07-05-2019 07:05 AM
Some of you might have read recently about some malware that leverages DoH:
So we're all asking ourselves here, what next? How do we protect against this? You can't just block port 443.
Are we going to have to rely on firewalls to do https inspection and look for "dodgy" DNS queries embedded inside the https data stream? That sounds VERY expensive to me.
We have to find a way to protect organisations from this threat, at the moment it seems to rely on ensuring all your browsers have DoH disabled, but how do you enforce that across the myriad of browsers and devices inside organisations these days?
Unless I am missing something, it feels like the genie has been let out of his bottle, and I have no idea how to get him back in!
PCN (UK) Ltd
All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE