Take the best of the Transmission Control Protocol (TCP), add the security of TLS encryption, and then make them establish a connection and transfer data 3 times faster. If you think that’s impossible, you haven’t heard of QUIC. Can any internet protocol be that perfect? Find out more about QUIC below.
QUIC (Quick UDP Internet Connection) is a new encrypted transport layer network protocol. QUIC was designed to make HTTP traffic more secure, efficient, and faster. Theoretically, QUIC has taken all the best qualities of TCP connections and TLS encryption and implemented it on UDP. But if QUIC is so similar to TCP+TLS over an HTTP/2 connection, why did it need to be created?
Google is one of QUIC’s leading adopters. It’s enabled by default on Google Chrome and Opera 16, Google search, Gmail, Youtube, and other Google services. Chrome takes up 70% of the browser market share, so you can expect other browsers to start employing this protocol very soon.
There are few downsides to the QUIC protocol. It improves web communications and reduces latency, but it’s still in its experimental stages. It’s not widely adopted by other websites or web servers, nor is it supported by cybersecurity tools such as firewalls. Because of this, experimental QUIC protocol can currently open a security loophole.
Firewalls pass HTTP and HTTPS traffic through a web protection module, which performs malware scanning. But what happens if the connection is made via QUIC? Well, the browser and supporting web servers do recognize it as a QUIC connection, but the device you are browsing on may not. It treats it like simple UDP traffic, which doesn’t get sent to your firewall’s web protection module.
Until it’s adopted more widely and recognized by most firewalls, it’s recommended to block or disable QUIC:
For more cybersecurity tips, subscribe to our free monthly newsletter below!