Linking to AD (security concerns)



  • Avatar

    "I have read the AD implementation guide"

    Was it this?

    If this does not help. you'll want to open a support ticket, or contact support by phone.  Enterprise/Umbrella issues are almost not being discussed here, because of the other premier communication channels Umbrella comes with.

    Comment actions Permalink
  • Avatar
    Brian Hartvigsen

    rotblitz is right that there is very little discussion in this forum regarding Umbrella and the AD integrations.  There is actually a dedicated forum forum for that as well contacting the Support team.

    That said, and for future posterity:

    • All connections to OpenDNS are done over SSL (HTTPS) with the exception of DNS which happens over standard DNS protocols. As per Chrome:

      Your connection to is encrypted with 128-bit encryption.

      The connection uses TLS 1.0.

      The connection is encrypted using RC4_128, with SHA1 for message authentication and RSA as the key exchange mechanism

      We have not been audited or tested for FIPS140-2 compliance.
    • We use user & computer name, group membership, and GUID.  We do not retrieve, access, or store the users password hash(es) as they are not necessary for us to identify/report on the user activity.

    The information passed to OpenDNS with the DNS request are hashed user & device identifiers.  No credential, in the traditional sense, is passed and the hashes could not be used for anything other then receiving the filtering for that user or device.

    Comment actions Permalink
  • Avatar

    Hey, many thanks guys - that is exactly the level of detail I require to convince my clients. 

    Now... if only I could get someone from OpenDNS to email me a quote for up to 10,000 users...

    Thanks again.

    Comment actions Permalink

Please sign in to leave a comment.