Here’s today’s riddle. What’s the difference between DNS filtering vs web filtering? This is one of the IT World’s eternal mysteries that isn’t actually a mystery at all, just a sad and desperate way of introducing the subject, because we want to talk about it today.
We want to talk about it because these are cool and effective ways of keeping your team out of data breach trouble, and you don’t have to do much of anything to get the benefits.
DNS Filtering vs Web Filtering: What’s The Difference?
Let’s get one thing straight. Web filtering is a generic term that covers a range of web filtering techniques. Web filtering is often used to mean URL filtering, which is a specific type of web filtering. DNS filtering is another type of web filtering. Any kind of web filtering aims to reduce the risk of security breaches by blocking access to certain websites and web pages. DNS filtering does this by blocking whole domains. URL filtering does this by blocking specific web pages or entire domains.
How URL and DNS Filtering Are Similar
1. They Control Access
Both DNS and URL filtering control which sites and pages your team can access. This helps with two things: data security and business productivity. For instance, if Aaron in Sales can’t access that online gaming site he loves, he won’t be gaming on your time or using your bandwidth, but (hopefully) be doing his job instead. Suppose Jamila in Marketing opens her email and clicks on a malicious link from “a prince,” offering all the money in the world. In that case, her files won’t be held hostage, and she won’t have accidentally downloaded malware to gum up your business.
2. They’re Application-Layer Protocols
The application layer is dirty geek speak for the outer layer of the seven-layer Open Systems Interconnection (OSI) Model, which is the universally-accepted framework for network interoperability. The application layer provides the rules for communications between applications. It allows you to navigate the web with your browser and to access, retrieve or manage web pages, data, and files.
Both URL and DNS filtering use the application layer to identify the content of the domain or page you’re trying to access, and then compare it to the listings in a database that classifies sites and pages by topic and outlines whether they’re banned or not (e.g., Aaron’s gaming site). The DNS and URL filtering will let you access them if they’re approved. If not, then nope.
3. They Use Artificial Intelligence
Forget about having to manually denylist domains and web pages, or research ever-evolving iffy content and filter-avoidance tools. DNS and URL filtering programs often use AI and machine learning to analyze and update contextual information so that they can react to new threats soon after they appear.
4. They Reduce, Rather Than Eliminate, Risk
Web threats are always evolving, and there’s always a time lapse between the bad guy or gal creating a new malicious site. That site is being detected and denylisted by filtering tools. DNS and URL filtering will block many malicious contents, but it won’t protect you from everything.
Yes, But How Do They Actually Work?
URL filtering blocks URLs—Uniform Resource Locators—which is what appears in your browser bar when you’re visiting a webpage. Take a look at ours for this page. You can see that the page you’re on is part of our domain —Ignitionit.com. If Ignitionit.com were an apartment block, this page would be one apartment in it. A URL shows exactly where on the internet a web page lives.
Because it’s based on pages rather than domain names, you have more granular control. You can block individual pages of a site, but not the whole site itself, if you choose to.
DNS stands for Domain Name Server, and DNS filters use the domain name server to filter. This means it blocks entire sites, so if you accidentally try to access a malicious domain, your device won’t even think about loading any pages of that bait website. Phew!
If DNS and URL filtering kind of do the same thing, which should you choose? We say both, because they each have their strengths.
When To Use DNS Filtering
Because it blocks whole domains, use DNS filtering for:
1. Protection from ransomware
Ransomware is a type of malicious software that uses encryption to lock you out of your files. Typically, you’ll click on a malicious link, and your device will access a ransomware server that encrypts your computer. DNS filtering blocks the connection between your device and the ransomware server, so that no encryption ever takes place.
2. Rescue from phishing mistakes
Some phishing attacks are so clever and believable that anyone can click before they think. DNS filtering can protect you from yourself. If you’ve clicked that dodgy link in that phishing email, or a pop-up on that legitimate website, DNS filtering will block access to the malicious site.
3. Avoiding banned or gross topics
Use DNS filtering to denylist the topics you don’t want your staff connecting to, unless it’s part of their job, of course. DNS filtering is especially useful in education, protecting children and young people from the dark dregs of the web.
When To Use URL Filtering
Because URL filtering gives you more granular control, use it to pick and choose which pages of a website you want to block, and which you want to grant access to. For instance, maybe your media people need access to certain parts of a website that publishes your industry news. Still, there are many far-more-interesting pages about sport, entertainment, and non-worky things to get hooked into. URL filtering allows those media people to access just the dull stuff. Or perhaps you want to block instant messaging and peer-to-peer sites during office hours. URL filtering has the flexibility to fix this for you.
DNS Filtering vs Web Filtering: Next Steps
Both DNS and URL filtering should be part of your data security toolbox, but they can sometimes be tricky to configure, depending on your setup and needs. Luckily, tricky is our middle name, so, if you’re in the mood for some DNS filtering vs web filtering chat, give us a call. We’ll be only too delighted, in a good way, to help you.