Internet pioneer Paul Vixie has a red flag warning for CISOs: a movement toward baking in more privacy for Internet users soon could begin to burn some enterprise security efforts.
A new generation of Internet standards in the wings aimed at protecting the privacy of end users - DNS over HTTPS (DoH), TLS 1.3 ESNI (Encrypted Server Name Indication), and HTTP/3 over the QUIC Internet transport protocol - could impede next-generation firewalls and other security tools from detecting and filtering out malicious traffic, says Vixie, the chairman, CEO, and co-founder of Farsight Security.
Industry experts like Vixie have been debating how encryption hampers the security team's visiblity for some time now, but the real-world implications that had them concerned could soon be felt by businesses, and consumers.
DoH already is an available feature option in Chrome and Firefox browsers: it places DNS queries in encrypted HTTPS sessions so they can't be intercepted or viewed. The TLS 1.3 ESNI encryption protocol prevents ISPs and firewalls (and nation-states) from viewing the sites user are visiting in order to track or censor their online activity and access. That protocol, according to Vixie, is at least another two years away from wide deployment.
As he explains, well-intentioned user privacy efforts in the post-Edward Snowden era don't necessarily translate verbatim into Internet infrastructure security. The origins of the Internet in the 1970s was as an open network for government contractors, universities, and researchers, and its evolution into the massive communications platform for all users - consumer, commercial, government, and inadvertently, cybercriminals and nation-state threat groups.
"The I ..
Support the originator by clicking the read the rest link below.
