[2022 Issue 10] Why browsers can be a security loophole?
Modern browsers and latest operating systems are using new encryption technologies – DNS over TLS (DoT) and DNS over HTTPS (DoH) – to combat against unauthorized DNS services. It can be a great tool for privacy protection, but it would also open up potential threats for your organizations and IT professionals. This article will show how DoH works and how Zyxel ATP firewall can help.
What is DoH?
To understand DoH, it is necessary to first understand how regular DNS works. Domain Name Server (DNS) is just like internet address book and translates each domain name into an IP address.
DNS over HTTPS (DoH) is a new protocol that encrypts domain name system traffic by passing DNS queries. The primary function is that the communication is encrypted helps to hide one’s online activities. For now, all major browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera supports DNS over HTTPS.
DNS filtering solution is a crucial security layer for every cybersecurity vendor. DNS Threat Filter matches domain addresses with the always-up-to-date cloud reputation database and determines if an address is reputable or not.
How DNS Threat Filter Works
However, if DNS over HTTPS queries from the clients happens, the communication is not visible. This allow employees and students to bypass network-level web filtering policies. Companies that rely on web traffic reports from DNS-based solutions also lose visibility into internal network traffic.
How Zyxel can help you to manage the clients' Internet activities
To provide precise visibility of internal network traffic, Zyxel is working to fully integrate the DNS over HTTPS (DoH) protocol with ATP series in a secure way that will help every organization to enhance cybersecurity. Once ATP firewall detects the DNS over HTTPS queries from the clients to known DoH servers, ATP will block these DNS queries to prevent users from bypassing internet restriction policies.
Benefits of DoH/DoT blocking and monitoring:
- Prevents users from bypassing company’s web filter.
- Retains visibility and security over all DNS traffic on your network.
- Efficiently route DNS queries and keep overall network healthy.
- 6.9K All Categories
- 2 Education Center
- 1.4K Nebula
- 34 Nebula Ideas
- 41 Nebula Status and Incidents
- 4K Security
- 204 Security Ideas
- 754 Switch
- 31 Switch Ideas
- 638 WirelessLAN
- 10 WLAN Ideas
- 4.6K Consumer Product
- 106 Service & License
- 225 News and Release
- 77 Stories
- 40 Security Advisories
- 525 FAQ
- 242 Nebula FAQ
- 121 Security FAQ
- 73 Switch FAQ
- 67 WirelessLAN FAQ
- 6 Consumer Product FAQ
- 30 Nebula Monthly Express
- 45 About Community
- 32 Security Highlight