Advanced DNS Protection
•Download as PPTX, PDF•
3 likes•2,133 views
DNS is one of the fastest growing attack vectors and current security solutions don’t address DNS threats. Infoblox Advanced DNS Protection is a self-protecting DNS appliance that provides defense against widest range of attacks – enabling you to automatically defend your business from DNS threats.
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (18)
Similar to Advanced DNS Protection
Similar to Advanced DNS Protection (20)
Recently uploaded
Recently uploaded (20)
Advanced DNS Protection
- 1. Infoblox Advanced DNS Protection Automatically Defend Your Business from DNS Attacks 1 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
- 2. The Problem DNS is one of the fastest growing attack vectors 2 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. Traditional protection is ineffective against evolving threats DNS outage causes network downtime, loss of revenue, and negative brand impact Unprotected DNS infrastructure introduces security risks
- 3. Why is DNS an Ideal Attack Target? 3 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. 3 DNS is the cornerstone of the Internet, used by every business and government DNS protocol is stateless and attackers cannot be traced easily DNS as a protocol is easy to exploit Maximum impact with minimum effort
- 4. The Rising Tide of DNS Threats Financial impact is huge In the last year alone there has been an increase of 200% DNS attacks1 The average loss for a 24-hour outage from a DDoS attack3 Avg estimated loss per DDoS event in 20123 -$13.6M Technology -$7.7M Government company 4 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. 58% DDoS attacks1 With possible amplification up to 100x on a DNS attack, the amount of traffic delivered to a victim can be huge 5% 17% 28M Pose a significant threat to the global network infrastructure and can be easily utilized in DNS amplification attacks2 33M Number of open recursive DNS servers2 2M Financial Services Business Services 13% 21% 2% Healthcare 1% Automotive With enterprise level businesses receiving an average of 2 million DNS queries every single day, the threat of attack is significant -$17M Financial services 7% 1. Quarterly Global DDoS Attack Report, Prolexic, 4th Quarter, 2013 2. www.openresolverproject.org 42% Enterprise 29% Commerce 5% Miscellaneous Public Sector Media & Entertainment High Tech Consumer Goods 2% 5% Hotels 22% Retail Top Industries Targeted4 $27 million 3. Develop A Two-Phased DDoS Mitigation Strategy, Forrester Research, Inc. May 17, 2013 4. State of the Internet, Akamai, 2nd Quarter, 2013
- 5. DNS Hijackings: 2013 & 2014 5 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
- 6. Anatomy of an Attack Distributed Reflection DoS Attack (DrDoS) 6 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. How the attack works Internet Attacker Target Victim Combines reflection and amplification Uses third-party open resolvers in the Internet (unwitting accomplice) Attacker sends spoofed queries to the open recursive servers Uses queries specially crafted to result in a very large response Causes DDoS on the victim’s server
- 7. Advanced DNS Protection: Defend Against DNS Attacks Protection against the Widest Range of DNS Attacks Threat Adapt Technology 7 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. • Intelligently defends against widest range of attacks to ensure secure, resilient, and trustworthy DNS services • Blocks attacks while continuing to respond to legitimate DNS requests • Continuously adapts to evolving threats; automatically updates protection without patching or downtime • Uses latest threat intelligence from analysis and research, and new threats seen in customer networks • Morphs protection to reflect DNS configuration changes Quick Deployment • Deploys easily and runs in any environment • Immediately starts blocking attacks—even if an attack is already in progress
- 8. Solution Components Infoblox Advanced DNS Protection Service Infoblox Advanced Appliance PT-1400, PT-2200, PT-4000 8 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. • Advanced DNS Protection activation • Threat Adapt technology for automatic protection against new and evolving DNS threats • 1- or 3-year term support and maintenance • DNS appliance purpose built with security in mind • Next-generation programmable processor and dedicated compute for threat mitigation Note: Customers who have IB-4030 Rev2 need to purchase a separate Advanced DNS Protection license
- 9. Fully Integrated into Infoblox GRID™ 9 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. Reporting Server Automatic Updates (Threat Adapt) Infoblox Threat-rule Server Advanced DNS Protection (External DNS) Reports on attack types, severity Legitimate Traffic Advanced DNS Protection (Internal DNS) Data for Reports
- 10. DNS Protection is Not Just About DDoS DNS reflection/DrDoS attacks 10 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. Using third-party DNS servers (mostly open resolvers) to propagate a DoS or DDoS attack DNS amplification Using a specially crafted query to create an amplified response to flood the victim with traffic TCP/UDP/ICMP floods Denial of service on layer 3 or 4 by bringing a network or service down by flooding it with large amounts of traffic DNS-based exploits Attacks that exploit bugs or vulnerabilities in the DNS software DNS cache poisoning Corruption of DNS server cache data with a rogue domain or IP Protocol anomalies Causing the server to crash by sending malformed DNS packets and queries Reconnaissance Attempts by hackers to get information on the network environment before launching a DDoS or other type of attack DNS tunneling Tunneling of another protocol through DNS port 53 for malware insertion and/or data exfiltration Volumetric/DDoS Attacks DNS hijacking Modifying the DNS record settings to point to a rogue DNS server or domain NXDomain attack Attacks that flood DNS server with requests for non-existent domains, causing it to send NXDomain (non-existent domain) responses Phantom domain attack Attacks where a DNS resolver is forced to resolve multiple non-existent domains, causing it to consume resources while waiting for responses DNS-specific Exploits
- 11. Global Visibility with Reporting Intelligence Needed to Take Action • Attack details by category, member, rule, severity, and time • Visibility into source of attacks for blocking, to understand scope and severity • Early identification and isolation of issues for corrective action 11 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
- 12. Deployment Options Advanced DNS Protection 12 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. INTERNET Grid Master and Candidate (HA) Advanced DNS Protection D M Z INTRANET EXTERNAL DATACENTER CAMPUS/REGIONAL
- 13. Deployment Options Grid Master and Candidate (HA) 13 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. INTRANET Endpoints DATACENTER CAMPUS/REGIONAL Advanced DNS Protection Advanced DNS Protection INTERNAL
- 14. For more information www.infoblox.com 14 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..