What is a DNS Firewall?
A DNS firewall is a cyber security defense that uses the DNS protocol to prevent endpoints (laptops, workstations, servers, IoT devices, etc.) from acquiring an IP address (A record) to a malicious destination. This is also known as DNS filtering.
How does a DNS Firewall Work?
There are a few ways to deploy a DNS firewall. Securd delivers a DNS Firewall as a cloud based service on an worldwide anycast network.
Endpoint Initiates A DNS Lookup
An endpoint attempts to access a domain name such as maliciousdomain.com. For the endpoint to connect to the domain, it needs to get an A record with an IP address.
We Validate The Query
Securd determines if the DNS query is coming from a subscribed customer. If the DNS query if not approved, it will be blocked. Otherwise, Securd will process the subscriber DNS query.
We Processes The DNS Query
If the DNS query matches the criteria in a security policy, Securd returns its response. Instead of allowing Securd global recursive DNS servers to process the request, the DNS server will respond with a block. If a browser produces the query, the user gets a block page with the reason why it was denied. All the blocked traffic is logged for the administrator to review.
Access To The Threat Denied
If the DNS query matches criteria in a security policy, Securd returns it's own response. Instead of allowing Securd global recursive DNS servers to continue to process the request, a block response is provided back to the endpoint. If this request was done through a browser, the user would be redirected to a block page with the reason why the block occurred. The block is recorded in passive dns logs available to the customer administrator.
What Threats Does DNS Filtering Mitigate?
The Securd DNS Firewall gives endpoints connecting directly to the Internet protection from the most common delivery of attacks including phishing, malware, ransomware, adware and more.
Domains associated to Covid-19 related cyber crime.
New registered domains and dormant domains.
Domains controlled by spammers and bad actors.
Botnet Command Control
Domains hosting a botnet C&C.
Domains hosting malicious adware.
Domains hosting an active phishing site.
Domains hosting downloadable malware.
Domains hosting a botnet component.
DNS servers with poor reputation.
Domain Algorithm (DGA)
Domains generated by an algorithm.
Domains hosting crypto mining scripts.
Typosquatting domains that target top sites.
High Risk Networks
Domain hosted on globally blocklisted IP or network.
Domain hosting pornographic content.
Build Your Own Blocklist
Create any global block list of hostnames or domains you want to block.