Qhov teeb meem loj heev. Raws li Palo Alto Networks Unit 42 kev tshawb fawb lab, kwv yees li 85% ntawm malware siv DNS los tsim cov lus txib thiab tswj cov channel, tso cai rau cov neeg tawm tsam kom yooj yim txhaj malware rau hauv koj lub network nrog rau nyiag cov ntaub ntawv. Txij li thaum nws pib, DNS kev khiav tsheb tau loj heev unencrypted thiab tau yooj yim txheeb xyuas los ntawm NGFW kev ruaj ntseg mechanisms.
Cov txheej txheem tshiab rau DNS tau tshwm sim los txhawm rau nce kev ceev ntiag tug ntawm DNS kev sib txuas. Lawv nquag txhawb nqa los ntawm cov neeg muag khoom browser thiab lwm tus neeg muag khoom software. Encrypted DNS tsheb yuav sai sai no pib loj hlob nyob rau hauv koom tes tes hauj lwm. Encrypted DNS kev khiav tsheb uas tsis raug txheeb xyuas thiab daws tau los ntawm cov cuab yeej ua rau muaj kev nyab xeeb rau lub tuam txhab. Piv txwv li, xws li kev hem thawj yog cryptolockers uas siv DNS los pauv cov yuam sij encryption. Tam sim no cov neeg tawm tsam tau thov tus nqe txhiv ntau lab daus las los kho koj cov ntaub ntawv. Garmin, piv txwv li, them $ 10 lab.
Thaum teeb tsa kom raug, NGFWs tuaj yeem tsis lees paub lossis tiv thaiv kev siv DNS-dhau-TLS (DoT) thiab tuaj yeem siv los tsis lees txais kev siv DNS-over-HTTPS (DoH), tso cai rau tag nrho DNS tsheb khiav hauv koj lub network los soj ntsuam.
Dab tsi yog encrypted DNS?
DNS yog dab tsi
Domain Name System (DNS) daws cov neeg nyeem tau cov npe sau npe (piv txwv li, chaw nyob www.paloaltonetworks.com ) rau IP chaw nyob (piv txwv li, 34.107.151.202). Thaum tus neeg siv nkag mus rau lub npe sau rau hauv lub vev xaib, tus browser xa cov lus nug DNS rau DNS server, nug tus IP chaw nyob cuam tshuam nrog lub npe sau npe. Hauv kev teb, DNS server xa rov qab IP chaw nyob uas qhov browser no yuav siv.
DNS queries thiab cov lus teb raug xa mus thoob plaws lub network hauv cov ntawv dawb, tsis muaj encrypted, ua rau nws yooj yim rau kev soj ntsuam lossis hloov cov lus teb thiab xa rov qab cov browser mus rau cov servers phem. DNS encryption ua rau nws nyuaj rau DNS thov kom taug qab lossis hloov pauv thaum sib kis. Encrypting DNS thov thiab cov lus teb tiv thaiv koj los ntawm Man-in-the-Middle attacks thaum ua haujlwm zoo ib yam li cov txheej txheem plaintext DNS (Domain Name System) raws tu qauv.
Ob peb xyoos dhau los, ob lub DNS encryption raws tu qauv tau qhia:
DNS-over-HTTPS (DoH)
DNS-over-TLS (DoT)
Cov txheej txheem no muaj ib yam zoo sib xws: lawv txhob txwm zais DNS thov los ntawm kev cuam tshuam ... thiab los ntawm lub koom haum cov neeg saib xyuas kev nyab xeeb thiab. Cov txheej txheem feem ntau siv TLS (Kev Thauj Khoom Txheej Txheem Kev Ruaj Ntseg) los tsim kev sib txuas encrypted ntawm tus neeg siv cov lus nug thiab cov neeg rau zaub mov daws cov lus nug DNS hla qhov chaw nres nkoj uas tsis nquag siv rau DNS tsheb.
Qhov tsis pub lwm tus paub ntawm DNS cov lus nug yog qhov loj ntxiv ntawm cov txheej txheem no. Txawm li cas los xij, lawv tsim teeb meem rau cov neeg saib xyuas kev nyab xeeb uas yuav tsum tau saib xyuas kev sib txuas hauv network thiab ntes thiab thaiv kev sib txuas tsis zoo. Vim tias cov txheej txheem sib txawv hauv lawv qhov kev siv, cov txheej txheem tshuaj ntsuam yuav txawv ntawm DoH thiab DoT.