Microsoft punts Zero Trust DNS to help protect organisations against cyber crime

By Matthew Griffin Security and Privacy 19th May 2024

WHY THIS MATTERS IN BRIEF

The current internet DNS system wasn’t designed for today’s insecure world so Microsoft are applying Zero Trust to their newest DNS system.

Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trends, connect, watch a keynote, or browse my blog.

The internets domain name lookup process is one of the most significant holes in network security. Despite being crucial for translating human-friendly web addresses into IP numbers that computers can understand, DNS is too “open” which leaves it vulnerable to cyber attacks – and lots of them. Everything from your browser to apps to operating system components broadcast DNS requests in the clear, making them vulnerable to snooping and hijacking attacks.

Hackers raid another crypto bridge in $7 Million take down

Microsoft is finally doing something about this DNS vulnerability. The company recently released a preview of its new “Zero Trust DNS” (ZTDNS) framework to secure Windows DNS traffic. From what we have seen, it’s a pretty comprehensive security overhaul.

The core concept behind ZTDNS is just as it sounds – never automatically trust any domain resolution request until it’s thoroughly validated. Under this model, Windows PCs configured for Zero Trust DNS will flatly refuse to connect to any server unless its domain name is explicitly approved and its DNS lookup encrypted and authenticated.

The Future of Cyber, by Futurist Matthew Griffin

“[Zero Trust DNS] renders the use of hard-coded IP addresses or unapproved encrypted DNS servers irrelevant without having to introduce TLS termination and miss out on the security benefits of end-to-end encryption,” Microsoft explains.

Unhackable "Quantum Alphabet" encryption ushers in new era in cybersecurity

Zero Trust DNS utilizes two existing Windows technologies – the DNS client for handling lookups and the Windows Filtering Platform for enforcing network policies. When enabled, ZTDNS blocks all outbound IPv4 and IPv6 traffic by default, except for approved DNS servers and the bare minimum needed for network discovery. So, any DNS response containing an IP address unlocks an exception for that destination, allowing the corresponding app or service to connect. In contrast, attempts to access an unapproved IP get stonewalled instantly.

Microsoft hopes that widespread Zero Trust DNS adoption helps to block potentially malicious traffic using unverified domain names. The framework could eliminate entire categories of DNS-based attacks and data leaks for businesses and high-risk environments.

Of course, the feature is still in the early preview stage, with no firm timeline for a stable release. However, Microsoft has committed to flighting it to Windows Insiders soon for broader testing.

US military report recommends giving AI autonomous authority to launch nuclear weapons

Microsoft is undergoing a protection overhaul after the US Cyber Safety Review Board criticized past security practices as “inadequate.” The Board’s concerns arose after major incidents like the Exchange Online hack. The review prompted CEO Satya Nadella to take action. Earlier this week, he dispatched a company-wide memo instructing employees to prioritize security over everything else.

Microsoft’s renewed focus explains the unveiling of the ZTDNS framework, potentially one of the first changes corresponding to the shakeup.

Matthew Griffin / About Author

Described by NASA as a "Walking Encyclopaedia of the Future" and one of the world’s most in demand keynote speakers Matthew Griffin, Founder and Futurist in Chief of the 311 Institute, a global Futures and Deep Futures advisory firm, is a multi-award winning Futurist and strategic foresight expert, author, lecturer, mentor, podcast and YouTube host.

With a distinguished career running global business units at Atos, EMC, and IBM today Matthew helps leaders and titans of industry from all over the world explore the impact of the inter sections of technology, culture, and leadership, then helps them create high performance organisations that can continuously disrupt, outpace, and outthink their competition.

15 times author of the hit series the Codex of the Future series Matthew's ability to identify, track, and explain the impacts of hundreds of emerging technologies and trends on global business, culture, and society has earned him a powerful reputation and a roster of clients that include royal households, world leaders across the G7, G20, and G77, and many of the world's most recognised and exceptional organisations including ABB, Accenture, ABN Amro, Adidas, AON, ARM, BCG, Centrica, Citi Group, Coca Cola, Deloitte, Dentons, Disney, Dow, EY, Google, KPMG, Lego, Microsoft, Legal & General, LinkedIn, Nokia, Paramount, PepsiCo, PWC, Qualcomm, RWE, Samsung, T-Mobile, UBS, Visa, WIRED, WPP and hundreds of others.

Matthew is regularly featured in the global media including the AP, BBC, Bloomberg, CNBC, Discovery, Forbes, Khaleej Times, Telegraph, TIME, ViacomCBS, WIRED, and the WSJ, and his mission is to help organisations create a fair and sustainable future whose benefits are shared by everyone irrespective of their ability, background, or circumstances.