DNS content filtering is another term for a cloud-based Internet filter. Rather than use hardware appliances or software installations to protect networks from malware and ransomware, cloud-based Internet filters provides an option for business and Managed Service Providers (MSPs) that do not require a high level of maintenance or place a strain on network resources during the filtering process.
The term “DNS content filtering” derives its name from the way the filtering solution is implemented. Businesses and MSPs simply have to redirect their DNS server settings towards the service provider´s server and the cloud-based Internet filter is ready to go. DNS content filtering is compatible with every type of operating system and automatically configures itself once implemented.
Once configured, network administrators can apply user policies via a web-based management portal. The portal also allows network administrators to monitor Internet activity in real time and pull historical reports to assist with risk assessments and identify unusual port activity – usually a sign of attempts to circumnavigate the filtering parameters.
Cloud-based Internet filtering is just as effective at preventing network users from visiting unsafe or prohibited websites as hardware-based or software-based Internet filtering. Furthermore, as software updates are conducted in real time by the service provider, DNS content filtering is a “set and forget” solution for filtering the Internet with the added advantage of improved network performance.
Why SSL Inspection is an Important Function
Before explaining how DNS content filtering improves network performance, it is important to look at one of the most important functions of any Internet content filter – SSL inspection. During the SSL inspection process, an Internet content filter decrypts, reads and re-encrypts the content of encrypted web pages to ensure they are free from malware and their content complies with user policies.
More than half of the world´s most visited websites use encryption to ensure the integrity of confidential transactions and user conversations, and – more recently – to enhance their rankings in Google´s Search Engine Results Pages (SERPs). However, an https:// prefix or a green padlock symbol no longer means a website is secure – indeed, far from it.
In 2017, online security researchers found that 37% of supposedly secure websites harbored malware rootkits, malware drive-by downloads or malvertising. They also determined that every major ransomware family identified since January 2016 has been distributed at some point via an encrypted website – a threat that can only be stopped by an Internet content filter with SSL inspection.
How DNS Content Filtering Improves Network Performance
The problem with SSL inspection is that it is resource-intensive. Decrypting, reading and re-encrypting encrypted web pages places a tremendous strain on CPUs and, at times of peak web activity, Internet speeds can suffer. It is also possible that some web-based applications such as email will be temporarily unavailable due to the SSL inspection process devouring network resources.
Whereas a possible solution to this problem is whitelisting – allowing trusted websites to bypass the filtering process to relieve the strain on CPUs – whitelisting can be a labor-intensive task for network administrators, and it has its risks. There is no guarantee a trusted website will remain malware-free. An update to the trusted website could expose a vulnerability that is exploited by hackers.
DNS-based content filtering overcomes this problem, and improves network performance, by conducting the SSL inspection process in the cloud – effectively placing the strain on the service provider´s CPUs rather than the business´s CPUs. The filtered Internet service is delivered to network users with imperceptible latency and with no effect on business-critical web-based applications such as email.
DNS Content Filtering Solutions from WebTitan
WebTitan is a leading developer on online security solutions for business. We have been helping businesses protect their networks from web-borne threats for almost two decades and, using feedback from our existing clients, we have developed two cloud-based Internet filtering solutions that have incredible versatility but which have ease-of-use as one of their main features:
- WebTitan Cloud is a DNS content filtering solution with SSL inspection that protect networks from malware and ransomware, and network users from the threat of phishing. Network managers can control access to non-work related activities in multiple locations from one web portal and choose from a range of pre-configurable reporting options.
- WebTitan Cloud for WiFi has been especially developed for wireless Internet services. Particularly suitable for businesses that offer a publicly-accessible wireless service or operate a BYOD policy, WebTitan Cloud for WiFi also has SSL inspection to protect networks operating from a single wireless router or a nationwide network of WiFi hotspots.
To find out more about DNS-based content filtering solutions, or to request a free trial, do not hesitate to get in touch. Our team of Sales Technicians will be happy to answer your questions and will discuss your current online security and network configuration to determine which WebTitan solution will be more appropriate for your circumstances. Contact us today, and you could be protecting your network against malware and ransomware with a DNS content filtering solution in less than twenty minutes.
FAQs
If I use the WebTitan DNS filter, will there be any impact on Internet speed?
If you use the WebTitan DNS filter, there will be no impact on Internet speed because WebTitan is a DNS-based web filter. This means filtering occurs at the DNS lookup stage of a web request before any content is downloaded. That means there is no latency, so there will be no perceivable difference in page load, upload, or download speeds, in contrast to more traditional web filtering solutions.
Is it possible to bypass the WebTitan DNS filter?
It is possible to bypass the WebTitan DNS filter, just as it is with any web filtering solution. However, WebTitan includes controls that can minimize the likelihood of the filter being bypassed. For example, you can block access to anonymizer services, which are commonly used to bypass web filters and you should lock down per device settings to prevent the DNS settings being changed.
Will the WebTitan DNS filter cover remote workers?
The WebTitan DNS filter covers remote workers using corporate devices. WebTitan includes an agent that can be deployed on most corporate devices, no matter where they are used to access the Internet. You may wish to apply different content controls for remote workers than office-based workers. Administrators have full control and can quickly and easily enforce Internet policies through the web-based user interface.
Does TitanHQ have an MSP program?
TitanHQ has an MSP program called TitanSHIELD. The program allows managed service providers to implement and deliver the full range of TitanHQ cybersecurity solutions directly to their client base. Members of the TitanSHIELD program have a dedicated account manager, assigned sales engineer support, and access to the partner program hotline and knowledge base. MSPs also get 24/7 priority support, access to online technical training materials, and a host of sales enablement tools.
Is the WebTitan DNS filter equivalent to Cisco Umbrella?
The WebTitan DNS filter is not equivalent to Cisco Umbrella because the WebTitan DNS filter has several important advantages. It is easier to use, the cost is far lower, and customers benefit from industry-leading customer support. WebTitan also has many features for MSPs that are not provided by Cisco. We recommend taking advantage of our free trial to put the solution to the test and see for yourself.
What is DNS web filtering?
DNS web filtering is a type of web filtering that uses the Domain Name System (DNS) to block access to malicious or unwanted websites. When a user tries to access a website, their device first queries a DNS server to find the IP address of the website. If the DNS server is configured to block access to the website, it will return an error message instead of the IP address. This prevents the user from accessing the website.
How does DNS web filtering work?
DNS web filtering works by using a combination of real time blocklists (RBLs), category filters, and user policies to block access to malicious or inappropriate websites. When a user tries to access a website, the DNS server queries the RBLs, category filters, and user policies to determine whether the request website is safe and if the user is permitted to visit it. If the website is unsafe or prohibited, the DNS server returns an error message instead of the IP address – preventing the user from visiting the website.
What are the advantages of using DNS content filtering for web filtering and security?
The advantages of using DNS content filtering for web filtering and security are that it operates at the DNS level – allowing organizations to implement web filtering without the need for complex configurations on individual devices. This centralized approach simplifies administration and ensures consistent filtering across the entire network. Additionally, DNS content filtering can be implemented quickly and easily by redirecting DNS traffic to a filtering service such as SpamTitan.
What are some key features to consider when evaluating a DNS content filtering solution?
Some key features to consider when evaluating a DNS content filtering solution are the comprehensiveness and accuracy of the categorization database. The solution should provide a wide range of predefined categories to cover various types of websites, should offer customizable categories, and provide regular updates to keep up with emerging threats.
Additionally, the ability to customize filtering policies is important, as organizations have unique requirements and may need granular control over web access. Integration capabilities with existing network infrastructure, such as DNS servers or firewalls, should also be assessed to ensure seamless deployment and compatibility.
How does DNS content filtering integrate with existing network infrastructure to enforce web filtering policies effectively?
DNS content filtering integrates with existing network infrastructure to enforce web filtering policies effectively by intercepting DNS requests and redirecting them to the filtering solution. The DNS content filtering solution acts as an intermediate DNS server, receiving DNS requests, and applying filtering policies before responding with the appropriate IP address or block page.
