Expert Advise On DNS-Over-HTTPS Traffic On The Network

By   ISBuzz Team
Writer , Information Security Buzz | Jan 02, 2020 06:49 am PST

The DNS-over-HTTPS (DoH) protocol is used for increased security on the network and provides additional confidentiality, but could be tracked according to a SANs researcher.*

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Justin Jett
Justin Jett , Director of Audit and Compliance
January 2, 2020 2:51 pm

DNS-Over-HTTPS (DoH) and DNS-Over-TLS (DoT) are important advancements to the overall security of the internet. However, these technologies can create blind spots in corporate networks. By preventing businesses from seeing DNS queries, individuals can become victims to DNS leak attacks if their systems are compromised. While encrypted DNS is important to prevent internal eavesdropping, those within the organizations should use company-approved DoH or DoT servers instead of publicly available servers like those offered by Cloudflare and Google. This will provide the encryption for individuals, but maintain security for the company. As was recently reported, organizations should look for long-lived TLS connections with payloads that don’t exceed a kilobyte. Network traffic analytics is the best way to see these connections without relying on packet capture as this information is easily accessible in network metadata. Additionally, organizations should consider deploying DNS servers that allow those within the organization to connect via DoT and DoH. This will give users the security they want and the visibility the organization needs.

Last edited 4 years ago by Justin Jett

Recent Posts

Would love your thoughts, please comment.x