Was ist DNS-Filterung?

One technology that aids in ensuring users remain safe is the use of DNS (Domain Name Systems/Services). DNS correlates domain names, like OpenSystems.com, to the matching numeric IP address.

DNS is required when accessing web content. Content cannot load, or access is allowed before the DNS process occurs. If the website is on a blocklist, the DNS process is halted, and the request is denied. This makes DNS blocking or filtering a useful method for protecting users from malicious sites.

DNS Stops Attacks Before They Begin

DNS filtering can block a website by domain names and by IP addresses. It helps to ensure cybersecurity by blocking:

Laden Sie unser eBook herunter. Dieser neue Ansatz für die Vernetzung umfasst eine Reihe von vollständig integrierten, über die Cloud verwalteten Security-Services, die vor Ort oder in der Cloud mit zentral verwalteter Sicherheit bereitgestellt werden. Erfahren Sie, wie Sie:

  • Verringerung der Komplexität und des betrieblichen Aufwands
  • Benutzerfreundlichkeit / Transparenz für Anwender
  • Mehr Sicherheit durch einen Zero-Trust-Netzwerkzugriff

Cybercriminals Can Exploit DNS Vulnerabilities

Cybercriminals are well aware of the safeguards DNS provides and have attacks specifically targeted to exploit DNS vulnerabilities. DNS threats include:

DNS tunneling, which uses SSH, TCP, or HTTP to drill into DNS messaging and pass malware.

DNS hijacking, which directs DNS messaging to a different domain name server with false information intended to redirect users to malicious websites.

DNS spoofing, which returns an IP address that is not the intended website but a website with malicious intent.

Random subdomain, Domain lock-up, NXDOMAIN, and Phantom attacks overload DNS services with a DoS (Denial-of-Service) attack.

Fending Off Attacks to DNS

While DNS deters cyber-attacks, it is also subject to threats. There are many techniques available to detect and deter DNS attacks.

Using a cloud-based DNS provider is a viable option to ensure your DNS capability is protected. DNS providers have large numbers of name servers distributed across the globe. It would be nearly impossible to mount a successful DDoS attack. Another benefit is that when you add your blocklist to their global blocklist, the result is a very complete and deep list that is updated continually. That ensures greater cybersecurity for users and better protection against sophisticated attacks and malicious websites. Lastly, the burden of protecting and maintaining DNS falls to the provider, not to you.

Open Systems DNS Filtering

Another Layer in the Open Systems Cybersecurity Stack

Contact our customer advocates and learn about the global network of access points/ PoPs and how a cloud-based global DNS service can enhance the cybersecurity posture for your organization.