Re: Umbrella and Users entering IP address

Allen Rongone · ‎08-09-2018

Hello,

We are looking at adopting Umbrella. However, I have some concerns with this solution.

Right now, my top concern is user's being able to bypass Umbrella by entering an IP address instead of a fully qualified domain name in whatever application they are using (browser, sftp client, ssh client, etc...)

How will Umbrella be able to guard against this if all we are sending to Umbrella is DNS request?

Thank you in advance for any assistance,

~ Allen Rongone

Jerome BERTHIER · ‎08-09-2018

Hi

It won't deal with it.

Umbrella is only based on dns request.

Regards

Allen Rongone · ‎08-09-2018

Jerome,

Thank you for your response.

So if I understand you correctly, unlike conventional proxies where all traffic is passed through the proxy, an malicious insider could circumvent Umbrella simply by using IP addressing instead of FQDN.

Is that a fair statement?

Thank you,

~ Allen

pazzi · ‎08-09-2018

Hi, the umbrella roaming client can intercept IP addresses. You would need the Umbrella Insight or higher package.

https://deployment-umbrella.readme.io/v1.0.5/docs/6-adding-ip-layer-enforcementz

Jerome BERTHIER · ‎08-10-2018

Hi

I was not aware of that. Thanks.

By the way, there are several important limitations to this remediation :

1) The Umbrella roaming client does not currently support IPv6 or dual stack IPv4/IPv6

2) All traffic need to be tunneled to Umbrella using IPSEC which is more intrusive than sharing dns request. Moreover, IPSEC might not work on some case (firewall limitations...).

Regards