Infoblox Unveils "DNS Firewall" to Address DNS Vulnerability Concerns

September 29, 2008; 10:23 AM

SANTA CLARA, CA -- 09/29/08 -- Infoblox Inc. today announced enhancements to its full line of core network services (CNS) appliances to provide unique DNS security capabilities such as alerting, reporting, and attack mitigation. These capabilities along with the automated software update capabilities of Infoblox grid technology -- which links multiple Infoblox appliances into a unified system for central management and control -- can help enterprises thwart current and future DNS vulnerability exploits.

The security, reliability and manageability of core network services -- including domain name resolution (DNS), IP address assignment (DHCP), IP address management (IPAM) and others -- directly impact the availability and security of critical network applications, such as email, web services, Microsoft Active Directory, Voice over IP (VoIP) and wireless.

An exploit recently discovered by security researcher Dan Kaminsky that makes it relatively easy to execute a DNS "cache poisoning" attack underscores how critical DNS security is to the functioning of other Internet programs. Cache poisoning enables an attacker to redirect Web traffic -- including ecommerce transactions and email -- from legitimate sites to malicious sites controlled by hackers and criminals without any action by end users and usually without detection. Although a short-term fix has been implemented for the recently discovered exploit, experts agree that there are going to be other critical vulnerabilities discovered in DNS followed by new exploits and attacks. As such, the ability to quickly react and patch DNS is essential to maintaining a secure infrastructure in the future.

Dan Kaminsky commented, "Everything breaks when DNS breaks. The new DNS vulnerability affects more than web browsers. It potentially hits everything from the auto-update systems that download software upgrades and vendors' websites to phone calls placed over the Internet via VoIP technology. This is a pervasive problem that requires a holistic approach, starting with a 'best practices' DNS architecture and including processes and systems to quickly patch production DNS systems when new vulnerabilities and exploits are released."

Infoblox Vice President of Marketing, Richard Kagan, commented, "Paying attention to DNS security has always been important, but the new DNS exploit illustrates the inextricable link between DNS integrity and the security of virtually all Internet applications. We are committed to providing solutions that not only address today's threats but that also provide a lasting ability to provide protection as new attacks emerge. Moreover, we will continue to work closely with the DNS community to develop and deliver the next-generation of DNS protocol technology with a more robust security architecture."

Infoblox DNS Security Enhancements Provide Enterprises with a "DNS Firewall"

The Infoblox appliance-based solution provides immediate protection against the DNS exploit discovered by Kaminsky and also provides features that will be essential for detecting and thwarting future attacks. Infoblox's newest NIOS release, version 4.3r2, includes several new security features that monitor DNS protocol traffic, provide reports and proactive alerts when an attack is in progress, and a means to automatically mitigate attacks.

The new features monitor multiple indicators of an attack in-progress, such as mis-matched UDP ports and DNS Query IDs, and send email and/or SNMP traps when the traffic pattern is consistent with an attack. This enables IT administrators to take preventive actions. For example, the new NIOS software also includes a command to throttle or completely deny connections from a specific DNS server, allowing the administrator to mitigate or stop an attack.

Infoblox's hardened NIOS(TM) operating system and unique grid technology provide lasting protection against future attacks. Infoblox grid technology makes it possible to patch and upgrade dozens or hundreds of appliances with a single command, in a production network, without incurring DNS service downtime. This is essential to enabling fast response when new attacks are unleashed in the wild.

Organizations can protect their existing DNS infrastructure quickly and easily, without major changes, by installing a layer of hardened Infoblox appliances configured as forwarders between the Internet and their current, Internet-facing DNS servers. The hardened Infoblox systems with DNS monitoring, alerting, reporting, mitigation and one-button, no-downtime upgrades essentially provide a "DNS firewall" -- the most flexible, dynamic protection available for dealing with the new DNS security arms race.

After a one-click grid upgrade to secure all appliances against the new DNS vulnerability, Michael L. Hershberger, infrastructure architect at Armstrong World Industries, Inc., a global leader in the design and manufacture of floors, ceilings and cabinets, commented: "That was too easy; much better than upgrading standard servers with BIND."

Additional IPAM Enhancements Increase Automation and Simplify Administration

The newest version of Infoblox's NIOS operating system also includes a number of key IP address management features that help simplify administration, especially for large, highly distributed organizations:

--  Network discovery:  Enables an administrator to obtain a detailed view
    of the devices actually connected to the network; reconciliation makes it
    easy to align the Infoblox IPAM database with the actual state of the
    network, providing a means to find lost assets and detect rogue devices.

--  Role-based administration: Ensures that administrators are only given
    access to view and modify specific core network services attributes -- down
    to the object level -- consistent with their functional role, limiting and
    preventing errors and enabling delegated administration without
    compromising system security or availability along with full auditing for
    compliance.

--  Overlapping networks:  Allows customers to have multiple instances of
    the same network address space in a single grid with a common management
    interface; multiple networks can be viewed and managed simultaneously,
    without opening and closing different configuration sets.
    

Pricing and Availability

The new Infoblox NIOS software version 4.3r2 is now available. Pricing for the solution on the Infoblox-250 appliance starts at $2,495 in the U.S. Software upgrades are available free of charge for all current customers with a valid maintenance contract.

About Infoblox

Infoblox appliances deliver utility-grade core network services, including domain name resolution (DNS), IP address assignment and management (IPAM/DHCP), authentication (RADIUS) and related services. Infoblox solutions, which provide the essential "glue" between networks and applications, are used by over 2,300 organizations worldwide, including over 100 of the Fortune 500. The company is headquartered in Santa Clara, Calif., and operates in more than 30 countries. For more information, call +1.408.625.4200, email [email protected], or visit www.infoblox.com.

Media Contacts:
Jennifer Jasper
Infoblox
408.625.4309
Email Contact

Source: www.earthtimes.com