United States National Security Agency (NSA) is advising enterprise network admins to follow the new set of protocols to secure DNS servers that help eliminate eavesdropping, data exfiltration, and manipulation of web traffic.
The new set of guidelines issued by NSA is said to help mobile & remote workers connecting to corporate servers securely and save themselves and their companies from any cyber incidents during the crisis of COVID-19 pandemic.
Technically, on a previous note, most of the DNS traffic was left unencrypted in order to help the servers divert the traffic to the right location- that can help hackers eavesdrop or induce malware into the traffic. However, DNS Over HTTPS (DoH) is said to facilitate web users the required privacy, integrity and source authentication provided a company deployed DNS Resolver exists.
NSA clarified that DoH only protects DNS transactions from making any fraudulent modifications. But that doesn’t guaranty 100% protection against other cyber threats like DNS Cache Poisoning.
Merely, Oblivious DNS Over HTTPS(ODoH) designed by the network engineers of Apple and CloudFlare can assist DoH Resolvers know which client requested for what domain names even if they are behind false proxies and using virtual IP addresses.
Note- ODoH is a kind of security protocol that wraps a layer of encryption around the DNS query going between an internet user and a website. As the query is encrypted, hackers conducting eavesdropping cannot see the content inside the query, thus making it impossible for them to manipulate the content.
