Microsoft punts Zero Trust DNS to help protect organisations against cyber crime

0 12

By Matthew Griffin Security and Privacy 19th May 2024

WHY THIS MATTERS IN BRIEF

The current internet DNS system wasn’t designed for today’s insecure world so Microsoft are applying Zero Trust to their newest DNS system.

Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trends, connect, watch a keynote, or browse my blog.

The internets domain name lookup process is one of the most significant holes in network security. Despite being crucial for translating human-friendly web addresses into IP numbers that computers can understand, DNS is too “open” which leaves it vulnerable to cyber attacks – and lots of them. Everything from your browser to apps to operating system components broadcast DNS requests in the clear, making them vulnerable to snooping and hijacking attacks.

AI and 6G will form the bedrock of China's first hypersonic missile defence system

Microsoft is finally doing something about this DNS vulnerability. The company recently released a preview of its new “Zero Trust DNS” (ZTDNS) framework to secure Windows DNS traffic. From what we have seen, it’s a pretty comprehensive security overhaul.

The core concept behind ZTDNS is just as it sounds – never automatically trust any domain resolution request until it’s thoroughly validated. Under this model, Windows PCs configured for Zero Trust DNS will flatly refuse to connect to any server unless its domain name is explicitly approved and its DNS lookup encrypted and authenticated.

The Future of Cyber, by Futurist Matthew Griffin

“[Zero Trust DNS] renders the use of hard-coded IP addresses or unapproved encrypted DNS servers irrelevant without having to introduce TLS termination and miss out on the security benefits of end-to-end encryption,” Microsoft explains.

Lone researcher stops one of the biggest open source backdoor attacks in history

Zero Trust DNS utilizes two existing Windows technologies – the DNS client for handling lookups and the Windows Filtering Platform for enforcing network policies. When enabled, ZTDNS blocks all outbound IPv4 and IPv6 traffic by default, except for approved DNS servers and the bare minimum needed for network discovery. So, any DNS response containing an IP address unlocks an exception for that destination, allowing the corresponding app or service to connect. In contrast, attempts to access an unapproved IP get stonewalled instantly.

Microsoft hopes that widespread Zero Trust DNS adoption helps to block potentially malicious traffic using unverified domain names. The framework could eliminate entire categories of DNS-based attacks and data leaks for businesses and high-risk environments.

Of course, the feature is still in the early preview stage, with no firm timeline for a stable release. However, Microsoft has committed to flighting it to Windows Insiders soon for broader testing.

Hitachi's newest surveillance AI can follow you through a crowd

Microsoft is undergoing a protection overhaul after the US Cyber Safety Review Board criticized past security practices as “inadequate.” The Board’s concerns arose after major incidents like the Exchange Online hack. The review prompted CEO Satya Nadella to take action. Earlier this week, he dispatched a company-wide memo instructing employees to prioritize security over everything else.

Microsoft’s renewed focus explains the unveiling of the ZTDNS framework, potentially one of the first changes corresponding to the shakeup.

Matthew Griffin / About Author

Matthew Griffin, described as “The Adviser behind the Advisers” and a “Young Kurzweil,” is the founder and CEO of the World Futures Forum and the 311 Institute, a global Futures and Deep Futures consultancy working across the next 50 years, and is an award winning futurist, and author of “Codex of the Future” series.

Regularly featured in the global media, including AP, BBC, Bloomberg, CNBC, Discovery, RT, Viacom, and WIRED, Matthew’s ability to identify, track, and explain the impacts of hundreds of revolutionary emerging technologies on global culture, industry and society, is unparalleled. Recognised for the past six years as one of the world’s foremost futurists, innovation and strategy experts Matthew is an international speaker who helps governments, investors, multi-nationals and regulators around the world envision, build and lead an inclusive, sustainable future.

A rare talent Matthew’s recent work includes mentoring Lunar XPrize teams, re-envisioning global education and training with the G20, and helping the world’s largest organisations envision and ideate the future of their products and services, industries, and countries.

Matthew's clients include three Prime Ministers and several governments, including the G7, Accenture, Aon, Bain & Co, BCG, Credit Suisse, Dell EMC, Dentons, Deloitte, E&Y, GEMS, Huawei, JPMorgan Chase, KPMG, Lego, McKinsey, PWC, Qualcomm, SAP, Samsung, Sopra Steria, T-Mobile, and many more.