DNS Security Threats 101
With typical content blocking/parental control solutions and internet firewalls, you usually have to choose between protecting yourself and household from harmful and addicting online content or benefiting from the security and privacy of DNS security tools.
As someone with a background in cybersecurity, I'm not willing to make either tradeoff. That's why I focused on building something that could effectively do both!
With your Tech Lockdown DNS Content Policy, you can effectively block harmful content while also benefiting from world-class DNS security.
Although we usually discuss content blocking and bypass prevention, I want to focus on an important topic: DNS Security and mitigating online threats with DNS Filtering.
Content Blocking without Compromising on Security
Before we get into the details behind DNS security 101, I want to quickly go over how a DNS Filter can be used both as a content blocker that handles Adult Content and also effectively protect against online threats.
A DNS Filtering service classifies websites and online apps into different categories based on their content and purpose.
Based on your Content Policy block rules, you can choose to prevent access to entire categories of websites or specific domains and applications.
Versatile DNS Filtering services, like the Cloudflare service we integrate with, provide over 200 classifications.
The key is using a service that is effective at categorizing websites, not just a DNS Filtering service that is marketed a specific way. The categorization is really what matters most.
DNS Filtering Vs Virus Scanners
Before we get into how to block security threats, it's important to understand how this is different from a typical virus scanner. Virus scanners usually work alongside DNS Filtering services.
If you have a Windows PC, you are probably familiar with Windows Defender or Mcaffee Anti-virus.
DNS Filtering is an extra layer on top of virus scanners that you use on your device.
The key difference is that DNS Filtering focuses on evaluating the websites and applications you use daily. It's concerned about your internet traffic while a virus scanner is more focused on the files on your device. If you turned off the internet on your computer, a DNS Filter would be pointless. However, your virus scanner would still be evaluating files that are on your computer.
Conversely, a virus scanner usually won't protect you while using your web browser. It will only react to files that are added to your computer. For example, here is how both services would protect you against Malware and Viruses:
- The DNS Filter might block you from reaching the online location where the malicious file could be downloaded.
- The Virus Scanner might react after you open the malicious file that was downloaded.
- If you open the malicious file, and the purpose of that file is to communicate with a malicious site, both the virus scanner and DNS Filter might protect against this.
However, online threats aren't always limited to Malware and Viruses. One of the most common ways that people are harmed on the internet is through Phishing and online scams.
These malicious activities usually use deception and social engineering to harm you. A virus scanner won't be of much use protecting against these things, but a DNS Filter will be an invaluable barrier against them.
DNS Content Policy Rules for Blocking Security Threats
Let's create DNS Content Policy rule to block security threats.
We have a Security Threats rule preset you can select, but it's useful to know why certain categories are selected.
You can follow along in the Content Policy editor in your Tech Lockdown dashboard and create a rule. Your Content Policy will be a list of rules like this:
When you create a rule, go to the Content section and edit the categories, then use the search box to filter the categories based on the information in this post:
New Domains
The first type of possible security threats is New Domains. There are several related sub-categories:
- New Domains
- Newly Seen Domains
- Parked & For Sale Domains
New domains are commonly associated with advertising scams on social media websites like Facebook. For example, the infamous buybuy baby scam that uses Facebook ads to trick people into paying for products that don't exist.
So how does blocking new domains protect you from these scams?
Scammers will typically register a new website that they use for a scam. They will then pay for advertising on social media websites or Google PPC to promote an appealing offer. You may not think to distrust the advertisement because you might trust Google or Facebook to not allow advertising scams.
However, these websites are using phishing tactics to scam victims into paying for products that don't exist. You may not discover this until it's too late because your credit card statement won't reflect the product you were actually paying for.
These scammers usually aren't installing malware or a virus on your computer, so a virus scanner won't tell you that anything is wrong. In fact, the scammers might be using legitimate payment providers to process your credit card payments.
It can take several days before these domains are classified as Phishing. Why? Because Phishing is usually discovered after there are a few victims.
The catch-all approach for this is to block new domains. If you click an Ad on Facebook and you get a block page, you can have some assurance that you are being protected from a scam.
You should breathe a sigh of relief if you ever click an Ad and the web page is blocked. The DNS Filter protected you!
Anonymous Browsing (Proxies and VPNs)
Proxies and VPNs (Anonymizers) are commonly used for legitimate reasons, but they can cause your DNS Filter to not protect your internet correctly.
Some people unintentionally bypass the DNS Filter that is protecting their browsing activity. A common way this happens is that a social media influencer promotes a VPN service to improve your privacy and security while browsing online.
As a result, some people feel that they are improving their security situation by using one. Actually, it's the complete opposite - your connection might not block the categories and apps specified in your Content Policy!
DNS Filtering gives you similar privacy features to a VPN and also protects you better. A VPN won't block categories and apps specified in your Content Policy while a DNS Filter can.
To avoid situations where your DNS Filter is either knowingly or unintentionally bypassed, it's best to block the Anonymizer.
Another reason to block this category is to stop malicious services that leverage proxies to anonymous their actual category. For example, a website classified as phishing might use a proxy to communicate with another service used to steal information. You can hopefully handle these situations by blocking anonymous browsing categories.
Phishing and General Malicious Purpose
Phishing and online scams typically rely on social engineering to trick you into doing something harmful.
These websites might not always add something malicious to your computer, but they are the most common types of threats that people encounter online.
There are several related categories:
- Brand Embedding: Websites that pretend to be another company. For example, facebooc.com.
- Phishing
- DGA Domains
- DNS Tunneling
- Private IP Address
- Spam
Malware and Computer Hijacking
These types of threats you might be more familiar with. These might be websites that install a virus on your computer or attempt to take control of your computer for some greater malicious use.
- Command and Control & Botnet
- Cryptomining: This is a type of attack where your computer's hardware is used to contribute towards making money for the attacker.
- Spyware
- Malware
Going Further with Bypass Prevention
The main goal at Tech Lockdown is to help people protect themselves from the harmful aspects of the internet. If you are trying to simultaneously block addictive and harmful content while also protecting your devices from security threats, you have an even tougher battle.
Most people aren't motivated to bypass their own virus scanner or privacy tool. But if you are also blocking addicting content, people will go through great lengths to bypass DNS Filtering. This is a difficult combination of incentives.
This is why I've gone through so much effort to help people prevent bypass of their DNS Filtering. You want to avoid situations where your protective Firewall is unintentionally or intentionally bypassed.
Here are the types of concepts we cover in the Tech Lockdown guides :
- Go much further with bypass prevention using device management techniques to enforce restrictions on a device.
- Increasing accountability and browsing transparency
- Preventing uninstall of apps and browsers extensions
- Handling common bypass methods
These step-by-step instructions are made available to Tech Lockdown members in your account dashboard in the guides section.