"*" indicates required fields
Microsoft is implementing stricter security policies and is tackling security at the Domain Server Name (DNS) level. The company recently provided insight into how zero-trust DNS (ZTDNS) can better secure networks on Windows.
With the new technology, the tech giant wants to better counter possible connections between devices or clients with malicious IP addresses. It does this by addressing security at the DNS level, checking both IPv4 and IPv6 addresses for maliciousness and then blocking them.
Microsoft calls the now-developed technology ‘zero trust DNS’ or ZTDNS. First, the technology provides encrypted and cryptographically authenticated connections between end users’ devices or clients, and DNS servers. Second, ZTDNS allows administrators to severely restrict (access to) domain names facilitated by these servers.
All this is done to minimize the possible attack vectors that DNS servers are vulnerable to.
Under the hood, ZTDNS integrates the Windows DNS engine with the Windows Filtering Platform. This is the main component of the Windows Firewall. This integration, in turn, is integrated directly into end users’ devices.
The integrations of the previously separate engines implemented in ZTDNS allow updates to the Windows Firewall to be made based on separate domain names. This enables companies to tell their employees’ clients to use only their own DNS server with TLS that allows access only to specific domain addresses. Microsoft calls this DNS server(s) the ‘protective DNS server’.
In this way, the firewall will block requests to all domain addresses by default except those specified in lists of allowed addresses. A separate list allows IP address subnets belonging to authorized software employees use.
Using ZTDNS is not entirely without risks. Experts tell Ars Technica that implementing ZTDNS can disrupt important network operations. Administrators should first make important changes to network designs to avoid these disruptions.
With the introduction of ZTDNS, Microsoft appears to be taking the first steps in tightening its security measures. These measures, or the lack thereof, have received much criticism in recent months.
Meanwhile, with its Secure Future Initiative, the company has embarked on a comprehensive path for improvements at multiple levels. In addition, the tech giant has appointed several new executives to significantly improve communication about security with customers, among other things.
Also read: Windows security updates lead to VPN problems
Cisco’s videoconferencing service Webex is under fire. Research from Die Zeit shows that metadata from numero…
SAP is still sometimes described as a tech dinosaur that does not innovate fast enough. Christian Klein has b…
Cisco is not wasting any time and has already completed the first integrations between its own product offeri…
Today is the kickoff of SAP Sapphire in Orlando, and SAP only talks about one thing: AI, or as SAP has named …
Launching a new AI fund from Cisco Investments should enable startups worldwide to bring good and secure AI s…
ASML currently has the second highest market capitalization in Europe. The Dutch chip machine maker is now wo…
Nvidia is currently the second most valuable company in the world. Apple has since been overtaken, with Micro…
The new service lets companies store backups remotely, focusing on immutability and encryption. In this way, …
Vanenburg will become Rappit. The new name should have better international appeal and emphasize the focus on…
Research from Pure Storage indicates that companies have had good experiences with Kubernetes and are now loo…
Atos is introducing a range of new consulting services, named the Atos Virtual Infrastructure Proficiency (VI…
Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.
© 2024 Dolphin Publications B.V.
All rights reserved.
About The Author
More Stories
From Refugee to Digital Leader: How Justin Is Helping to Connect Rhino Camp
The World Cup of Internet Resilience
Community-Centered Connectivity Initiatives Earn Viddy Awards Recognition