SlideShare una empresa de Scribd logo

Infoblox Secure DNS Solution

Descargar como PPTX, PDF
Srikrupa Srivatsan
Srikrupa Srivatsan

Security, Availability and Integrity are top concerns around DNS. Infoblox Secure DNS * provides a secure platform to host DNS services * provides resilient DNS services even under attack ( like DNS DDoS, exploits ) * prevents data theft by malware/APT that uses DNS * maintains DNS integrity that can otherwise be compromised by DNS hijacking

Tecnología
1 de 17
Securing DNS Infrastructure August 2014 1 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
Why is DNS an Ideal Target? DNS is the cornerstone of the Internet used by every business/ Government 2 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. DNS as a Protocol is easy to exploit Traditional protection is ineffective against evolving threats DNS Outage = Business Downtime
DNS Security Challenges 1 Securing the DNS Platform 2 Defending Against DNS Attacks 3 Preventing Malware from using DNS 3 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
Hacks of DNS – 2013 & 2014 4 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
Security Risks with Conventional Approach DNS installed on off-the-shelf server – Many open ports subject to attack – Users have OS-level account privileges on server – No visibility into good vs. bad traffic – Requires time-consuming manual updates – Requires multiple applications for device management 5 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. Multiple Open Ports
Secure DNS - Purpose Built Appliance and OS • Minimal attack surfaces • Active/Active HA & DR recovery • Common Criteria Certification • FIPS 140-2 Compliance • Encrypted Inter-appliance Communication 6 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. • Centralized management with role-based control • Secured Access, communication & API • Detailed audit logging • Fast/easy upgrades
The Rising Tide of DNS Threats Financial impact is huge In the last year alone there has been an increase of 200% DNS attacks1 The average loss for a 24-hour outage from a DDoS attack3 Avg estimated loss per DDoS event in 20123 -$13.6M Technology -$7.7M Government company 7 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. 58% DDoS attacks1 With possible amplification up to 100x on a DNS attack, the amount of traffic delivered to a victim can be huge 5% 17% 28M Pose a significant threat to the global network infrastructure and can be easily utilized in DNS amplification attacks2 33M Number of open recursive DNS servers2 2M Financial Services Business Services 13% 21% 2% Healthcare 1% Automotive With enterprise level businesses receiving an average of 2 million DNS queries every single day, the threat of attack is significant -$17M Financial services 7% 1. Quarterly Global DDoS Attack Report, Prolexic, 4th Quarter, 2013 2. www.openresolverproject.org 42% Enterprise 29% Commerce 5% Miscellaneous Public Sector Media & Entertainment High Tech Consumer Goods 2% 5% Hotels 22% Retail Top Industries Targeted4 $27 million 3. Develop A Two-Phased DDoS Mitigation Strategy, Forrester Research, Inc. May 17, 2013 4. State of the Internet, Akamai, 2nd Quarter, 2013
Advanced DNS Protection: Defend Against DNS Attacks Protection against the Widest Range of DNS Attacks Threat Adapt Technology 8 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. • Intelligently defends against widest range of attacks • Blocks attacks responding to legitimate queries • Uses latest threat intelligence from analysis and research, • Morphs protection to reflect DNS configuration changes Quick Deployment • Deploys easily and runs in any environment • Immediately starts blocking attacks—even if an attack is already in progress
DNS Protection is Not Just About DDoS DNS reflection/DrDoS attacks 9 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. Using third-party DNS servers (mostly open resolvers) to propagate a DoS or DDoS attack DNS amplification Using a specially crafted query to create an amplified response to flood the victim with traffic TCP/UDP/ICMP floods Denial of service on layer 3 or 4 by bringing a network or service down by flooding it with large amounts of traffic DNS-based exploits Attacks that exploit bugs or vulnerabilities in the DNS software DNS cache poisoning Corruption of DNS server cache data with a rogue domain or IP Protocol anomalies Causing the server to crash by sending malformed DNS packets and queries Reconnaissance Attempts by hackers to get information on the network environment before launching a DDoS or other type of attack DNS tunneling Tunneling of another protocol through DNS port 53 for malware insertion and/or data exfiltration Volumetric/DDoS Attacks DNS hijacking Modifying the DNS record settings to point to a rogue DNS server or domain NXDomain attack Attacks that flood DNS server with requests for non-existent domains, causing it to send NXDomain (non-existent domain) responses Phantom domain attack Attacks where a DNS resolver is forced to resolve multiple non-existent domains, causing it to consume resources while waiting for responses DNS-specific Exploits
Defend Against Attacks Advanced DNS Protection 10 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. Reporting Server Automatic Updates (Threat Adapt) Infoblox Threat-rule Server Advanced DNS Protection (External DNS) Reports on attack types, severity Legitimate Traffic Advanced DNS Protection (Internal DNS) Data for Reports
Security Breaches Using Malware / APT Q2 Q3 Q4 Q1 11 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. 2013 2014
Real World Example Cryptolocker “Ransomware” • Targets Windows-based computers • Appears as an attachment to legitimate looking email • Upon infection, encrypts files: local hard drive & mapped network drives • Ransom: 72 hours to pay $300 US • Fail to pay and the encryption key is deleted and data is gone forever • Only way to stop (after executable has started) is to block outbound connection to encryption server 12 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
Anatomy of an Attack GameOver Zeus (GOZ) • 500,000 to 1M infections worldwide • Top countries affected: US (13%), Italy (12%), UAE (8%) • Top Industry targeted: Financial Services • Highly sophisticated and hard to track • Uses peer-to-peer (P2P) communication to control infected devices or botnet • Upon infection, it monitors the machine for finance-related information • Takes control of private online transactions and diverts funds to criminal accounts • Hundreds of millions of dollars stolen • Responsible for distribution of Cryptolocker • Infected systems can be used for DDoS attacks 13 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
Blocking Malware/APT DNS Firewall 14 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. An infected device brought into the office. Malware spreads to other devices on network. 1 2 3 Malware makes a DNS query to find “home.” (botnet / C&C) DNS Firewall blocks DNS query (by Domain name / IP Address) Malicious domains Infoblox DDI with DNS Firewall Blocked attempt sent to Syslog 3 4 Malware / APT 1 2 Malware / APT spreads within network; Calls home 4 Infoblox Reporting lists blocked attempts as well as the: • IP address • MAC address • Device type (DHCP fingerprint) • Host name • DHCP lease history Reputation data comes from: • DNS Firewall Subscription Svc • FireEye Adapter (NX Series)
Malware / APT We Block DGA Domain generating algorithm malware that randomly generates 15 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. domains to connect to malicious networks or botnets Fast Flux Rapidly changing of domains & IP addresses by malicious domains to obfuscate identity and location APT / Malware Malware designed to spread, morph and hide within IT infrastructure to perpetrate a long term attack (FireEye) DNS Hijacking Hijacking DNS registry(s) & re-directing users to malicious domain(s) Geo-Blocking Blocking access to geographies that have rates of malicious domains or Economic Sanctions by US Government
Secure DNS DNS is critical infrastructure Unprotected DNS infrastructure introduces serious security risks Infoblox Secure DNS Solution protects critical DNS services 16 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. Infoblox DNS Firewall Prevents Malware/APT from Using DNS Infoblox Advanced DNS Protection Defend Against DNS Attacks Hardened Appliance & OS Secure the DNS Platform
For more information www.infoblox.com 17 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..

Recomendados

Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Understanding SASE
Understanding SASE Understanding SASE
Understanding SASE
Haris Chughtai
 
Identity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryIdentity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and Recovery
Hanno Ekdahl
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
APNIC
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
Arrow ECS UK
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
Himanshu Prabhakar
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
Cloud security
Cloud securityCloud security
Cloud security
BikashPokharel3
 

Recomendados

Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Understanding SASE
Understanding SASE Understanding SASE
Understanding SASE
Haris Chughtai
 
Identity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryIdentity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and Recovery
Hanno Ekdahl
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
APNIC
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
Arrow ECS UK
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
Himanshu Prabhakar
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
Cloud security
Cloud securityCloud security
Cloud security
BikashPokharel3
 
DNS Security
DNS SecurityDNS Security
DNS Security
johnmcclure00
 
Ace Up the Sleeve
Ace Up the SleeveAce Up the Sleeve
Ace Up the Sleeve
Will Schroeder
 
Dns security
Dns securityDns security
Dns security
Dhaval Kapil
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Getting Demo & POV Ready
Getting Demo & POV ReadyGetting Demo & POV Ready
Getting Demo & POV Ready
ThousandEyes
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
NetIQ
 
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationCloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
Amazon Web Services
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
CyberArk
CyberArkCyberArk
CyberArk
Jimmy Sze
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
Gaurav Sharma
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
Iftikhar Ali Iqbal
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
Rollingsherman
 
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacks
MyNOG
 
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill ChainOrchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Priyanka Aash
 

Más contenido relacionado

La actualidad más candente

The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
NetIQ
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
Rollingsherman
 

La actualidad más candente (20)

DNS Security
DNS SecurityDNS Security
DNS Security
 
Ace Up the Sleeve
Ace Up the SleeveAce Up the Sleeve
Ace Up the Sleeve
 
Dns security
Dns securityDns security
Dns security
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
Getting Demo & POV Ready
Getting Demo & POV ReadyGetting Demo & POV Ready
Getting Demo & POV Ready
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
 
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationCloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
 
CyberArk
CyberArkCyberArk
CyberArk
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
 

Destacado

Education webinar april 2012
Education webinar april 2012Education webinar april 2012
Education webinar april 2012
Infoblox
 
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
Amazon Web Services
 
F5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructureF5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructure
DSorensenCPR
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat Services
ChessBall
 

Destacado (20)

DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacks
 
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill ChainOrchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
 
Education webinar april 2012
Education webinar april 2012Education webinar april 2012
Education webinar april 2012
 
DNS Security Presentation ISSA
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSA
 
Infoblox reporting
Infoblox reportingInfoblox reporting
Infoblox reporting
 
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
 
F5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructureF5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructure
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
 
2010-11 The Anatomy of a Web Attack
2010-11 The Anatomy of a Web Attack 2010-11 The Anatomy of a Web Attack
2010-11 The Anatomy of a Web Attack
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
 
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over InfobloxTop 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat Services
 
DNS Security Threats and Solutions
DNS Security Threats and SolutionsDNS Security Threats and Solutions
DNS Security Threats and Solutions
 
Cyber crime v3
Cyber crime v3Cyber crime v3
Cyber crime v3
 
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAMCómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
 

Similar a Infoblox Secure DNS Solution

PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PROIDEA
 
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
IJNSA Journal
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
IJNSA Journal
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
IJNSA Journal
 
DNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisDNS Advanced Attacks and Analysis
DNS Advanced Attacks and Analysis
CSCJournals
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Emulex Corporation
 

Similar a Infoblox Secure DNS Solution (20)

PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
 
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
 
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
 
DNS spoofing/poisoning Attack Report (Word Document)
DNS spoofing/poisoning Attack Report (Word Document)DNS spoofing/poisoning Attack Report (Word Document)
DNS spoofing/poisoning Attack Report (Word Document)
 
From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...
 
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
 
DNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisDNS Advanced Attacks and Analysis
DNS Advanced Attacks and Analysis
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
 
Denial of services : limiting the threat
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threat
 
Stopping DDoS Attacks In South Africa
Stopping DDoS Attacks In South AfricaStopping DDoS Attacks In South Africa
Stopping DDoS Attacks In South Africa
 
Rewriting the Rules for DDoS Protection in 2015
Rewriting the Rules for DDoS Protection in 2015Rewriting the Rules for DDoS Protection in 2015
Rewriting the Rules for DDoS Protection in 2015
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
 
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense StrategyBKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
 
SANGFOR_NGAF_v8.0.47_Associate_2022_06_Security_Protection.pptx
SANGFOR_NGAF_v8.0.47_Associate_2022_06_Security_Protection.pptxSANGFOR_NGAF_v8.0.47_Associate_2022_06_Security_Protection.pptx
SANGFOR_NGAF_v8.0.47_Associate_2022_06_Security_Protection.pptx
 
ddos-protector-customer-presentation.pdf
ddos-protector-customer-presentation.pdfddos-protector-customer-presentation.pdf
ddos-protector-customer-presentation.pdf
 

Último

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Último (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Infoblox Secure DNS Solution

  • 1. Securing DNS Infrastructure August 2014 1 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
  • 2. Why is DNS an Ideal Target? DNS is the cornerstone of the Internet used by every business/ Government 2 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. DNS as a Protocol is easy to exploit Traditional protection is ineffective against evolving threats DNS Outage = Business Downtime
  • 3. DNS Security Challenges 1 Securing the DNS Platform 2 Defending Against DNS Attacks 3 Preventing Malware from using DNS 3 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
  • 4. Hacks of DNS – 2013 & 2014 4 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
  • 5. Security Risks with Conventional Approach DNS installed on off-the-shelf server – Many open ports subject to attack – Users have OS-level account privileges on server – No visibility into good vs. bad traffic – Requires time-consuming manual updates – Requires multiple applications for device management 5 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. Multiple Open Ports
  • 6. Secure DNS - Purpose Built Appliance and OS • Minimal attack surfaces • Active/Active HA & DR recovery • Common Criteria Certification • FIPS 140-2 Compliance • Encrypted Inter-appliance Communication 6 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. • Centralized management with role-based control • Secured Access, communication & API • Detailed audit logging • Fast/easy upgrades
  • 7. The Rising Tide of DNS Threats Financial impact is huge In the last year alone there has been an increase of 200% DNS attacks1 The average loss for a 24-hour outage from a DDoS attack3 Avg estimated loss per DDoS event in 20123 -$13.6M Technology -$7.7M Government company 7 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. 58% DDoS attacks1 With possible amplification up to 100x on a DNS attack, the amount of traffic delivered to a victim can be huge 5% 17% 28M Pose a significant threat to the global network infrastructure and can be easily utilized in DNS amplification attacks2 33M Number of open recursive DNS servers2 2M Financial Services Business Services 13% 21% 2% Healthcare 1% Automotive With enterprise level businesses receiving an average of 2 million DNS queries every single day, the threat of attack is significant -$17M Financial services 7% 1. Quarterly Global DDoS Attack Report, Prolexic, 4th Quarter, 2013 2. www.openresolverproject.org 42% Enterprise 29% Commerce 5% Miscellaneous Public Sector Media & Entertainment High Tech Consumer Goods 2% 5% Hotels 22% Retail Top Industries Targeted4 $27 million 3. Develop A Two-Phased DDoS Mitigation Strategy, Forrester Research, Inc. May 17, 2013 4. State of the Internet, Akamai, 2nd Quarter, 2013
  • 8. Advanced DNS Protection: Defend Against DNS Attacks Protection against the Widest Range of DNS Attacks Threat Adapt Technology 8 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. • Intelligently defends against widest range of attacks • Blocks attacks responding to legitimate queries • Uses latest threat intelligence from analysis and research, • Morphs protection to reflect DNS configuration changes Quick Deployment • Deploys easily and runs in any environment • Immediately starts blocking attacks—even if an attack is already in progress
  • 9. DNS Protection is Not Just About DDoS DNS reflection/DrDoS attacks 9 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. Using third-party DNS servers (mostly open resolvers) to propagate a DoS or DDoS attack DNS amplification Using a specially crafted query to create an amplified response to flood the victim with traffic TCP/UDP/ICMP floods Denial of service on layer 3 or 4 by bringing a network or service down by flooding it with large amounts of traffic DNS-based exploits Attacks that exploit bugs or vulnerabilities in the DNS software DNS cache poisoning Corruption of DNS server cache data with a rogue domain or IP Protocol anomalies Causing the server to crash by sending malformed DNS packets and queries Reconnaissance Attempts by hackers to get information on the network environment before launching a DDoS or other type of attack DNS tunneling Tunneling of another protocol through DNS port 53 for malware insertion and/or data exfiltration Volumetric/DDoS Attacks DNS hijacking Modifying the DNS record settings to point to a rogue DNS server or domain NXDomain attack Attacks that flood DNS server with requests for non-existent domains, causing it to send NXDomain (non-existent domain) responses Phantom domain attack Attacks where a DNS resolver is forced to resolve multiple non-existent domains, causing it to consume resources while waiting for responses DNS-specific Exploits
  • 10. Defend Against Attacks Advanced DNS Protection 10 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. Reporting Server Automatic Updates (Threat Adapt) Infoblox Threat-rule Server Advanced DNS Protection (External DNS) Reports on attack types, severity Legitimate Traffic Advanced DNS Protection (Internal DNS) Data for Reports
  • 11. Security Breaches Using Malware / APT Q2 Q3 Q4 Q1 11 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. 2013 2014
  • 12. Real World Example Cryptolocker “Ransomware” • Targets Windows-based computers • Appears as an attachment to legitimate looking email • Upon infection, encrypts files: local hard drive & mapped network drives • Ransom: 72 hours to pay $300 US • Fail to pay and the encryption key is deleted and data is gone forever • Only way to stop (after executable has started) is to block outbound connection to encryption server 12 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
  • 13. Anatomy of an Attack GameOver Zeus (GOZ) • 500,000 to 1M infections worldwide • Top countries affected: US (13%), Italy (12%), UAE (8%) • Top Industry targeted: Financial Services • Highly sophisticated and hard to track • Uses peer-to-peer (P2P) communication to control infected devices or botnet • Upon infection, it monitors the machine for finance-related information • Takes control of private online transactions and diverts funds to criminal accounts • Hundreds of millions of dollars stolen • Responsible for distribution of Cryptolocker • Infected systems can be used for DDoS attacks 13 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
  • 14. Blocking Malware/APT DNS Firewall 14 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. An infected device brought into the office. Malware spreads to other devices on network. 1 2 3 Malware makes a DNS query to find “home.” (botnet / C&C) DNS Firewall blocks DNS query (by Domain name / IP Address) Malicious domains Infoblox DDI with DNS Firewall Blocked attempt sent to Syslog 3 4 Malware / APT 1 2 Malware / APT spreads within network; Calls home 4 Infoblox Reporting lists blocked attempts as well as the: • IP address • MAC address • Device type (DHCP fingerprint) • Host name • DHCP lease history Reputation data comes from: • DNS Firewall Subscription Svc • FireEye Adapter (NX Series)
  • 15. Malware / APT We Block DGA Domain generating algorithm malware that randomly generates 15 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. domains to connect to malicious networks or botnets Fast Flux Rapidly changing of domains & IP addresses by malicious domains to obfuscate identity and location APT / Malware Malware designed to spread, morph and hide within IT infrastructure to perpetrate a long term attack (FireEye) DNS Hijacking Hijacking DNS registry(s) & re-directing users to malicious domain(s) Geo-Blocking Blocking access to geographies that have rates of malicious domains or Economic Sanctions by US Government
  • 16. Secure DNS DNS is critical infrastructure Unprotected DNS infrastructure introduces serious security risks Infoblox Secure DNS Solution protects critical DNS services 16 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd.. Infoblox DNS Firewall Prevents Malware/APT from Using DNS Infoblox Advanced DNS Protection Defend Against DNS Attacks Hardened Appliance & OS Secure the DNS Platform
  • 17. For more information www.infoblox.com 17 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..