How to Identify and Control DoH On Your Network


Along with bandwidth, privacy and security are the major concerns shared by everybody and everything on the Internet. Engaging in man-in-the-middle style attacks, today hackers from cyber criminal organizations, state sponsored or masse surveillance interception, can intercept clear-text DNS lookups, track and monitor users’ activities or interfere with commerce and undermine confidence in the platform. A new privacy-focused DNS resolution technique may resolve this vulnerability but introduces challenges for security professionals who are tasked to monitor and manage DNS traffic within their organizations.

DNS over HTTPS, a new protocol dubbed DoH, will encrypt domain lookups with the intent of boosting Internet privacy, performance, and security. With current DoH implementations, DNS resolution can be performed within an application, bypassing the DNS configuration of the operating systems and thus preventing any DNS based protections that an organization may have deployed.

Read more…
Source: Symantec