Skip to content

DNS Filter versus Firewall in a guest Wi-Fi environment

Posted by Geraldine Hunt on Wed, Feb 14th, 2018

In a recent Spiceworks community poll, 48% of IT professionals listed their perimeter firewall/UTM appliance as their chosen web filter solution for their respective guest Wi-Fi environments.

Another 11% depended on their wireless management controller or software for filtering. This leaves only 41% of organizations utilizing a dedicated security appliance or service that specializes in web filtering for Wi-Fi.

These figures seem surprising in an era where companies are migrating so many of their services to the cloud. 

Compound this with the fact that only 38% of global organizations claim to be prepared to handle a sophisticated cyber attack and one wonders why web filtering appears to be underappreciated. 


You Don’t Depend on Your Firewall for Email Security

Ten years ago, it was common practice for companies to depend on their firewall or UTM appliance for spam filtering.  These “everything boxes” offered nearly every type of security service available.

This is not so much the case today as companies now invest in dedicated email security gateway appliances or route their email through a cloud-based gateway.  The reason is simple.  Email security is far too critical not to acquire the best solution available.

Phishing is the #1 delivery method for ransomware and other types of malware.  What’s more, a single BEC attack can swindle millions from a company within a brief window of time. 

Because hackers are always developing new attack methods to target email systems, it is important to partner with an email security vendor with the dedicated resources to stay ahead of malicious attack methods.

Email security is so paramount to businesses today that many Office 365 customers also utilize an additional third-party email security solution in addition to the default security offering of Office 365.


Securing Your Guest Wi-Fi Network

Several respondents in the survey stated that they used identical filtering methodologies for both their corporate LAN and guest networks.  The majority, however, did not elaborate. 

This poses the possibility that some organizations may not put the same emphasis on the guest network as they do their primary LAN. The fact is that security must be addressed in the same insistent manner as the rest of your network.

Without the proper controls in place, a Wi-Fi connection can become a backdoor into the corporate network, thus undermining the other network security measures in place.

What’s more, a business could potentially be held liable for inappropriate or malicious content exposed during a guest web session.


Cloud-Based DNS Filtering Makes Sense in a Hybrid World

Traditional web filtering software is no longer a viable way to block malicious sites on an enterprise network.

The Internet is massive with trillions of pages. With traditional web filtering software, you need to categorize sites and block them after the user has already performed a lookup. There is a better way - DNS filtering, but many administrators think it's complicated and too difficult to implement.

If you aren't using DNS filtering, your network is at a higher risk of being exposed to malicious sites.

Enterprises throughout the world have been undergoing a revolutionary change for the past several years.  The enterprise is no longer just about the data center.  Instead, today’s data center is evolving into a conglomerate ecosphere of on-premise, public, private and hybrid cloud resources and digital services.

Gartner refers to this transformation as Hybrid IT and according to them, it is transforming IT architectures and the role of IT itself.  In fact, according to a study conducted by the Harvard Review, 63% of organizations are now pursuing a hybrid IT approach.


Hybrid IT

Hybrid IT is not about any “one technology,” but instead is an approach or strategy that earmarks the best solution for the problem or need at hand.

In this IT as a Service approach, the network manager becomes an IT broker, pursuing the best solutions possible whether they reside on-premise or in the cloud.  Traditional datacenter equipment requires a long-term commitment of investment capital and personnel.

These large outlays of CAPEX can encourage long lifecycles that makes equipment outdated.

Costly migrations take months to plan and even longer to implement.  With a DNS cloud filtering solution, capital investments, upgrades, patching, and migrations are a thing of the past.


Issues with relying on your firewall for everything

One of the problems in relying on your firewall to securitize all facets of your outgoing and incoming web traffic is just that – it is doing everything.

All of these processing and tasks can lead to undesired levels of latency and performance.  Because your firewall is an inline appliance, it also serves as a bottleneck for your enterprise. 

This can be expensive,  labor-intensive to support and doesn’t really suit multiple locations. What happens when your organization expands or your school takes on a one-to-one laptop program?

This can translate into integrating load balancing mechanisms and redundant appliances.  It may require you to migrate to a more robust firewall.  All of these options take up precious capital and man-hours to deploy.


The Agility and Flexibility of Cloud-Based DNS Filtering

For the same reason that organizations have come to recognize the importance of a dedicated email security provider, there is great value in turning to a web security specialist as well.  There are more than one billion websites on the Internet today. 

Cybercriminals continually release new temporary phishing sites, typosquatting domains and malware deployments sites. According to HelpNetSecurity, there are 46,000 new phishing websites created every day.  Drive-by attacks continue to evolve and multiply, as does the ransomware threat.

The fact is that the immense undertaking of protecting your enterprise through web filtering is too important to rely on a vendor where that is not their primary focus. Like email security, web filtering security is paramount for the protection of your users, devices, and data.

If you are growing wary of relying on rigid hardware-based firewall appliances, then turn to the agility of a cloud-based DNS filtering solution.  


DNS Filtering Increases Security and Speed

With old web filtering techniques, the user did a DNS lookup and before the website downloaded, the system would perform a lookup on a separate database of sites. This process is slow due to the overwhelming number of sites and domains on the web. DNS filtering performs the verification query during the DNS lookup stage.

A DNS lookup is performed before the site content is downloaded. It's much quicker and more effective than web filtering with traditional functionality. The process also performs a lookup on valid IP addresses considered safe by the DNS filtering database.

Attackers can't cloak or avoid detection since every browser lookup requires a DNS lookup for a valid domain entry.

You should filter sites not just for malicious content, but also for productivity.

Employees can spend hours on social media and often drop in productivity levels, but some marketing people are paid to spend time answering customers on social media. DNS filtering gives you granular configurations for IT administrators to categorize users and provide access to specific categorized sites for those who need it (like social media) and block access for other employees.

Included in DNS filtering security is protection from encrypted sites with bogus SSL certificates. It's common for websites to use SSL, but it's now common for attackers to set up websites with bogus SSL certificates to trick users into trusting them. 

If you haven't switched to DNS filtering, one common myth is that it's too difficult and not worth the effort. In fact, a single configuration change has you protected without any extra administrative work. DNS filtering is actually much easier to work with than traditional web filtering software. It's time to make the switch and make your web filtering more secure, efficient and fast. 

TitanHQ sets the standards for cloud-based web security,  delivering a range of cloud security services that protect business email, IT infrastructure, compliance and data integrity.  With new threat variants emerging almost daily, businesses have realized they don’t have the IT skills or budget to continually invest time and money to fight these threats. However, dedicated cloud security services such as WebTitan Cloud for web filtering can devote experienced security personnel and massive processing power to fighting these emerging threats. These efforts are then seamlessly implemented to protect our business clients in real-time. 

Related Articles

Never Miss a Blog Post

Sign-up for email updates...

Get Your 14 Day Free Trial

Talk to Our Email and DNS Security Team

Call us on US +1 813 304 2544

Contact Us