Most Internet filters use DNS based content filtering to prevent users accessing websites that harbor malware or ransomware, or that have been constructed with the purpose of executing a phishing attack. We explain how DNS based content filtering works, and illustrate how it can benefit businesses in multiple ways.
What is DNS Based Content Filtering?
When an Internet user types the address of a website into their browser bar, or clicks on a link to the website, a process starts to obtain the IP address of the target website so the browser can communicate with the website and the Internet user can access its content. This process is known as the Domain Name System, or DNS.
DNS based content filtering is simply another way of saying that an Internet filter allows or blocks access to the target website´s content according to the website´s IP address rather than its domain name. By allowing or blocking access by IP address, rather than domain name, DNS content filtering is much more efficient than other forms of content control and results in imperceptible latency.
How Does a DNS Content Filtering Solution Know Which Websites to Block?
There are a number of ways that DNS content filtering solutions block access to websites. Some of these are default operations in Internet filters, whereas others are administrator-controlled. The more methods used, the safer the browsing experience – and, depending on the way the DNS based content filtering service is set up, more methods does not necessarily mean more administration.
- URIBL Filters check IP addresses against a database of websites known to harbor malware or ransomware, or that are vulnerable to exploitation.
- SURBL Filters check IP addresses against a database of website URLs that have been found in spam emails and are candidates for phishing websites.
- Category Filters enable administrators to block access to website content depending on the nature of their content (i.e. pornography, racial hatred, etc.).
- Keyword Filters can be used to block access to websites or website applications by specific words in the content of the website (i.e. “chat”, “Netflix”, “milf”, etc.).
- Administrator-controlled Blacklists and Whitelists block or allow access to specific websites as determined by the administrator.
What is important to know is that, whereas Internet filters sort websites into categories automatically – and then block access to all the websites in the selected categories by IP address – keyword filters scan each website page for non-conforming content. Therefore in order to be effective, an Internet filter with keyword filtering capabilities must also have SSL inspection to read the content of encrypted websites. Since most websites now have SSL certificates and encrypt connections, SSL inspection is essential. More importantly, many malicious websites encrypt content. If your DNS content filtering solution does not have SSL inspection, malicious content will not be identified.
What may also be important to know for anybody unfamiliar with DNS content filtering, is that Category Filters, Keyword Filters, and Blacklists/Whitelists can be applied to individual users, individual groups (or departments), or universally. In the most advanced Internet filters, these can also be applied between certain times, to certain domains, or with bandwidth limitations (i.e. Netflix).
How a DNS Based Internet Filter can Benefit Businesses
The obvious benefit to businesses is that a DNS based Internet filter is an effective way to prevent malware, ransomware and phishing attacks. In addition, there are numerous examples of how a DNS based Internet filter can be commercially advantageous in terms of increasing productivity, reducing HR issues in the workplace, and providing users with a safer browsing experience. Here´s a few:
- A study looking into “cyberloafing” found that 32% of employees spend more than two hours a day visiting non-work related websites.
- In many business, persistent Internet abuse is a dismissible offence. A DNS based Internet filter helps businesses avoid this HR issue.
- Retail businesses proving a public Wi-Fi service, can take advantage of a DNS based Internet filter in order to provide a family-friendly environment.
Businesses are not the only organizations to benefit from versatile and scalable Internet filtering. A DNS based Internet filter can be used in K-12 schools to apply age-appropriate filtering policies to students in different grades – with exceptions allowed for students studying specific subjects. The same level of granularity makes a DNS based Internet filter an ideal service offering for MSPs and ISPs.
Further Information about DNS Based Content Filtering
If you would like further information about DNS based content filtering, do not hesitate to get in touch. Our team of Sales Technicians will be happy to answer any questions you have and explain about our DNS based content filtering service – WebTitan Cloud – which is used by thousands of businesses worldwide to protect networks, increase productivity, and provide a safer browsing experience.
If you would like to experience the benefits of DNS content filtering in your business, don´t forget to request details of our free trial offer. As implementation of our cloud-based DNS based content filtering service takes just minutes to implement, you could be protecting your network from malware, ransomware, and phishing attacks within fifteen minutes of picking up the phone.