katycomputersystems 1 Posted July 11, 2019 Share Posted July 11, 2019 What impact will DNS Queries over HTTPS (DoH) have on End Point Security? Currently, you protect our endpoints from malicious sites, when DoH becomes the norm, browsers will bypass the OS. essentially providing DNS lookups on their own. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,929 Posted July 11, 2019 Administrators Share Posted July 11, 2019 If it becomes a popular standard, we should support it. I'd say it's too early now to speculate about it and we'd tell more in due course. Link to comment Share on other sites More sharing options...
itman 1,630 Posted July 12, 2019 Share Posted July 12, 2019 (edited) I am using DoH option in FireFox Quantum ver. 68 via default use of Clouldflare DNS servers. No issues to date using EIS ver. 12.1.34 running on Win 10 x(64) 1809. As best as I can determine via testing and Eset alerts, Eset's SSL/TLS filtering protection is fully functional with Firefox DoH use. In reality, Eset doesn't monitor UDP port 53 DNS activity other than what is provided by default firewall rules. Therefore, DoH using HTTPS is more secure. -EDIT- To further clarify, Windows DNS service only performs DNS resolution to existing cached DNS resolved entries. Actual initial DNS resolution is performed from the router via ISP lookup or alternatively, via third party DNS servers specified in network adapter IPv4/IPv6 settings. The Windows DNS cache is then updated from this resolution. Note that Windows DNS cache poisoning attacks have been an ongoing issue: https://www.howtogeek.com/161808/htg-explains-what-is-dns-cache-poisoning/ . Note that Eset's IDS protection should be able to detect a DNS poisoning attack. -EDIT- In regards to DoH specifically, it is no longer "bullet proof." The first malware against it was just recently discovered; https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/ . Luckily, Eset also detects this one. Edited July 12, 2019 by itman Link to comment Share on other sites More sharing options...
itman 1,630 Posted July 14, 2019 Share Posted July 14, 2019 The current pressing issue is regards to DNS is DNS hijacking of which DoH is only marginally effective against: https://www.bleepingcomputer.com/news/security/ncsc-issues-alert-about-active-dns-hijacking-attacks/ . Immediate due diligence needs to be performed to ensure routers/gateways are properly secured. Link to comment Share on other sites More sharing options...
Recommended Posts