content. Given access to DNS, an attacker can also authenticate himself to various 3rd party services such as Google Suites, Office 365, Bing and so on. That means he can re-direct email flow, take over your SEO (Search Engine Optimization) settings, tamper with your web presence and even corrupt your brand image. This type of attack can cause similar downtime to a ransomware attack, without as much effort on the part of the attacker.
The Importance of DNS Security for Consumers is related to preventing malware from reaching your users and data. Most malware is deployed in a multi-stage process. The first piece is usually a Trojan dropper or downloader. The goal of this tool is to download more malware from another source, a job that relies heavily on DNS. Without DNS the attacker would be less effective because he would need to rely on a single IP address, once this IP address gets flagged as malicious it would be reported to his ISP (Internet Service Provider) and banned, leaving his malware dead. As defenders, we want to interrupt the attack chain as early as possible and continue putting in safeguards at every sequence in the attack process. The first sequence in any attack chain is the connection to the malware. Since todays’ attacks almost exclusively come from online threats rather than the USB/DVD drive attacks of the past, filtering for security at the DNS layer removes most threats before your users or data is ever at risk. DNS filtering works by constantly identifying websites into categories. These categories include things like News, Social Media, Adult Content, Advertisements, and of course Malware or Scam sites.
It is my belief that filtering for content in a business setting can cause more harm than good because the categories you would block are so broad. However, unless you are an attacker or a security researcher, blocking malware and infected sites is an easy decision to make.
In addition, deploying DNS filtering at the network level, can have several benefits. Users generally prefer this because it is seamless security that can be applied uniformly to all employees. DNS filtering can also be setup at the endpoint level via an agent if a perimeter-based approach isn’t applicable. Each has benefits and limitations so the type of setup that works best for your business will depend on your workflows and use cases. No matter which you choose, you will be significantly cutting your attack surface and seamlessly increasing your level of security.
Iospa Tech offers several options for DNS filtering, both for perimeter wide protection as well agent based to account for remote users and businesses that wish to gather more detailed logs of their network traffic. Contact us to learn how you can get DNS protection for your business today.
© 2020 Iospa Tech LLC. All Rights Reserved. Various trademarks held by their respective owners.