So what happens now with DNS over TLS/HTTPS? That seems to be implemented by all the major web browsers now, except maybe Safari. Firewalls won’t be able to see DNS requests anymore, right? At least not from those browsers if that setting is enabled.
DoT/DoH encrypt DNS queries. However, endpoints are still a toss-up (name server, tld, etc)
What can firewalls and IPS see exactly, in a pervasive encryption situation? IP addresses must still be exposed, right, in order to route traffic? What else is not encrypted when you have HTTP/2 with TLS, which I assume is on top of TCP and say IPv6, on top of Ethernet? What’s exposed in that scenario, beyond an IP address?
I would suspect like anything else that’s encrypted all the firewall can see is data, but not what the data is. Certainly the gateway firewall will be able to see what nodes (or hops) are sending and receiving data, but not necessarily what the data is. I.E You are accessing 8.8.8.8 which is google dns, but not if you are using it for DNS or why. With IPV6 it gets worse, because every user will be able to have a static IP assigned to them like a social security number if they decide to go that route.
In fact, I think there are so many addresses in IPV6, each DEVICE can have its own IP address.
It’s hard to tell what is and isn’t exposed based on the amount of variables. What protocols being used, for what services, against what firewalls hardware/software, and more.
I would always assume baseline “your (or your VPNs)” IP is being transmitted.
Honestly, I’m just laymen going off my understanding of what I have read over the years.