infoTECH Feature

September 29, 2008

Infoblox Unveils "DNS Firewall" to Address DNS Vulnerability Concerns

Infoblox (News - Alert) has enhanced its full line of core network services (CNS) appliances that provides DNS security capabilities such as alerting, reporting, and attack mitigation. These capabilities and automated software update capabilities of Infoblox grid technology can help enterprises thwart current and future DNS vulnerability exploits.
The security, reliability and manageability of core network services -- including domain name resolution (DNS), IP address assignment (DHCP), IP address management (IPAM) and others – helps in securing applications, such as email, web services, Microsoft (News - Alert) Active Directory, Voice over IP (VoIP) and wireless.
Recently security researcher Dan Kaminsky discovered an exploit that makes it relatively easy to execute a DNS "cache poisoning" attack jeopardizing the security of Internet programs.
Cache poisoning enables an attacker to redirect Web traffic -- including ecommerce transactions and email -- from legitimate sites to malicious sites controlled by hackers and criminals without any action by end users and usually without detection. This underscores the need of ability to quickly react and patch DNS in maintaining a secure infrastructure.
Dan Kaminsky said: "Everything breaks when DNS breaks. The new DNS vulnerability affects more than web browsers. It potentially hits everything from the auto-update systems that download software upgrades and vendors' websites to phone calls placed over the Internet via VoIP technology. This is a pervasive problem that requires a holistic approach, starting with a 'best practices' DNS architecture and including processes and systems to quickly patch production DNS systems when new vulnerabilities and exploits are released."
Infoblox Vice President of Marketing Richard Kagan said: "Paying attention to DNS security has always been important, but the new DNS exploit illustrates the inextricable link between DNS integrity and the security of virtually all Internet applications. We are committed to providing solutions that not only address today's threats but that also provide a lasting ability to provide protection as new attacks emerge. Moreover, we will continue to work closely with the DNS community to develop and deliver the next-generation of DNS protocol technology with a more robust security architecture."
The Infoblox appliance-based solution provides protection against the DNS exploit and also provides features that will be essential for detecting and thwarting future attacks. Infoblox's newest NIOS release, version 4.3r2, includes security features that monitor DNS protocol traffic, provide reports and proactive alerts when an attack is in progress, and a means to automatically mitigate attacks.
The new features monitor multiple indicators of an attack in-progress, such as mis-matched UDP (News - Alert) ports and DNS Query IDs, and send email and/or SNMP traps when the traffic pattern is consistent with an attack. This enables IT administrators to take preventive actions.
For example, the new NIOS software also includes a command to throttle or completely deny connections from a specific DNS server, allowing the administrator to mitigate or stop an attack.
Infoblox's hardened NIOS operating system and grid technology provide lasting protection against future attacks. Infoblox grid technology patch and upgrade appliances with a single command, in a production network, without incurring DNS service downtime.
After a one-click grid upgrade to secure all appliances against the new DNS vulnerability, Michael L. Hershberger, infrastructure architect at Armstrong World Industries, Inc. commented: "That was too easy; much better than upgrading standard servers with BIND."
Infoblox's NIOS operating system enable administrators to obtain a detailed view of the devices actually connected to the network; reconciliation makes it easy to align the Infoblox IPAM database with the actual state of the network, providing a means to find lost assets and detect rogue devices.
It ensures that administrators are only given access to view and modify specific core network services attributes – down to the object level -- consistent with their functional role, limiting and preventing errors and enabling delegated administration without compromising system security or availability along with full auditing for compliance.
Further, it allows customers to have multiple instances of the same network address space in a single grid with a common management interface; multiple networks can be viewed and managed simultaneously, without opening and closing different configuration sets.
Don’t forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users. Today’s featured white paper is The Compelling ROI Benefits of Contact Center Quality and Performance Management Technologies, brought to you by Voice Print International (News - Alert).

Arun Satapathy is a contributing editor for TMCnet. To read more of Arun's articles, please visit his columnist page.

Edited by Tim Gray

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers