How do you develop fast, stable, and secure DNS filtering? That was the challenge we faced when building DNS Guard. Our developer, Terrence Risse, will explain how this tool works and how to use it on your network or device.
The transition to more remote work required a renewed cybersecurity approach. Your company's network can be perfectly secure, but how do you guarantee the same level of security when employees work in a different environment with their laptops, tablets, and phones? DNS security is one of the most critical components in this regard.
Proactively Checking Security
Why is DNS security so important? "When you access a website or email, your device sends a request to a DNS server. This server responds with the IP address of the website or email server you're trying to access. With DNS Guard, we proactively check the reputation of the domain names associated with these IP addresses. If we find that a particular domain name is associated with suspicious or malicious activity, we block access to it before you even connect, so you're protected from any potential viruses or hackers."
But how do you build such a tool? We started by ensuring speed. Terrence explains, "This was our first step because you don't want to notice the use of DNS security. Once it goes above two to three hundred milliseconds, you'll notice a delay, and that causes irritation."
"Our goal was, therefore, to carry out the DNS query in less than 20 milliseconds. During that time, we receive a DNS request and check this request against lists of domain names or URLs that have been flagged as malicious or suspicious."
"We then tested this with a simulation. What happens when tens of thousands of requests come in at the same time? We kept adjusting what could be different until we still managed to stay under 20 milliseconds with a lot of requests."
Once that speed was achieved, the next step was to create a stable, secure, and well-functioning tool. Terrence adds, "We built a dashboard on the front-end, where you can easily add filters yourself. Do you want to prevent employees from accessing certain websites while working? Then you can use it for this purpose."
But the most important thing was to build in stability. "A DNS server is a primary component of a network. When the server fails, the entire network fails. That's why DNS Guard has a backup server. If something goes wrong, another server takes over, and the tool still handles your request."
Stability also means that the filter remains well-protected. "We work with standard lists that get updated worldwide every ten minutes. If a major hack takes place somewhere, the responsible domains can be on the list within ten minutes, and you won't be able to load that website anymore. In addition, we have a Threat Intelligence Feed that is continuously updated by many parties. This ensures that domains get blocked even before they become malicious."
DNS Guard is now complete and works fast, well, and securely. Terrence explains, "But we haven't overdeveloped it. It's now up to customers to indicate what they need. With our scanners, they can see beforehand whether things are safe, with the Honeypot, you catch hackers when they invade, and DNS Guard complements this with active security on all your online traffic."
The customer's needs were central to the development and will continue to be in the future. "DNS Guard runs in the cloud. For the user, it's super simple. With a link or linked IP, you can use DNS Guard on all your devices. We do the updates for you and provide rock-solid uptime to ensure your protection.
Do you want proactive protection within your network or for employees working from home? Start your 14-day free trial now.