12 Days of Defense - Day 6: How DNS over HTTPS (DoH) Works / DNS Privacy
Вставка
- Опубліковано 2 сер 2024
- In this episode:
- The privacy and security monitoring implications of unencrypted DNS
- The DNS over HTTPS (DoH) standard that will disrupt your visibility into DNS
- What DoH traffic looks like, and how to capture and decrypt it in Wireshark on your own system
Side note: There is another competing standard - DNS over TLS (DoT) which I do not mention in this video as it is less popular (although still used by some Android devices). It is easier to find due to its use of port 853 as opposed to the DoH use of 443. The visibility concerns in this video apply to DoT as well, but it's an easier protocol to identify and block in a corporate environment due to the unique port.
===
My SANS Courses:
- SEC450 - Blue Team Fundamentals: sans.org/sec450
- MGT551 - Building and Leading Security Operations Centers: sans.org/mgt551
PDF Guide to Security Operations: www.sans.org/security-resourc...
Blueprint Podcast: sans.org/blueprint-podcast
Twitter: / sechubb - Навчання та стиль
Wawzies! This was quite informing, thank you John!
Very important and updated information. Thanks. !! Keep going !!
You're awesome dude cheers for this video series
great information.
Very important topic for blue teams. DNS requests must be viewed but DoH makes it harder
Awesome information!! Thanks so much for this! Got a good laugh with the "dns is now http traffic mInD BLoWn!!" lol!
Great videos @SecHubb, are you planning to go over the DoH server set up for organizational use?
Unfortunately that sort of thing probably won’t fit in a 15 minute video, but you can play with this tool if you want to try it out yourself. github.com/DNSCrypt/dnscrypt-proxy There are a few tutorials out there that show you how to set up dnscrypt-proxy with pi-hole for playing with it such as this one. blog.cloudflare.com/deploying-gateway-using-a-raspberry-pi-dns-over-https-and-pi-hole/
but what about ODOH?