VGNet.NL
Technology Professional
    RSS
    • About
    • Certification
      • Check Point
      • Cisco
      • F5
      • IBM ISS
      • Microsoft
      • Nortel Networks
      • RSA SecurID
    • Contact
    • Experience
      • Analysis
        • Certificates
          • OpenSSL
        • Firewalls
          • Checkpoint
          • Fortigate
        • Networking
          • Netflow
          • Nmap
          • TCPdump
          • Wireshark
        • Performance
          • Unix
      • IT Infrastructure
        • Databases
        • DNS
        • Mail
        • Web Service
      • Monitoring
        • Cacti
        • Observium
      • Networking
        • High Availability
      • Security
        • Encryption
        • Firewalls
        • IPS
      • Web Design
        • CMSimple
        • Joomla
        • WordPress
    • Knowledge
      • eMail
        • Amavis DKIM
        • DKIM
        • DMARC
        • SPF
      • IT Infrastructure
        • DNS
      • Monitoring
        • Cacti
        • Observium
      • Networking
        • Cisco
        • Ethernet
        • TCP/IP
        • Wi-FI
      • OS
        • Mac OSX
        • Unix
          • GNU/Linux
          • NetBSD
        • Windows
      • Security
        • PKI
      • Virtualization
        • VMware
    • Vendors
      • Check Point
      • Cisco
      • dMarcian
      • Imperva
      • Juniper
      • RSA SecurID

    Oct 20 2019

    DNS over HTTPS (and all its friends & relations)

    Due to pervasive unpreparedness of users, applications, operating systems, and protocols, DNS has become an essential control point for “cyber” security. Most networks have a mix of legacy, modern, safe, and unsafe devices attached to them, and this condition won’t change as quickly as the Beyondcorp initiative might suggest. However, DNS is also an important control point for authoritarian regimes, and so “bypass” innovation is continuous, rapid, and ambitious. Here, Dr. Vixie pays special attention to the “bypass” innovation called “DNS over HTTP” or “DoH” protocol, now being strongly pushed by Mozilla, Cloudflare, and others, and outlines its problems and risks. In addition, a brief mention is made of IRTF Resolverless DNS.

    Source: vBSDcon – Paul Vixie

    By MyShare • Security, Technology

    Sep 25 2019

    Centralised DoH is bad for privacy

    I came across an article on DoH (DNS over HTTPS), below a small part of the article. Please read the whole blog entry.

    DoH

    Recapping what DoH does

    DNS is currently typically provided by the operator of a network, which could be your Internet Service Provider, your phone company, your employer or your proverbially evil coffee-shop WiFi.

    DNS provided this way is never encrypted. Anyone observing your network traffic can see which DNS look-ups are made. A more capable person could also inject fake answers, potentially rerouting your traffic.

    DNS over HTTPS meanwhile encrypts DNS queries going over the network, which means that no one between you and the DoH server can see your DNS queries or modify the DNS responses.

    Crucially, in both plain DNS and DoH, the operator of the DNS server can see, sell, block and modify your DNS data. It is only the people in between that get locked out.
    DNS & Metadata Privacy

    DNS privacy matters. Or more in general, knowing what sites you visit matters: your traffic metadata. A complete listing of sites (and servers) contacted will reveal where you work, live, study, what your hobbies are, what equipment/devices you own, what sports teams you follow, which health care providers you frequent, what brand of car you (want to) own & likely your sexual preferences.

    Many governments will also be very interested in who communicates with political parties or organizations they don’t like.

    Restricting and choosing who can see the meta-data of what sites you visit is therefore very worthwhile.

    Source: PowerDNS blog

    By MyShare • Security, Technology • Tags: DoH

    Jan 17 2017

    DMARC is changing the world of email

    DMARC is changing the world of email. Learn about DMARC and what it is doing for email in this easy to follow overview.

    DMARC Overview:

    Link to more information on dMarcian.

    By MyShare • Company

    Apr 20 2016

    Time for change

    Finally Checkpoint changed the way how objects are stored with the R80 release. This release is only running management, wonder when the gateways will be available.

    CP-R80-GAIA-Login

    Installed this version in a VMware ESXi 5.5 environment with not problems, at the moment it is running with 3Gb of memory at that is not enough. The swap is already used for 35% and it is only running the Gaia portal, management – and log server no active connections from Smart Console users or logging from gateways.

    Check Point R80 release notes.

    By MyShare • Security

    1 2 3 4 ›»

    RSS Bugtraq

    • An error has occurred, which probably means the feed is down. Try again later.

    RSS Full Disclosure

    • Backdoor.Win32.Bushtrommel.122 / Unauthenticated Remote Command Execution
    • Backdoor.Win32.Bushtrommel.122 / Authentication Bypass
    • Backdoor.Win32.Jokerdoor / Remote Stack Buffer Overflow
    • Backdoor.Win32.Destrukor.20 / Unauthenticated Remote Command Execution
    • Backdoor.Win32.Destrukor.20 / Authentication Bypass

    RSS Security.NL

    • Twitter bevestigt datalek met gegevens van 5,4 miljoen gebruikers
    • Ruim honderd Nederlandse tandartspraktijken gesloten wegens cyberaanval
    • Meta: spionagegroep gebruikte Apples Testflight voor verspreiding chatapp
    • Na zes jaar nieuwe versie Traffic Light Protocol voor het delen van informatie
    • Amazon koopt "slimme" stofzuigerfabrikant iRobot voor 1,7 miljard dollar

    Comment

    Private

    • Amateur Radio PEØSAT

    Popular Topics

    CVE-2014-0160 CVE-2014-6271 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2015-3456 CVE-2015-4000 DoH Heartbleed Loglam Network PKI POODLE Professional Security Social Engineering Technology Unlock encryption Venom WeakDH

    ↑

    © VGNet.NL 2022
    Powered by WordPress • Themify WordPress Themes