The definition of Domain Name System (DNS) is, "a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network". It associates various information with domain names assigned to each of the participating entities.
Think of DNS as the phone book for the internet. When you want to visit a website, what you’re really doing is asking a DNS server “What is the IP address of this website?” The DNS server responds with the IP address and takes you to the website. DNS translates the domain name into an IP address so users only have to remember names, not a series of numbers.
Nearly every online attack that has ever succeeded could be considered a DNS attack, as it used the DNS protocol to operate, identify its targets, and spread. In just the first half of 2020, 36 billion records were exposed because of data breaches. Six breaches alone in 2020 exposed 8 billion records. Each of these breaches occurred at the DNS level of internet protocols.
The purpose of DNS protection is to restrict access to dangerous domains or IP addresses. With DNS protection or DNS level security (DNSLS) in place, if a user attempts to access a malicious domain with DNS protection in place, that domain will not resolve at all and instead, a page will appear letting them know that the content is blocked. The database of trusted and long-tenured sites is based on Google's SafeSearch database which chronicles known safe sites and blocks sites that have a malicious or unknown history.
Firewalls and DNS protection offer different things. DNS protection is concerned with the web content that is invited onto your network, while firewalls prevent your corporate networks from attacks from outside the network. While the firewall might be the moat that keeps the pillagers from storming the castle, DNS protection keeps unwary users or even bad guys inside the castle from helping the pillagers get in.
Firewalls are a necessary line of defense, but they represent just one piece of a network security plan. By adding in DNS protection, you are blocking another commonly exploited threat. Perhaps this seems like a complex and potentially expensive measure of defense but in reality, it is easy to install and manage and costs a small amount per month per user. If you have any questions about how this cybersecurity measure works to protect your network contact us at info@unetek.com or click the button below.