DoH: DNS over HTTPS

deanwebb · September 11, 2019, 08:33:03 AM

https://thehackernews.com/2019/09/chrome-dns-over-https.html

DNS check over HTTPS? From a personal security standpoint, I like this idea. No more plaintext advertising of where I want to go.

From an enterprise security standpoint, ugh. $:-\$ If I'm trying to block DNS requests to certain sites, this goes around that. I'm sure we're not that far away from this being utilized as a data exfiltration method.

icecream-guy · September 11, 2019, 11:13:06 AM

PsiXBot malware upgraded with Google DNS over HTTPS, sexploitation kit
https://www.zdnet.com/article/psixbot-malware-upgraded-with-google-dns-over-https-sexploitation-kit/#ftag=RSSbaffb68

wintermute000 · September 12, 2019, 01:23:36 AM

Block it with NGFW, lock down SOE with GP and no admin rights, or live with it

Otanx · September 12, 2019, 01:50:52 PM

With privacy being more and more important a lot of protocols are going to end up hidden to network monitoring. You can SSL intercept some things, but many are doing client auth, and/or certificate pinning. Really at this point you need to go to the endpoint, and protect it. For stuff you can't put agents on you need to proxy, and restrict access as much as possible. You should do that for agented systems too really.

-Otanx

deanwebb · September 12, 2019, 03:24:50 PM

It's not just protecting the endpoint, it's also protecting the data in motion. I'd go with the lockdown at the firewall and proxy, as a botnet client trying to find its C2 server with DoH is unacceptable in my view.

DoH: DNS over HTTPS

deanwebb

icecream-guy

wintermute000

Otanx

deanwebb