So, this is not a new risk. Maybe it is a little
more well publicized now though. But, blocking
sites by blocking DNS is not a very good way to
block . . . .
Is Google DNS for your enterprise?
Summary
Companies should focus on securing their networks and educating workers on "safe surfing" habits, to minimize possible security leaks from users switching to Google's public DNS.
Topics
Companies should focus on securing their networks and educating workers on "safe surfing" habits, to minimize possible security leaks from users switching to Google's public DNS, advised an analyst.
The search giant last week launched a new public DNS service, allowing users to switch their DNS settings from default ISP-assigned servers to Google's DNS resolver.
Nupur Singh Andley, senior research analyst at Springboard Research, said in an e-mail interview that enterprises face security and privacy leaks related to employees who use Google's service to circumvent company-blocked sites.
This also brings about a loss in productivity, said Andley, since the blocked sites are typically e-mail and social networking sites that tend to consume one's attention.
For more, read "http://www.zdnetasia.com/news/internet/0,39044908,62059906,00.htm?scid=rss_z_nw&tag=wrapper;col1">Is Google DNS for your enterprise? on ZDNet Asia.
Talkback Most Recent of 21 Talkback(s)
-
DonnieBoy9th Dec 2009 -
How would you block sites, then?
if not by DNS?
John Zern9th Dec 2009 -
Filtering should be multipoint
Use a multipoint filtering solution by filtering with the firewall and web proxy solutions.
PeterBoyles9th Dec 2009 -
Exactly
If you are running a windows shop then why let the end user set their network settings. Use a dnsproxy and a httpproxy and set these system wide. The sysadmins should be controlling these settings in non-windows environments also.
Block port 53 except to allowed dns servers.
clareJ9th Dec 2009 -
RE: Is Google DNS for your enterprise?
Users should not be able to modify their DNS settings in a well-run enterprise. They should not have access to infrastructure devices, and should not have super user access to their OS.
Any restrictions should be implemented at the boundary, where users have no means of circumventing them.
Real World9th Dec 2009 -
Right on
I don't know of any enterprises that would give users that ability except the admins and support teams.
Loverock Davidson9th Dec 2009 -
The greater majority of companies that could be affected
would be small and medium business with the boss as the IT guy. As we
all know that using this model means that employees often know more
about how the infrastructure works than the boss, it would make the
ability to alter settings available to those that know what they're doing.
However, any workplace with an IT policy worth it's weight would already
be banning the use of social networking sites and personal email on
most, if not all company computers.
nix_hed9th Dec 2009 -
RE: Is Google DNS for your enterprise?
In addition to what was said above, I can't see a reason why anyone would use Google DNS in the enterprise. Google's DNS won't know your enterprise's servers. The user will not be able to get their email or to the corporate intranet. It makes no sense. On top of that, think of all the spying Google will be doing on your company. I'm going to suggest to our infrastructure team to block Google DNS, might even take it one step further and have them block all Google sites just to be on the safe side.Loverock Davidson9th Dec 2009 -
Why is Google doing this?
I doubt they care about the companies, or "speeding up the Internet".
Any site blocked by a company, is reveue blocked from Google.John Zern9th Dec 2009 -
Because they want to know where you're going today
Google can track you when you visit sites that embed Google's tracking tools, but they don't know where you go when you visit sites they don't currently sit within.
Using this DNS service, Google gets to know EVERYWHERE you go.
No thanks.
de-void-211655906503018060028363377870239th Dec 2009 -
Only for Public IP's
Of course, you have to use your interal DNS for your users on a domain. For my enterprise I could change the external DNS from my ISP to Google but would Google be any better?
If Google does a good job I could see where ISP's will look to save money by using Google DNS instead of maintaining it themselves and that's how it could affect enterprise. That's the only way I can see that a large amount of people would use Google DNS.
In reality, how many people even mess with DNS settings? Most users, whether enterprise or at home, simply use whatever DNS server is given to them via DHCP. Right now the only way I'll use Google DNS is for testing.
Kevin@...9th Dec 2009 -
Eh.. I'd still leave the search engine open...
I'm in the contingent that doesn't like Bing. It's decent enough, but it
seems like I spend more time searching on Bing than I ever did on
Google.
Edit - by searching, I mean searching for the answer, not looking up
different terms.nix_hed9th Dec 2009 -
Google did this cause OpenDNS screws up search
I am using OpenDNS and when I type a word in the address bar it sends me to a crappy screwed up OpenDNS search page and not Google which is my default search engine.
I bet this is why Google did this. If Google adds porn/Phishing filters I will switch.
Randalllind9th Dec 2009 -
Everyone's page not found search sucks.
That's why there's still Google.com - for all the times you can't find it on
Yahoo or Bing.nix_hed9th Dec 2009 -
RE: Is Google DNS for your enterprise?
Here's a radical thought -- perhaps access to socmed sites can make an employee MORE productive.
chrisparente9th Dec 2009
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
