Akamai Technologies : Firefox DNS over HTTPS (DoH) and Enterprise Threat P ...
October 28, 2019 at 02:32 pm
Share
Recursive DNS communications are normally unencrypted between a client and a resolver. In an effort to improve user privacy and address security concerns, Mozilla announced it would begin enabling DNS over HTTPS (DoH) by default in its Firefox browser. However, Mozilla recognized it would be necessary in some cases for enterprises to be able to inspect DNS traffic to enforce security controls. Consequently, Firefox also supports a 'Network Signal ' that, when used, automatically disables DoH in the browser.
Enterprise Threat Protector (ETP) leverages this 'Network Signal,' which requires disabling the default DoH behavior in Firefox. This disabling behavior will apply automatically for ETP customers. However, if a user has explicitly configured Firefox to employ DoH, the ETP service will be bypassed.
For enterprises that may be concerned about this, there are a number of ways to address the situation:
Use patch management software to prevent the installation and use of Firefox in the enterprise.
Purchase Firefox for Enterprise, which enables administrators to centrally manage and disable access to DoH settings
Consider using the beta ETP Secure Web Gateway (a free upgrade for ETP Advanced Threat customers), which will on-ramp all HTTP traffic to a web proxy where it will be protected, thus preventing a bypass.
If you have any questions about DoH and Enterprise Threat Protector, please contact your Akamai representative.
Attachments
Original document
Permalink
Disclaimer
Akamai Technologies Inc. published this content on 28 October 2019 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 28 October 2019 18:31:04 UTC
Akamai Technologies, Inc. is the world's No. 1 supplier of Internet applications and content distribution acceleration services. The activity is organized primarily around 3 areas:
- content distribution: transmission, storage, and management of data flows, media content, electronic applications, etc.;
- development of applications on Internet sites: applications for recording user visits to sites, research, etc.;
- other: data management, distribution control, application performance measurement, secure content transmission, etc.
At the end of 2023, the group had a platform of more than 350,000 servers interconnected to more than 1,300 Internet access supplier networks worldwide.
The United States account for 51.7% of net sales.