While a DNS firewall is designed to monitor and filter DNS traffic, a web application firewall (WAF) is meant to inspect inbound and outbound HTTP traffic to prevent web-borne threats. A WAF in networking environments can help to prevent threats like malware, zero-day exploits, cross-site scripting, SQL injection, and many other dangerous web-related attacks.
A DNS firewall is a security solution designed to protect IT environments and users from a broad range of threats by monitoring and filtering Domain Name System (DNS) traffic and blocking requests that violate predetermined security rules and policies. If an organization’s DNS infrastructure goes down, its entire online presence goes down!
DNS is the system that converts human-readable domain names (like example.com) into IP addresses that enable computers to connect to the correct internet site. Using the latest threat intelligence concerning malicious and suspicious DNS endpoints, a DNS firewall can prevent users from accessing sites designed to execute malware, download ransomware, exfiltrate data, or dupe users with phishing and spear-phishing attacks.
Why is a DNS firewall necessary?
Many cybercriminals use DNS services to carry out attacks that can easily bypass traditional network security solutions. A DNS firewall is therefore an important part of a comprehensive, multilayered approach to enhance cybersecurity and build cyber resilience for uninterrupted online presence.
How does a DNS firewall work?
When a user clicks a link or enters a URL for a website or domain, a DNS request is created to lookup the correct IP address for the intended site. Typically, DNS requests are handled by DNS resolvers or DNS proxy servers that look up and return the correct IP address. When a DNS firewall is deployed, all DNS requests flow first through the firewall, where the request is compared to a list of acceptable and unacceptable IP addresses. The firewall automatically blocks access to unacceptable or suspicious sites. Because the list of unacceptable or malicious domains is determined by threat intelligence, DNS firewalls must be constantly updated with the latest information about malicious and suspicious sites. Some DNS firewalls also offer artificial intelligence capabilities that can analyze and identify malicious sites in real-time.
Akamai’s Secure Internet Access solution safely connects users & devices to the internet by utilizing a cloud-based DNS firewall.
What threats can a DNS firewall prevent?
A DNS firewall can prevent users from accessing URLs (uniform resource locators) and destinations that are involved in a wide variety of cyberattacks, including sites connected to:
Phishing. Appearing to be legitimate websites, phishing sites dupe users into sharing confidential information like security credentials, account numbers, and credit card information.
Ransomware. When a user clicks a link on a site dedicated to ransomware, malicious software downloaded to their device encrypts files on their computer and on other systems, rendering these assets unavailable until a ransom is paid in exchange for a decryption key.
Malware. Some websites spread malware by downloading files to a computer when a user clicks on a link on a web page. Hackers use malware in a variety of threats, including spreading viruses, installing spyware, and gaining access to networks and systems to steal data or cause disruption.
Hijacked IPs. Website or web page hijacking occurs when attackers manipulate how DNS queries are resolved so that users are unknowingly directed to malicious websites rather than the safe sites they are seeking.
Data exfiltration. Data exfiltration sites trick users into sharing confidential account information that allows attackers to access IT environments where they can steal and download sensitive corporate or customer data.
What are the benefits of a DNS firewall?
Traditional firewalls can be complex, proprietary and costly to operate — and they may not spot DNS-based threats.
In contrast, a DNS firewall is a targeted, highly effective, fairly simple, and affordable solution that pays huge dividends by providing defense against a broad array of DNS-related threats, including DNS tunneling campaigns that exfiltrate data through the DNS protocol itself. In addition to enhancing DNS security and preventing users from visiting malicious sites, DNS firewalls can mitigate DDoS attacks, promote high availability, enhance DNS performance, and help save on the cost of bandwidth. DNS firewalls often work in tandem with a DDI management platform that manages DNS, Dynamic Host Configuration Protocol (DHCP), and IP address management.
What capabilities are important in a DNS firewall?
To provide superior security, DNS firewalls should offer:
DNS caching. Caching capabilities make it possible to store DNS responses within the firewall to conserve bandwidth, accelerate responses, and make the network more efficient.
Rate limiting. DNS firewalls that provide response rate limiting can help to defend against distributed denial-of-service (DDoS) attacks. When DDoS attacks attempt to render a DNS service unavailable by flooding it with requests, the rate limiting feature of a DNS firewall can prevent too many queries from landing on a server at any specific moment.
Threat intelligence. A DNS firewall requires a feed to receive the latest threat intelligence that can refresh automatically and continuously.
Frequently Asked Questions (FAQ)
A DNS firewall may be deployed as an on-premises appliance, a software-based solution, or as a cloud-based service.
A DNS firewall is specifically designed to monitor DNS traffic only and secure an IT environment against DNS attacks. Network firewalls monitor network traffic, blocking inbound suspicious or malicious traffic as well as outbound traffic that may be involved in data exfiltration or data leaks.
Why customers choose Akamai
Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence.