Featured Image

What does WFH minus DNS Filtering equal?

Here's a math problem (sort of).  What does "WFH" minus "DNS Filtering" equal?  Before you answer, let's get the basics out of the way on the terminology front.

  • WFH is what a huge portion of formerly office-based workers now do, ever since the arrival of COVID-19.  Work from home (WFH) saw an immediate and some say semi-permanent rise in 2020.
  • DNS Filtering is the technology that saves your tail when you accidentally click on a link that you shouldn't have.  It checks the domain name against a known (ever growing) list of known dangerous websites, and prevents you from successfully browsing to a page that is hosted on an unsafe site.  Even if you accidentally click a link to attempt to go to one.  (additional reading about DNS Filtering: here)

Now that we've got that out of the way, lets talk about a world of "WFH minus DNS Filtering" (promise me you won't put yourself in that situation?).

New WFH Threat Vectors

Hackers know that WFH shook up our norms on a bunch of fronts, not the least of which is the safeguards surrounding the activity that happens on our laptops.  Ask any parent who has dealt with kids going through elearning, and you'll be convinced that what once might have been a "work laptop" is now a hybrid laptop that also sometimes gets used (at least in a pinch) for kids activities.  Ask any person who lives with roommates, what happens when one roommate has a computer malfunction and desperately needs to borrow one "for just this one quick meeting".  Or, ask a spouse what happens when their significant other gets in a bind because a technical glitch means that trying a different computer is the fastest path to potentially get back to productivity.

These and other situations mean that a huge portion of laptops that used to be used 99% for work activities, now end up finding themselves in the hands of others, racing to take care of tasks of their own.  And maybe, racing so quickly that it's easier than ever to slip up and accidentally browse to an unsafe site.

That's what hackers are counting on.  They are counting on the fact that our previously-dedicated work laptops are now in a mixed use environment where they end up getting used by multiple people for multiple use cases, leading to a higher probability that malware or other damaging software might sneak through.

The Risk of No DNS Filtering

In an office environment, what do you think would happen if you attempted to browse to a website that has been known to be a malware site for many years?  There is a very good chance that the attempt to browse to that website might be blocked.  By IT infrastructure deep in a telecom closet configured to forbid web browsing to sites that are known to be dangerous.  The most popular way to do this, by the way, is using something called DNS Filtering.

But what if you aren't in the office.  What if you are at home?  And what if at home, instead of a fancy telecom closet, you've got a flimsy cable modem installed by the cable company, that you've rarely-if-ever made configuration changes to?  It's incredibly likely that this type of setup has no DNS Filtering capability enabled at all.  So, regardless of how insanely dangerous any particular link is, your cable modem will likely be more than happy to allow you to browse to it.

Mitigating the Risk

If you are working from home, and if you have a trivially-configured home cable modem (like many people do), there is still hope.  The answer is in using a software-oriented approach that sometimes comes along with antivirus software.  At Havoc Shield, for example, DNS filtering is built into the antivirus software that is available to all users of our platform.  And, in an important element of that DNS filtering protection, the list of unsafe sites is dynamically maintained on the back-end, so that it can be responsive to newly identified threats.  Join us in using the Havoc Shield platform?

Other posts