We are looking at adopting Umbrella. However, I have some concerns with this solution.
Right now, my top concern is user's being able to bypass Umbrella by entering an IP address instead of a fully qualified domain name in whatever application they are using (browser, sftp client, ssh client, etc...)
How will Umbrella be able to guard against this if all we are sending to Umbrella is DNS request?
Thank you in advance for any assistance,
~ Allen Rongone
Thank you for your response.
So if I understand you correctly, unlike conventional proxies where all traffic is passed through the proxy, an malicious insider could circumvent Umbrella simply by using IP addressing instead of FQDN.
Is that a fair statement?
Hi, the umbrella roaming client can intercept IP addresses. You would need the Umbrella Insight or higher package.
I was not aware of that. Thanks.
By the way, there are several important limitations to this remediation :
1) The Umbrella roaming client does not currently support IPv6 or dual stack IPv4/IPv6
2) All traffic need to be tunneled to Umbrella using IPSEC which is more intrusive than sharing dns request. Moreover, IPSEC might not work on some case (firewall limitations...).