A DNS filtering service is an alternative to traditional hardware and software-based web filtering solutions and is used to filter out harmful and malicious internet content. A DNS filter works by redirecting the IP address of an organization´s router to that of the service provider and then allowing administrators to set filtering parameters via an online browser-based portal.
Because a DNS web filtering service is quick to implement, has low maintenance overheads, and is inexpensive to operate, it is quickly becoming the “go to” solution for organizations wanting to increase their online security posture and protect their networks from web-based threats. A DNS filtering service has other benefits for organizations. It can be used to improve productivity by blocking access to social media networks and gaming websites, and is important for compliance, managing legal risk, and controlling bandwidth use.
The Importance of a DNS Filtering Service with SSL Inspection
SSL inspection is a tool within a DNS filtering service that decrypts the content of a “secure” website, checks the content to make sure it does not violate internet access policies, and then re-encrypts the website before allowing an Internet user access to the site. The reason why SSL inspection is so important is because three-quarters of websites – including websites with SSL certificates – have been identified as having security vulnerabilities.
That does not mean that three-quarters of websites harbor malware, but the potential exists for a hacker to exploit a vulnerability and install malware or phishing forms on the website. Without SSL inspection, an Internet user – even one trained on the dangers of web-based threats – could inadvertently download malware onto their device from an apparently “safe” website, and then infect the whole of an organization´s network.
Malware downloads can be devastating for an organization. Once an infection spreads through the network, data can be stolen, corrupted, or encrypted. The cost of resolving the infection and repairing the damage malware and ransomware cause can be substantial. An organization operating in an industry such as healthcare, insurance or banking could be subject to a regulatory fine for a malware infection and possible face civil legal action over a data breach.
A DNS filter mitigates the risk of downloading a web-based threat by blocking access to websites known to harbor malware. DNS filters can be configured to prevent downloads of file types commonly associated with malware. A DNS web filtering service can also be configured to reduce the risk of phishing attacks – thus enhancing an organization´s online security posture further still. Many DNS filtering services check the URL/domain against blacklists of known malicious websites and also check the content of sites in real-time to block new phishing web pages that have yet to be reported as malicious.
Other Benefits of a DNS Filter Service
In addition to protecting an organization´s network against the risk on web-based threats, a DNS filter can be used to restrict access to productivity-sapping websites that employees may utilize for “cyberslacking”. Studies have shown that the average employee wastes around two hours each day on gaming websites, online shopping portals, social media platforms and – significantly – pornographic content.
It has been suggested some personal web time at work can promote productivity; however, openly viewing pornographic and other objectionable content can cause HR issues. An organization could even be taken to court by an employee for failing to provide a safe working environment. A DNS web filtering service can prevent these problems by restricting access to these NSFW websites. Controls can be applied for individual users, groups, departments, or organization-wide. It is also possible to apply time-based controls. For example, social media sites could be blocked during working hours, with access allowed during lunch breaks.
The time-based controls on a DNS filtering service are particularly useful if your organization regularly has bandwidth issues. By setting the filtering parameters to block access to video streaming websites and online bandwidth-hogging applications, organizations can prevent bandwidth wastage at key times during the working day.
Finally, for organizations in the retail industry, a DNS filter enables you to offer a protected WiFi service to your customers. Free WiFi services are a great marketing tool in an age when consumer decisions are influenced by where they can access the internet free of charge. However, if customers´ devices are infected by malware – or if customers are exposed to objectionable content due to an organization offering an unprotected WiFi service – the organization will likely lose more customers than it gains. By using DNS-based web filtering, businesses can ensure that all WiFi users – employees, guest users, and customers – are protected from online threats and are not permitted to use a WiFi network for accessing harmful or unsavory web content.
Features of TitanHQ´s DNS Web Filtering Service
The primary features and benefits of TitanHQ´s DNS web filtering service – WebTitan Cloud – are worth highlighting because many organizations evaluate web filtering solutions based on cost and maintenance overheads – rather than how effective the solutions are.
WebTitan Cloud has a three-tier mechanism for filtering the Internet: Blacklists, category filters, and keyword filters. Blacklists blanket-block access to websites known to harbor malware and websites that disguise their true identity behind a proxy server. Category and keyword filters restrict user access to websites that fall within a certain category and will block access to sites that contain certain keywords.
Organizations have the option to apply whichever category and keyword filters they wish and – with WebTitan Cloud – have the opportunity to create their own customized categories. The three-tier mechanism delivers an exceptional level of granularity allowing organizations to fine-tune the content employees and visitors to their business can access.
Malicious URL Detection and Phishing Protection
Our malicious URL detection software checks each request to visit a website against a blacklist of IP addresses from which spam emails are known to have originated and blocks access to those sites. Websites that have been discovered to have been used for phishing or have been detected as hosting exploit kits or malware are similarly blocked. IP address blacklists are updated in real time as new threats are identified.
Similarly, our phishing protection software is updated in real time as new websites are discovered to be used for phishing. 99.5% of websites with the word “PayPal” in their URL are fake sites and, due to the sophistication with which cybercriminals are constructing their phishing emails and their fake websites, phishing attacks are getting harder to identify and block. A DNS filter provides an important extra layer of security to block the web-based component of phishing attacks.
As mentioned at the top of this page, WebTitan Cloud´s filtering parameters can be set and adjusted via an online portal that can be accessed through any web browser. This makes it possible to fine-tune the DNS filtering service from any Internet-enabled device and eliminates the necessity for organizations with multiple offices to visit each location every time there is a change to their acceptable internet use policy.
The WebTitan Cloud DNS filter has the all-important SSL inspection that was discussed earlier, plus accommodates multi-lingual filtering. The flexibility of our DNS web filtering service allows the blocking of web applications, without blocking access to the website itself (useful for organizations that engage in Facebook marketing but do not want their employees to be able to use Facebook Messenger).
Compatibility and Scalability
As WebTitan Cloud is a DNS filtering service that works by redirecting a router´s DNS, there are no compatibility issues. If you want to integrate WebTitan Cloud with existing management tools our DNS web filtering service is provided with a suite of APIs for backend integration. MSPs can easily integrate the solution into their autoprovisioning and management systems.
Scalability is not an issue either. There is no upper limit to the number of devices that can be protected by our DNS filtering service. Consequently WebTitan Cloud will always be an appropriate web filtering solution should your organization expand. If you need to reduce your workforce, this can easily be accommodated by TitanHQ to ensure you do not pay for a subscription you are not using. Details of how this works are given in the “DNS Filtering Service Pricing” section below.
Due to the SSL inspection process being performed in the cloud, WebTitan Cloud filters the Internet with imperceptible latency. This means that, irrespective of how many devices are using the DNS filter, any delay between typing in a URL or clicking on a hyperlink, and having a permissible website opened in the browser is unnoticeable.
There are no bandwidth restrictions on our DNS web filtering service; so, if you decide not to block video streaming websites, WebTitan Cloud can cope with the volume of Internet traffic. This can be of particular importance to organizations that operate a WiFi service with multiple hotspots or for an organization with multiple Internet users that are visiting streaming websites.
There are a number of good reasons for taking advantage of WebTitan Cloud´s automated reporting. Firstly, the reports inform administrators of any web-based threats that have been blocked and where they originated from. This information can help shape future acceptable use policies or be used to nip potential HR issues in the bud before they develop into more serious problems. The reports also advise administrators of any attempts to circumnavigate the filtering parameters.
The reports also reveal the web-browsing habits of Internet users. If your organization is in the retail industry, and you provide a free WiFi service to customers, this can be a useful tool for research to allow you to create targeted marketing campaigns and special offers for your customers. It might be ambitious to claim that a DNS filtering service can help increase your sales – but the possibility exists.
DNS Filtering Service Pricing
Our DNS filtering service pricing is very easy to explain. As there is no hardware to purchase or complicated software installations to perform, there are zero set-up costs. Once implementation of the DNS filtering service is competed, organizations pay a subscription to receive the service – typically around $15.00 per user per year based on the following factors:
- How many people you want to protect.
- Your preferred deployment option.
- Which payment cycle works best for you.
Discounts are available to organizations committing to long-term contracts and monthly payment options exist for organizations on a budget. There is significant flexibility in the licensing terms and licenses can be adjusted upwards or downwards as necessary. For an accurate calculation of the WebTitan DNS filtering service cost, please visit our Instant Quote Calculator.
Speak with TitanHQ about our DNS Filtering Service
If you have any questions about DNS content filtering in general or our DNS filtering service, our industry-leading customer support team will be delighted to hear from you. Once you have spoken with us, we will invite you to try WebTitan Cloud on a free trial. We believe once you have experienced how DNS based filtering ensures threat-free Internet browsing, you will never want to return to the malware-infested World Wide Web again.
DNS Filtering and Wi-Fi Security FAQs
Are guest Wi-Fi networks secure?
The best way to allow visitors and other non-employees to access the Internet securely is to create a guest Wi-Fi network that is separate your main network and to use a web filtering solution to restrict access to malicious websites and other content that violates your Internet access policy.
Is Wi-Fi content filtering expensive?
Wi-Fi content filtering is not expensive. For instance, with WebTitan Cloud for Wi-Fi you can protect your business’s Wi-Fi networks for as little as $1.00 per user, per month. The solution is quick and easy to set up and use so there is little management overhead.
What is the best way to block malicious websites?
The easiest way to block malicious websites and malware downloads is a content filtering solution. This will allow you to block all known malicious websites, assess newly created websites in real time for malicious content such as phishing and malware, and block access to categories of website you do not want employees and guest users to access.
What are the most important guest Wi-Fi security best practices?
Important guest Wi-Fi security best practices include setting a strong password for the Wi-Fi network, configuring the router to encrypt traffic using WPA or ideally WPA2 (which is stronger), and controlling what users can access when connected to the network using an Internet content filtering solution.
What does Internet content filtering entail?
Internet content filters use blacklists to prevent access to known malicious content and illegal websites, category-based filters for blocking access to certain types of website, and word-based filters for blocking access to content containing certain keywords or densities of keywords. These controls can usually be configured easily via a web-based interface.