Increasing Security with URL and DNS Filtering

URL and DNS Filtering

As cyberattacks continue to rise in a post-pandemic era, hackers and state-level actors are using more sophisticated technologies and advanced tools to commit cybercrimes. A key step in preventing such attacks is by leveraging URL (web) filtering and DNS filtering so that harmful content is blocked from ever reaching your users. These measures against the dangers of the Internet create the barriers necessary to significantly reduce the attack surface and provide essential protection from ever-increasing cyber threats. 

Both DNS filtering and URL filtering solutions operate with the help of Web Reputation Services. These services assess online sites and assign a risk score based on the site’s user traffic, the threat history of pages on the domain, age of observance, geo-location, associated networks, internal and external links, as well as other contextual trends.  

However, not everyone is clear on when either DNS or URL filtering is a better security measure. It can be hard to decide on the right combination of tools for your security stack. The truth is that when it comes to preventing sketchy emails and suspicious online sites, both DNS filtering and URL filtering offer advantages that should be combined for complete web security.

DNS Filtering

Nowadays organizations tend to focus first and foremost on web and email traffic protection, while DNS is often overlooked. DNS traffic is a key component of enabling web browsing, but due to its distributed nature and use of the UDP protocol to serve queries and responses, DNS is vulnerable to specific types of attacks. 

In a recently discovered attack campaign, attackers used DuckDNS, a free dynamic DNS service that allows the creation of subdomains and record management via scripts, to register malicious subdomains that would enable the notorious NanoCore, Netwire, and Async RAT (Remote Access Tool) malware. URLs sent by email resolved to a download server or to Command & Control (C2) servers for RATs.

This sort of attack is only one of the reasons that DNS filtering is a crucial part of your security portfolio. For instance, IoT devices rely heavily on the DNS protocol and are frequently infected by botnets in order to be exploited in DDoS attacks. By preventing DNS queries to malicious servers, DNS filtering can prevent IoT device exploitation. 

In fact, properly configured and dynamically updated DNS filtering is very effective at preventing malware, phishing, DNS hijacking and tunneling, and other types of attacks. A good example is Perimeter 81’s robust, zero management DNS filtering, which can be set up in just a few clicks and adds another layer of security to your network.

SWG URL Filtering 

There are several areas in which URL filtering is a significant addition to DNS filtering.  It is important that your security solution address these points, which can be blind spots for DNS filtering alone.

Granularity

One of the components of Perimeter 81’s recently introduced Secure Web Gateway is Web (URL) Filtering. While DNS filtering focuses on blocking domains, URL filtering allows you to protect users by blocking access to specific URLs. In addition, in contrast to DNS filtering, URL filtering focuses on HTTP/HTTPS traffic and enables user-centric rules for allowing, warning, or blocking access to web categories or specific URLs. This means that URL filtering allows a more granular implementation of web access rules, for a true “zero trust” approach to Internet access. 

Enforcement Point

With the help of TLS inspection, which allows visibility into encrypted HTTPS traffic, URL filter rules will protect and monitor employees even when they are not connected to the corporate network. By blocking websites such as malware and fraudulent sites, IT managers can take a preventative step to block malware downloads and phishing attempts. 

DNS over HTTPS

The DNS over HTTPS (DoH) protocol leverages HTTPS to encrypt DNS traffic and has been gaining more popularity. This protocol prevents DNS traffic from being forged by attackers, but its use of HTTPS makes it invisible for DNS filtering solutions. URL filtering inspects this traffic.

Malware Protection

In addition, a full Secure Web Gateway pairs URL filtering with an anti-malware engine, which prevents malware at the point of entry. Malware detection capabilities are crucial, protecting users from malicious attacks on the Internet. These attacks may quickly spread in the organizational network, infecting one host after another. A Secure Web Gateway, including both URL filtering and Malware Protection, will prevent users and hosts from infection at the point of entry, securing both employee devices and the corporate network.

URL vs DNS filtering table

In summary, the best security practice would be to enable both DNS filtering and URL filtering as part of a Secure Web Gateway. 

While DNS filtering provides protection for all types of traffic and can prevent access to malicious domains, URL web filtering provides a deeper and tighter level of control and security. URL filtering adds the ability to granularly define access control to specific sites, and as part of a Secure Web Gateway is paired with a full anti-malware inspection of the traffic. 

The best way to secure your company from cyber attacks is by combining both DNS filtering and URL web filtering for total network security, significantly reducing the attack surface and decreasing the chance of malware, ransomware and other attacks.