Allot : DNS-Based Security – Who Are You Kidding?

Moshe Elias|December 18, 2018

The proliferation of unsecured devices in the home presents a lucrative target for cybercrime with ransomware and cryptojacking just two common monetization methods out of many. Consumer security is a massive $6.5B market and with the growth of connected appliances in the home, the security industry is going through a transformation. Gone are the days when anti-virus software was a one-stop solution. Security is moving into the network.

But not all network-based security is equal. The two main approaches provide different results and face different challenges imposed by the changing environment in which they operate.

The first approach is DNS-based and is implemented on the service provider's DNS system. It secures end users by inspecting their DNS requests before fulfilling their requests. If the DNS request is for a known* malicious domain, such as a phishing web site, or its content is inappropriate in a parental control service, the user is redirected to safety. The problems that this approach faces are significant, here are a couple of examples.

Writers of malware avoid the use of DNS. In fact, security researchers at Allot have observed that out of 1,700,000 sample downloads, only 850 used DNS for payload download-99.95% don't use DNS! A second issue is that children easily avoid DNS-based parental control with apps like Google/Jigsaw that opens an encrypted tunnel to the Google DNS system, circumventing the SPs system without any remedy.

The second approach is in-line network-based security. As opposed to DNS-based systems, it sits in line and inspects all the requests coming from the end user including DNS and HTTP/S. It too redirects the user to safety if the domain in question is known to be malicious or its content is categorized as inappropriate.