Founder and CEO of KeepSolid, a company that builds modern security and productivity solutions
As we adjust to life during a pandemic, two things have become clear: First, the internet is essential; second, the internet is full of dangers. Each of these dangers is different: They vary in the sort of attack they strike with, our familiarity with them, and the tools we can use to avert them. For example, viruses have been well-known for decades. Every PC is currently protected with antivirus software–and in many cases, it’s incorporated right into your operating system. Other types of internet threats, such as botnets, are newer, more difficult to detect, and less known to web users.
Different types of attacks require different types of protection. In this article, we’re going to focus on one specific protective tool: the DNS Firewall. In a nutshell, a DNS Firewall is a shield against scams and malware that attempt to redirect you to malicious websites. To better understand how it works and why it’s a valuable part of any antivirus package, let’s delve into the mechanics of DNS attacks–and, first of all, into the idea behind firewalls.
What is a firewall?
Firewalls as security solutions have been protecting our networks for the past 30 years; the first packet filter was introduced as early as 1989. At the heart of every firewall is the simple idea that you can establish certain rules to filter out traffic that comes from suspicious sources. A firewall monitors incoming and outgoing packets at a computer’s entry point, called a port, where information is exchanged with external devices. A set of predefined rules helps a firewall decide whether to allow specific “trusted” packets to enter the system or to designate them as “suspicious” and block them.
A firewall can consist of software, hardware, or both. When it’s a software solution, a firewall is installed on a computer to regulate traffic through port numbers and applications. When it’s hardware, a firewall takes the form of dedicated equipment installed between a network and a gateway.
The way a firewall works is quite similar to the way ships enter a busy coastal port: When a boat wants to dock, it requests permission to enter the port. The boat is then assigned an individual berth number (or parking spot) by the port. On a computer, a port is a docking point through which information comes into your device–from a software application, from the Internet, or from another computer that’s connected through a network. Instead of berth numbers, you have Internet Protocol (IP) addresses, which identify user on the Internet.
The first firewalls–which are still the most popular–are “packet-filtering firewalls” that check an information packet’s source and destination IP addresses. If the packet matches an “allowed” rule, it is trusted to enter the network. However, this approach has its limits: for example, it can’t predict if the contents of the packet are harmful. The drive to address this problem has given rise to numerous types of firewalls, which each approach the challenge from a slightly different angle. These are probably the most well-known new types of firewall:
Stateful inspection firewalls filter packets based on the state of the communication, port, and protocol. These firewalls use predefined rules and contexts, such as information from previous connections and packets that belong to the same connection.
Proxy firewalls (including proxy-based and reverse-proxy firewalls) serve as an intermediary, or a gateway, between two networks. Unlike packet-filtering and stateful firewalls, they ensure that an application layer filters and examines the payload of a packet. Proxy firewalls are a trusted solution that help monitor traffic for such protocols as HTTP and FTP.
Network address translation (NAT) firewalls: Similar to proxy firewalls, they act as an intermediary between a group of computers and outside traffic. They give multiple computers a single IP address to connect to a network, keeping their individual IP addresses hidden.
Next-generation firewalls (NGFW): These are newer firewalls with enhanced features, such as encrypted traffic inspection, intrusion prevention systems, and anti-virus protection. One of the breakthrough technologies they offer is deep packet inspection (DPI) that examines the data within a packet itself.
DNS firewalls are another option that build on decades-long efforts to improve packet filtering and enhance connection security. Let’s do a deep dive into what they are and how they work.
What is a DNS and why is it important?
A DNS, or Domain Name System, is a way to translate website addresses into numerical IP addresses. The DNS is often called the “phone book” of the Internet: When we type something like “google.com” in order to access Google’s website, the DNS maps it to a corresponding IP address and sends a request to a specific numeric sequence, like 184.108.40.206. This is done through a DNS server that’s located near your access provider. The DNS approach is the basis for all email services, messaging services, and social networks–which makes it a major target for cybercriminals. The Cisco 2020 Security Report estimates that 91% of cyber-attacks are carried out through DNS services.
These attacks come in all sorts of shapes and sizes–from DDoS attacks and malware to cache poisoning and domain hijacking and redirection. Attackers can redirect your web and email traffic–or, using a DNS, they can infect your computer to change the local DNS settings, so that you unknowingly send all DNS requests to a malicious server. For example, your innocent request to view the site “google.com” may end up at a website where the domain name is spelled with a capital “i” (googIe.com) instead of an “l” and contains a harmful worm.
How can a DNS Firewall protect you?
Protecting yourself against DNS attacks isn’t simple. A high level of expertise is needed to configure DNS servers so they hide vulnerable data from attackers, and to keep those servers up to date.
A DNS Firewall automates this process by going through a vast database of proven malicious internet locations to block the DNS requests they send. It works in a way that’s similar to regular firewalls, but it also offers expanded coverage that includes domain names, IP addresses, and specific DNS name servers.
When a cybercriminal tries to hijack a DNS, the DNS Firewall immediately stops translating IP addresses into domain names (a process that’s also known as interception of the DNS resolution). As a result, the malicious website (or the pop-up window that was trying to reach you) becomes invisible and unreachable.
A DNS Firewall also lets you block specific categories of annoying content, such as gambling sites, adult sites, or unwanted e-commerce sites. It can also enable you to manually block specific domains. This protects you from multiple different types of malware, including ransomware, phishing websites that try to steal sensitive data, and botnets.
So what’s the role of a DNS Firewall in daily life online?
For many of us, pop-up windows, annoying ads or redirections to suspicious websites are a part of our daily internet use. Annoying as they can be for the average person, they can become much more harmful to vulnerable web users, such as young children or elderly people–or if they penetrate a device that has sensitive data on it. A DNS Firewall is a security solution that creates a barrier between the Internet’s threats and your computer. It stops DNS-related threats and is much more affordable than enterprise-scale comprehensive services, or the services of an IT expert.