

The real world implications of QUIC traffic range from not being able to restrict access to YouTube or enforce Google Safe Search, through to malware or ransomware being downloaded through Gmail or any other QUIC enabled website. The images below compare the Wireshark capture of traditional HTTPS TLS traffic with QUIC.

QUIC traffic is therefore not scrutinized as it should be and it is not forwarded to the firewall’s web protection features. The supporting browsers and servers support this new protocol and are able to process it as web traffic, but the network device in between cannot determine the application protocol and switches to treating it like any generic layer 4 UDP traffic. QUIC uses the traditional HTTP ports of 80 and 443 but that is where the similarities end. This special treatment includes malware scanning and in most cases, enhanced reporting. HTTP traffic gets special treatment because the firewalls can interpret the traffic from Layer4 up to layer 7. In most architectures, when HTTP traffic is detected, it is passed on to a web protection module that performs web filtering, deep packet inspection etc. Most firewalls have extensive functionality when dealing with HTTP and HTTPS traffic. The issue is not with the protocol or the technology itself. The supposed upside of QUIC is that it makes web communications more efficient and faster. The problem is that it is not supported by security appliances such as firewalls yet, and has therefore inadvertently created a security hole for many organizations.

It is implemented on all Google web properties such as Google Search, YouTube, Gmail, Drive etc, and is being adopted by a growing list of other websites. Other browsers will surely follow once the protocol is finalized. QUIC is essentially HTTP/2 over UDP which is a new layer4 protocol.Īt the time of writing this article, QUIC is still ‘experimental’, but is enabled by default in Google Chrome, and can be enabled in Opera 16. Where SPDY and HTTP/2 were iterative improvements on HTTP over TCP, QUIC is a different approach using UDP as the transport protocol. The new kid on the block for performance improvement is a protocol named QUIC. Google has always been obsessed with speed and over the years they have made numerous efforts to make the web more efficient and more performant. This article describes how QUIC works, its current consequences on network security and reporting, and how you can resolve the issues associated with QUIC. Unfortunately, most, if not all, firewalls do not currently recognize QUIC traffic as ‘web’ traffic, therefore it is not inspected, logged or reported on, leaving a gaping hole in your network’s security. It’s on by default in Google Chrome and used by a growing list of websites. QUIC is a new protocol designed by Google to make the web faster and more efficient.
