Skip to main content

The phantom menace: what web content should be left behind a DNS firewall

(Image credit: Image Credit: Wright Studio / Shutterstock)

The Internet is a vast universe of content, where you can find almost anything--from billions of cat photos to the work of ancient scholars...to the newest ransomware, flying under the radar of security specialists.

This is what keeps those specialists up at night because their main goal is to make the web safer and more secure for everyone. And that’s why, as a result of their hard work, we have products like the DNS firewall: A solution that's lightweight and not resource-hungry, but still able to protect web users from a wide range of online threats.

DNS firewalls are crucial tools for keeping people safe online: They check every single web domain that a browser requests against a database of “known offenders,” and if they find a match with a malicious site, they don’t let the browser connect to it. But it’s not always easy to know what your DNS firewall should block: How do you figure out which sites are dangerous, which sites are safe, and which sites are just undesirable in the workplace or at home? We've compiled a list of the top threats that DNS firewalls prevent, according to web security experts. You’ll probably recognize some of these right away--but others may surprise you:

Adult content sites

While adult websites are legal in many countries, they tend to become breeding grounds for all sorts of malware. Historically, cybercriminals have often targeted adult websites' visitors with Trojan Horse viruses, adware, and so-called “sextortion” schemes.

According to a report by cybersecurity leader Kaspersky Lab, malicious actors are actively using adult content search terms to promote malware in search results: In 2018 alone, more than 87,000 web users downloaded malware that was disguised as adult content--after they clicked on links that looked like genuine adult sites. With that in mind, using a DNS firewall to block adult content domains can be a key step toward a safer web experience. 

File hosting sites

Like adult content sites, file-hosting websites usually aren’t malicious by design--but they're often associated with online piracy, which can be directly connected to cyberthreats. This is especially the case when people download “pirated” files or software that isn’t from authorized providers. According to a research paper by the Vienna University of Technology, up to 50 percent of pirated content on file-hosting websites is infected with malware.

Leaving these types of websites behind a firewall makes good sense as it can help protecting you from downloading malware to the device you are using. And it makes even more sense if the device that accesses them is used by less tech-savvy people who may fall prey to malicious actors.

Drug and alcohol distribution sites

This category consists of domains that are related to the distribution of illegal drugs and alcohol. It's clear why visiting illegal drug-related websites isn't a good idea, outside of the fact that they tend to spread malware.

As for alcohol-related sites, we recommend blocking this type of content in the case when your device is used by children or anyone for whom this content could pose a risk.

Fake news sites

The last few years have shown that the spread of misinformation can be just as dangerous as malware infections. From election interference to false reports about Covid-19, fake news has unfortunately become a part of our online lives.

Unfortunately, not everyone is able to effectively filter out deceptive content. A DNS firewall can solve this problem: It collects and vets domains that host false and inaccurate information, keeping fake news at bay.

Gambling sites

In addition to being illegal in many countries, online gambling is yet another category of web content that's often connected with cyberthreats. While lesser-known online casinos may pose security risks, some of the more popular ones often become high-profile cyber crime targets. Your browser may be compromised after you visit these types of websites--even accidentally, which can lead to your computer being infected with malware.

Gaming sites

This category may be important for households with children, or people who suffer from gaming addictions. And in the workplace, leaving all the games behind a firewall often helps create a distraction-free environment that helps staff be more productive.

E-commerce sites

Many employers choose to block access to e-commerce websites in the workplace. But regardless of whether you’re at work or at home, many websites from this category are promoted through annoying pop-up ads on other sites that can distract and confuse users. A DNS firewall clears away this clutter, discourages bad online advertising practices, and lets web users focus on the main content they’d like to view.

Social networking sites

Creating a distraction-free online environment also involves blocking social networks. Checking social media obsessively can quickly become a problem; solving it requires self-discipline--and a DNS firewall. In addition, blocking social media platforms stops their ubiquitous practice of tracking users’ behavior and actions across the web.

Suspicious domains

Many of the domain names that are added to a DNS firewall's database each day can't be put into one of the categories above right away, but they certainly could be harmful. This is usually based on reports from security trackers, who find that these domains are showing activity that’s likely to be malicious.

Malware

This is probably the most self-explanatory category: Software that’s specifically designed to disrupt, damage, or gain unauthorized access to a computer system. It should be blocked by default, unless you’re a security expert who likes to play around with malware in the wild!

Customizing your firewall

Using these categories as your guide can make it easier to set up a DNS Firewall, but the process is certainly not the same for everyone: A “one-size-fits-all” approach doesn't work for a product like this, so there's always a way to customize your firewall by adding your own list of domains (or subdomains) to block. The Internet is great--and free--but there are many places in the online world that are better left behind an impenetrable firewall, to make the web safer and more secure for everyone.

Vasiliy Ivanov, founder and CEO, KeepSolid