Lately xov xwm loj ΠΈ thematic platforms (xws li Habr), lawv feem ntau sau txog DNS dhau HTTPS (DoH) raws tu qauv. Nws encrypts thov rau DNS server thiab teb rau lawv. Txoj hauv kev no tso cai rau koj los nkaum cov npe ntawm cov tswv tsev uas tus neeg siv nkag mus. Los ntawm cov ntawv tshaj tawm peb tuaj yeem xaus tias cov txheej txheem tshiab (hauv IETF pom zoo nws xyoo 2018) muab faib rau IT zej zog ua ob lub chaw pw hav zoov.
Ib nrab ntseeg tias txoj cai tshiab yuav txhim kho kev ruaj ntseg hauv Is Taws Nem thiab tab tom siv rau hauv lawv cov ntawv thov thiab cov kev pabcuam. Lwm ib nrab yog ntseeg hais tias technology tsuas yog ua rau txoj hauj lwm ntawm cov neeg khiav dej num nyuaj. Tom ntej no, peb yuav txheeb xyuas qhov kev sib cav ntawm ob tog.
Yuav ua li cas DoH ua haujlwm
Ua ntej peb nkag mus rau vim li cas ISPs thiab lwm tus neeg koom nrog kev lag luam yog rau lossis tawm tsam DNS dhau HTTPS, cia peb saib luv luv ntawm nws ua haujlwm li cas.
Nyob rau hauv rooj plaub ntawm DoH, qhov kev thov los txiav txim qhov chaw nyob IP yog encapsulated hauv HTTPS tsheb. Nws mam li mus rau HTTP server, qhov twg nws tau ua tiav siv API. Nov yog ib qho piv txwv thov los ntawm RFC 8484 (page 6):
Cov kws tshaj lij sau tseg tias DNS dhau HTTPS tuaj yeem dhau los ua kev hem thawj cybersecurity. Thaum pib Lub Xya Hli, cov kws paub txog kev ruaj ntseg cov ntaub ntawv los ntawm Netlab pom thawj tus kab mob uas siv cov txheej txheem tshiab los ua DDoS tawm tsam - Godlua. Cov malware nkag mus rau DoH kom tau txais cov ntaub ntawv sau tseg (TXT) thiab rho tawm cov lus txib thiab tswj cov servers URLs.
Encrypted DoH thov tsis tau lees paub los ntawm software antivirus. Cov kws paub txog kev ruaj ntseg cov ntaub ntawv ntshaitias tom qab Godlua lwm yam malware yuav tuaj, pom tsis tau rau kev saib xyuas DNS passive.
Tab sis tsis yog txhua tus neeg tawm tsam nws
Hauv kev tiv thaiv DNS dhau HTTPS ntawm nws blog hais tawm APNIC engineer Geoff Houston. Raws li nws, tus txheej txheem tshiab yuav pab tiv thaiv DNS hijacking tawm tsam, uas tau dhau los ua ntau yam tsis ntev los no. Qhov tseeb no tshaj tawm Lub Ib Hlis tsab ntawv ceeb toom los ntawm cybersecurity tuam txhab FireEye. Cov tuam txhab IT loj kuj tau txhawb nqa kev tsim kho raws tu qauv.
Thaum pib ntawm xyoo tas los, DoH pib sim ntawm Google. Thiab ib lub hlis dhau los lub tuam txhab ΡΠ΅Π΄ΡΡΠ°Π²ΠΈΠ»Π° General Availability version ntawm nws cov kev pabcuam DoH. Hauv Google vam, hais tias nws yuav ua rau kom muaj kev ruaj ntseg ntawm tus kheej cov ntaub ntawv nyob rau hauv lub network thiab tiv thaiv tawm tsam MITM.
Lwm tus tsim tawm browser - Mozilla - txhawb nqa DNS dhau HTTPS txij lub caij ntuj sov dhau los. Nyob rau tib lub sijhawm, lub tuam txhab tau nquag txhawb nqa cov thev naus laus zis tshiab hauv IT ib puag ncig. Rau qhov no, Internet Services Providers Association (ISPA) txawm nominated Mozilla rau Internet Villain of the Year Award. Hauv kev teb, cov neeg sawv cev ntawm tuam txhab sau tseg, uas ntxhov siab los ntawm kev tsis txaus siab ntawm cov neeg ua haujlwm hauv xov tooj los txhim kho lawv cov txheej txheem Internet tsis tu ncua.