Is QUIC protocol still a security concern?

phphil
phphil Posts: 39  Freshman Member
First Comment Friend Collector Fifth Anniversary
edited April 2021 in Security

I've ridden that QUIC protocol developed by google, can be a security risk because is not recognized as web traffic by the firewall (usg 210) and then not filtered correctly.

https://www.fastvue.co/fastvue/blog/googles-quic-protocols-security-and-reporting-implications/

The issue is still current?

In order to prevent I currently use a security policy, which block/deny outgoing traffic from LAN to WAN, on port UDP 443

Thank you for your support

All Replies

  • zyman2008
    zyman2008 Posts: 223  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary

    As I study for year still now.

    I cannot find firewall on the market that claim it can identify the web request via QUIC protocol.

    Look like the current work-around is using firewall rule to block UDP destination port 443 to force Chorme to go for standard HTTP protocol.