Expert Advise On DNS-Over-HTTPS Traffic On The Network

The DNS-over-HTTPS (DoH) protocol is used for increased security on the network and provides additional confidentiality, but could be tracked according to a SANs researcher.*

https://twitter.com/xavitron/status/1209849990249627648

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Justin Jett
Justin Jett , Director of Audit and Compliance
InfoSec Expert
January 2, 2020 2:51 pm

DNS-Over-HTTPS (DoH) and DNS-Over-TLS (DoT) are important advancements to the overall security of the internet. However, these technologies can create blind spots in corporate networks. By preventing businesses from seeing DNS queries, individuals can become victims to DNS leak attacks if their systems are compromised. While encrypted DNS is important to prevent internal eavesdropping, those within the organizations should use company-approved DoH or DoT servers instead of publicly available servers like those offered by Cloudflare and Google. This will provide the encryption for individuals, but maintain security for the company. As was recently reported, organizations should look for long-lived TLS connections with payloads that don’t exceed a kilobyte. Network traffic analytics is the best way to see these connections without relying on packet capture as this information is easily accessible in network metadata. Additionally, organizations should consider deploying DNS servers that allow those within the organization to connect via DoT and DoH. This will give users the security they want and the visibility the organization needs.

Last edited 2 years ago by Justin Jett
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x