Hackers take advantage of the underestimation of the key role of DNS services in the chain of cyber death. According to recent research, 91% of malware uses DNS services to spread it. In addition, the new generation firewalls, IPS, Secure Web Gateways, Sandboxes that we all trust are not very successful in preventing DNS-based malware. For this reason, in this article, we wanted to briefly talk about the DNS firewall concept, which is not very new among cyber security solutions, but whose importance is just beginning to be understood.
In its most basic definition, DNS Firewall is a network security solution that prevents users and systems from accessing malicious websites or links, just like the firewall solutions we know. The main difference with the new generation firewalls we know is that the DNS firewall provides analysis and control at a different layer and stage, the DNS layer.
All internet traffic uses DNS and therefore we can say that DNS service is the foundation of internet services. Next generation firewalls are created to block or allow certain traffic based on port, protocol and/or application. In order for users to use the internet for a corporate network or web service or to use a business critical application, the DNS service must be available to all users. A malware that uses a DNS protocol allowed on the next-generation firewall cannot be detected by a firewall that cannot interpret DNS queries and responses. Although some next-generation firewalls have DNS-related security measures, these are very limited and often not customizable. For such reasons, it is very difficult for new generation firewalls to prevent the spread of malware over DNS services.
DNS Firewall, on the other hand, works on the basis of DNS, which is the basic connection control system located at every point of internet traffic. It performs checks at the DNS layer before internet traffic is yet running at the application layer, and can effectively detect malicious sites or methods such as phishing.
The general working principle is to analyze and classify your DNS traffic and to prevent unwanted or harmful services according to the rules you set. The most important point here is that the DNS firewall product/solution you use has an up-to-date database and can analyze potentially harmful domains in a short time and classify them with a high success rate. In addition, real-time recording of your internet traffic and access to accurate reports will make it very easy for you to see threats and take necessary actions in advance.
