DNS Protection - Why Is it So Important?

Posted by Corrin Jones on March 21, 2019

DNS protection provides an additional layer of protection between an employee and the internet by blacklisting dangerous sites and filtering out unwanted content. By using secure DNS servers both at home and at work, employees can avoid unnecessary risks and the potential for malicious attack. Here's everything you need to know about the benefits of secure DNS servers. 

What is a DNS?

The Domain Name System (DNS) is what converts human-readable domains (such as cwps.com) into an IP address to connect to (such as 104.27.136.180). This makes it possible for people to use memorable domain names rather than having to remember numbers. The DNS has been a foundational technology for the Internet, making it easier for people to use. As an intermediary layer between people and the internet, it can also be exploited for increased safety.

There isn't a single DNS server, but rather there are many DNS services that are used to provide the backbone of internet domain name resolution. Many people use the DNS server provided by their ISP, but they don't have to. Instead, they can use a free, secured DNS server or a paid, secured DNS server. Since most Internet connections go through a DNS, DNS Protection provides an excellent opportunity for improved security.

Why is DNS Protection Important?

Last month, the Department of Homeland Security issued an Emergency Directive advising US businesses to take steps to defend against DNS hijacking. According to the directive, FireEye and Cisco had both uncovered evidence of recent DNS attacks. 

DNS protection can help protect both commercial networks and home networks. As many people have found their professional and personal lives blurred, it's important to protect home networks as well. A secure DNS solution can be used to improve upon BYOD policies, securing data inside and outside of the office, while also providing additional benefits.

A secure DNS solution will provide:

  • Content filtering, which can then be implemented to block adult sites and other unwanted content. This doesn't require any software to be installed on computers and devices; it works through the DNS—which gives it a substantial benefit over other filtering solutions. Content filtering will reduce the chances an employee might visit a "bad neighborhood" which could lead to a malicious attack.
  • Malware and phishing blocking, to block out sites that may have potentially dangerous or malicious content, such as viruses and scams. It's very difficult for many people to identify phishing attempts. A content filtering measure that can block out known phishing attempts, paired with the right training, can reduce the chances of falling for this type of attack. (Unfortunately, blocking alone cannot protect against more advanced phishing attacks.)
  • Protection against botnets, which are becoming a particularly dangerous threat as IoT devices become more popular. Botnet protection will take action to block communication with known botnet servers, protecting your device. 
  • Advertisement blocking, as a form of content filtering. Advertisements may attempt to collect information from employees or may have malicious applications hidden inside of them. Even if they aren't directly malicious, advertisements can damage the performance of a system and reduce the efficiency of an employee.
  • Typo correction, to correct something like "gogle.com" to "google.com." This is important, as malicious attackers will often purchase these "typo" domains to install malicious programs on them or collect data from them. A "typo" domain might look like the regular domain in every respect but could collect your data once you enter it in.
  • Improved speed, which can improve efficiency and productivity. Many times, secure DNS servers can provide a faster lookup than DNS servers provided by an ISP. Secure DNS servers are also able to increase reliability. DNS resolution is used many times throughout the process of connecting to the internet, so even an incremental improvement can provide substantially greater levels of performance.

How Can Employees Start Using DNS Level Protection?

There are both free and paid DNS level protection services, depending on your needs. You can look for "free DNS level protection" to find services and comparisons, but you may also want to consider a paid DNS service. Pro accounts offer advanced control, such as direct control over blacklisting and whitelisting. A paid DNS server may be faster or more reliable than a free one, but the free ones are still extremely valuable.

Once the right secured service is found, you can implement it on employee work devices, to ensure that work devices are always connecting through a secure portal. If employees want to use their personal devices to complete their work, they should be required to use the secured DNS server. The server will protect both their desktop devices and their smartphones.

From there, the DNS server will provide an additional layer of security and content filtering between your employees and the internet. Being proactive about your company's security is extremely important to reducing risk. If you want to start keeping your data secure today, consider the benefits of the CWPS' Cloud Assist Security Foundation

2019 Cybersecurity Threats Ebook

Topics: DNS