Domain 4 · 4.5 Enterprise Capabilities

4.5.4 Secure Protocols & DNS Filtering

10 min

Secure protocols and DNS filtering provide the mechanisms necessary to protect data in transit, ensure endpoint authenticity, and prevent users from accessing malicious web content.

Secure Internet Protocols Standard protocols are often unencrypted; secure versions use TLS or SSH to provide confidentiality and integrity for network communications.

  • DNSSEC (Domain Name System Security Extensions): Prevents DNS spoofing or poisoning by providing digital signatures for DNS data. It ensures that the DNS response came from the correct server and was not altered.
  • SSH (Secure Shell): Replaces Telnet by providing an encrypted tunnel for remote command-line access. It operates on Port 22 and uses asymmetric encryption for key exchange.
  • SNMPv3 (Simple Network Management Protocol v3): Used for monitoring and managing network devices. Unlike versions 1 and 2, v3 adds encryption, authentication, and hashing to protect management traffic.
  • SRTP (Secure Real-time Transport Protocol): Provides encryption and authentication for voice and video (VoIP) traffic, protecting against eavesdropping or "man-in-the-middle" attacks on media streams.
  • SFTP vs. FTPS: SFTP (Secure FTP) runs over SSH on Port 22, while FTPS (FTP over SSL/TLS) uses SSL/TLS and requires multiple ports for data and control.

DNS Filtering and Security DNS filtering acts as a proactive defense-in-depth layer by controlling which domains a client can resolve to an IP address.

  • DNS Filtering: A technique used to block access to known malicious sites, command-and-control (C2) servers, or inappropriate content by refusing to resolve those domain names.
  • Protective DNS (PDNS): Specifically analyzes DNS queries to detect patterns associated with malware or botnets.
  • DoH (DNS over HTTPS): Encrypts DNS queries using the HTTPS protocol. While this improves privacy, it can make it harder for network administrators to monitor and filter traffic.

Cryptographic Key Exchange Secure protocols rely on the ability to share keys safely across insecure networks.

  • Symmetric Key Scaling: Symmetric encryption requires a unique key for every pair of users (n(n-1)/2). This does not scale well for large groups, making automated key exchange essential.
  • Diffie-Hellman (DH): An asymmetric key exchange protocol that allows two parties to derive a shared symmetric key over an unsecure channel.
  • Ephemeral Keys (DHE): Temporary keys used for a single session and then discarded. This provides Perfect Forward Secrecy (PFS), ensuring that stolen long-term keys cannot decrypt past sessions.

Quick recall - SSH/SFTP Port: 22. - DNSSEC primary goal: Data integrity and origin authentication (prevents poisoning). - SNMPv3 features: Confidentiality, integrity, and authentication (CIA). - DHE keyword: Ephemeral/temporary keys (Perfect Forward Secrecy). - DNS Filtering: Blocks malicious domains before a connection is even established.