Domain name system (DNS) cyber-attacks and Bring Your Own Device (BYOD) initiatives are creating new network vulnerabilities that are creating significant risk to production IT systems. Infoblox is offering new solutions to help IT teams gain better visibility and control over their network security. The new offerings include Infoblox DNS Firewalltm, the advanced malware protection solution now available on its carrier-grade 4030 DNS Caching Appliance. In addition, Infoblox is introducing new DHCP Fingerprinting technology to help network administrators identify and control the device types that are on the network without the need for network discovery or on-device agents.
Protection against Malware and Denial of Service Attacks – Infoblox DNS Firewall on the 4030 DNS Caching Appliance
The Domain Name System (DNS) is a critical network control point. DNS allows all applications, devices and processes to find each other in the increasingly complex and dynamic network. Without DNS, virtually all network communication would cease to function. This is why DNS has been the target of increasing distributed denial of service (DoS / DDoS) attacks. These attacks can cause network outages, and business and service disruptions. In addition, DNS can be exploited for malware communications.
The carrier-grade Infoblox 4030 DNS Caching Appliance has been upgraded to support Infoblox DNS Firewall. DNS Firewall leverages the Infoblox live reputational feed to populate the Infoblox DNS system with a list of known malicious domains. When malware tries to connect one of these malicious domains to its botnet controller, DNS Firewall will block that connection and log the access attempt for remediation by the security team.
In addition, the Infoblox 4030 is capable of up to 1 million DNS queries per second (QPS). This level of performance can help mitigate some of the risks associated with DoS / DDoS attacks by using the immense performance of the Infoblox system, combined with automated detection of common DoS/DDoS attacks to materially increase the chance of surviving the attack.
“Since DNS is now one of the principal attack vehicles for malware that infects mobile devices for botnet formation, protecting the mobile infrastructure against the spread of malware is a top priority,” said Monica Paolini, President at Senza Fili Consulting. “The Infoblox DNS firewall offers mobile operators a carrier-class malware protection capability for the DNS infrastructure in their networks.”
Visibility and Control of devices on your network
Establishing device access policies for corporate networks is a vital element of a successful and secure BYOD program. With the new Infoblox DHCP Fingerprinting technology, network administrators can see device type information - such as iOS or Android devices, an Xbox, or a Linksys router - for all DHCP connected devices on their network, and then take action or create policies based on device type. For example, network teams can increase security by easily prohibiting certain device types from obtaining DHCP leases – effectively keeping them off the network. In addition, integration with Infoblox IP Address Management (IPAM) delivers further correlation of device type and IP address information – providing historical and trend data at the device level. Infoblox DHCP Fingerprinting technology obtains device information via the DHCP lease process and requires no agents or additional discovery steps.
“Bring your own device - or BYOD - is gaining broad acceptance in many organisations, but there are inherent risks and management challenges associated with BYOD,” said Arya Barirani, VP Product Marketing, Infoblox. “The new DHCP Fingerprinting technology provides networking teams better visibility and network control of these devices, without requiring any agents on the device or additional discovery.”