The US National Security Agency has published this week a guide on the benefits and risks of encrypted DNS protocols, such as DNS-over-HTTPS (DoH), which have become widely used over the past two years. From a report: The US cybersecurity agency warns that while technologies like DoH can encrypt and hide user DNS queries from network observers, they also have downsides when used inside corporate networks. “DoH is not a panacea,” the NSA said in a security advisory [PDF] published today, claiming that the use of the protocol gives companies a false sense of security, echoing many of the arguments presented in a ZDNet feature on DoH in October 2019. The NSA said that DoH does not fully prevent threat actors from seeing a user’s traffic and that when deployed inside networks, it can be used to bypass many security tools that rely on sniffing classic (plaintext) DNS traffic to detect threats. Furthermore, the NSA argues that many of today’s DoH-capable DNS resolver servers are also externally hosted, outside of the company’s control and ability to audit.
of this story at Slashdot.
Source:: Slashdot