The system aims to incorporate comprehensive network security and content filtering capabilities. Key features include DNS filtering with a system-wide engine that can block or allow domains based on blacklists, whitelists, and category-based rules, utilizing DNS blocklists like AdGuard DNS and OpenDNS categories. It supports secure DNS protocols such as DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) to ensure encrypted DNS queries, and incorporates heuristics to detect DNS tunneling attempts for covert data exfiltration.
Additionally, the system will implement HTTPS filtering via an SSL inspection proxy, enabling MITM interception with a trusted local CA certificate, enforcing HTTPS on all sites, blocking invalid SSL certificates to prevent phishing, and inspecting secure content for malware using a system proxy combined with SSL inspection engines.
Network filtering features include system-wide or application-level firewalls capable of blocking traffic based on IP, ASN, or country using GeoIP databases, port blocking to prevent torrenting or unauthorized application access, and deep packet inspection (DPI) to block non-browser apps or tracking SDKs such as those used by TikTok or Facebook, especially when a system-wide VPN is active.
Content filtering extends to per-site and page-level blocking, employing static and video ad blockers, popup blockers, and script/ tracker blockers to prevent analytics and ad scripts from loading. It also includes blocking adult and gambling sites, fake shopping domains through domain reputation and AI inspection, phishing and scam pages via Google Safe Browsing API, and filtering based on file types such as .exe, .apk, and .torrent to intercept unsafe downloads. Furthermore, it can block ads within social media feeds like Facebook and Instagram through DOM filtering and custom JavaScript rules.
Together, these features create a robust, multi-layered approach to network security and content control, ensuring safer browsing, better privacy, and improved organizational security posture.