Security News > 2020 > February > Infoblox announces enterprise best practices for DoT/DoH

Infoblox, the leader in Secure Cloud-Managed Network Services, announced Enterprise best practices on DNS over TLS and DNS over HTTPS. These DoT/DoH guidelines are based on Infoblox's longtime commitment to providing customers with DDI services that enable them to easily and effectively secure their own DNS communications.

"Developments like DoT and DoH are valuable efforts to address this problem, but when they are used to bypass a company's internal DNS infrastructure or evade their security controls, a host of new challenges emerge for IT managers."

"While these new DNS privacy initiatives are necessary and valuable, network administrators and security teams must be aware of the risks that the DoT and DoH approaches raise," said Liu.

To combat this, Infoblox recommends that companies block DoH traffic between internal IP addresses and external DNS servers, forcing employees to use their company's IT-managed DNS infrastructure and ensuring that security policies are enforced.

BloxOne Threat Defense, a hybrid foundational security solution from Infoblox that uses DNS as the first line of defense, blocks resolution to DoH domains and facilitates a graceful fallback to existing internal DNS. This helps prevent DoH misuse and mitigates risk.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/gBXaxdUNqcU/