A company has instituted a new policy in which all outbound traffic must go over TCP ports 80 and 443 for all its managed mobile devices. No other IP traffic is allowed to be initiated from a device. Which of the following should the organization consider implementing to ensure internet access continues without interruption?
A company that needs to enforce all outbound traffic to go through specific TCP ports, such as 80 and 443, should use a Mobile Device Management (MDM) solution. MDM provides centralized control over managed mobile devices, allowing the organization to enforce network policies and restrict outbound traffic to the specified ports. This ensures that no other types of traffic are initiated from the device, meeting the company's policy requirements effectively.
The answer is D. If you are only allowing traffic over 80 and 443, then standard DNS over port 53 will break. You therefore must implement DoH to ensure DNS goes over HTTPS and therefore port 443.
but this only allows DNS outbound traffic over HTTPS/443. What about port 80 as the question states ALL traffic needs to go over TCP port 80 and 443
MDM. DoH only uses HTTPS. No use of HTTP
Changing answer to D. DoH (DNS over HTTPS) DoH (DNS over HTTPS) - Option D: DoH allows DNS resolution over HTTPS, and while it doesn't directly control outbound traffic ports, it is relevant for ensuring secure DNS queries. In a scenario where all outbound traffic must go over TCP ports 80 and 443, using DoH ensures that DNS queries can be securely resolved over these ports, aligning with the policy. MDM (Mobile Device Management) - Option B: MDM solutions provide centralized control and management of mobile devices, but they may not directly enforce restrictions on outbound traffic based on specific ports. Source ChatGPT
B. MDM (Mobile Device Management) Mobile Device Management (MDM) is a solution that allows organizations to manage and enforce policies on mobile devices. In this scenario, where the company wants to restrict outbound traffic to specific TCP ports (80 and 443), MDM would be the most suitable option. Here's why: Policy Enforcement: MDM solutions can enforce policies on managed mobile devices, including network access policies. It can ensure that all outbound traffic goes over the specified ports (80 and 443) and block other traffic.
Hey Guys, Maybe try not to out-clever yourself into the wrong answer. The question asks how to restrict traffic to 80/443 on mobile devices--without an ACL on the network, the ONLY answer here is MDM. "Oh, wait, but what about all those DNS queries?!" That's an obvious red herring. MOST DNS queries are routed through a local proxy or simply through the gateway (It's not uncommon--and I've set up may times--DNS forwarding through the local gateway. i.e. to your device, it's gateway is its DNS server, which would mean that you're making port 53 calls LOCALLY and the gateway is either calling a local DNS or just going to 8.8.8.8 or whatever because it's not a mobile device and has no restriction). Without MDM on the devices, what's to stop you from installing some telnet software and opening a port home, or hitting up an old school FTP server for a new game? The only thing that can place a restriction that even comes close to meeting the question requirements is MDM in this scenario.
DOH: DNS requests are tunneled with TLS traffic
D. DoH Implementing DNS over HTTPS (DoH) can help ensure internet access continues without interruption while enforcing a policy in which all outbound traffic must go over TCP ports 80 and 443. DoH encrypts DNS queries, allowing devices to resolve domain names over HTTPS, typically using port 443. This means that DNS traffic, which would normally use UDP or TCP port 53, can be routed over port 443 without violating the policy.
Implementing DoH on mobile devices can be done through dedicated apps or manual settings on the device itself. For enterprises, using MDM to centrally configure and enforce DoH ensures compliance with security policies and simplifies the management process. This approach secures DNS queries by encrypting them and ensures they adhere to the network restrictions, providing enhanced security and privacy for mobile users.
I'ts D since the devices are already managed. This rules out MDM
In the scenario provided, the organization is concerned about controlling outbound traffic and limiting it to specific TCP ports
D. DoH (DNS over HTTPS). DNS over HTTPS (DoH) allows DNS queries to be sent over the standard HTTPS port (443). By implementing DoH, the organization can ensure that DNS queries from mobile devices are tunneled over the secure port 443, complying with the policy, while maintaining internet access. This ensures that DNS requests do not violate the policy even when using different ports for DNS queries. The other options mentioned (CYOD, MDM, and WPA3) do not directly address the specific requirement of enforcing traffic over TCP ports 80 and 443 while allowing internet access.