Más contenido relacionado La actualidad más candente (20) Similar a Infoblox Secure DNS Solution (20) Infoblox Secure DNS Solution2. Why is DNS an Ideal Target?
DNS is the
cornerstone of the
Internet used by
every business/
Government
2 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
DNS as a Protocol
is easy to exploit
Traditional
protection is
ineffective against
evolving threats
DNS Outage = Business Downtime
3. DNS Security Challenges
1 Securing the DNS Platform
2 Defending Against DNS Attacks
3 Preventing Malware from using DNS
3 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
4. Hacks of DNS – 2013 & 2014
4 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
5. Security Risks with Conventional Approach
DNS installed on off-the-shelf server
– Many open ports subject to attack
– Users have OS-level account
privileges on server
– No visibility into good vs. bad traffic
– Requires time-consuming manual
updates
– Requires multiple applications for
device management
5 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
Multiple
Open Ports
6. Secure DNS - Purpose Built Appliance and OS
• Minimal attack surfaces
• Active/Active HA & DR recovery
• Common Criteria Certification
• FIPS 140-2 Compliance
• Encrypted Inter-appliance
Communication
6 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
• Centralized management with
role-based control
• Secured Access, communication
& API
• Detailed audit logging
• Fast/easy upgrades
7. The Rising Tide of DNS Threats
Financial impact is huge
In the last
year alone
there has been
an increase of
200%
DNS attacks1
The average loss for a 24-hour
outage from a DDoS attack3
Avg estimated loss per DDoS event in 20123
-$13.6M
Technology
-$7.7M
Government company
7 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
58%
DDoS attacks1
With possible amplification up to
100x on a DNS attack, the
amount of traffic delivered
to a victim can be huge
5%
17%
28M
Pose a significant threat
to the global network
infrastructure and can
be easily utilized in DNS
amplification attacks2
33M Number of open
recursive DNS servers2
2M
Financial
Services
Business
Services
13%
21%
2% Healthcare
1% Automotive
With enterprise level businesses receiving an
average of 2 million DNS queries every single
day, the threat of attack is significant
-$17M
Financial services
7%
1. Quarterly Global DDoS Attack Report, Prolexic, 4th Quarter, 2013 2. www.openresolverproject.org
42%
Enterprise
29%
Commerce
5% Miscellaneous
Public Sector
Media &
Entertainment
High Tech
Consumer
Goods
2%
5% Hotels
22% Retail
Top Industries Targeted4
$27
million
3. Develop A Two-Phased DDoS Mitigation Strategy, Forrester Research, Inc. May 17, 2013 4. State of the Internet, Akamai, 2nd Quarter, 2013
8. Advanced DNS Protection:
Defend Against DNS Attacks
Protection against the Widest Range of DNS Attacks
Threat Adapt Technology
8 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
• Intelligently defends against widest range of attacks
• Blocks attacks responding to legitimate queries
• Uses latest threat intelligence from analysis and research,
• Morphs protection to reflect DNS configuration changes
Quick Deployment
• Deploys easily and runs in any environment
• Immediately starts blocking attacks—even if an attack
is already in progress
9. DNS Protection is Not Just About DDoS
DNS reflection/DrDoS attacks
9 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
Using third-party DNS servers (mostly open resolvers) to propagate
a DoS or DDoS attack
DNS amplification
Using a specially crafted query to create an amplified response to
flood the victim with traffic
TCP/UDP/ICMP floods
Denial of service on layer 3 or 4 by bringing a network or service down
by flooding it with large amounts of traffic
DNS-based exploits Attacks that exploit bugs or vulnerabilities in the DNS software
DNS cache poisoning Corruption of DNS server cache data with a rogue domain or IP
Protocol anomalies
Causing the server to crash by sending malformed DNS packets
and queries
Reconnaissance
Attempts by hackers to get information on the network environment
before launching a DDoS or other type of attack
DNS tunneling
Tunneling of another protocol through DNS port 53 for malware
insertion and/or data exfiltration
Volumetric/DDoS Attacks
DNS hijacking
Modifying the DNS record settings to point to a rogue DNS
server or domain
NXDomain attack
Attacks that flood DNS server with requests for non-existent domains,
causing it to send NXDomain (non-existent domain) responses
Phantom domain attack
Attacks where a DNS resolver is forced to resolve multiple non-existent
domains, causing it to consume resources while waiting for responses
DNS-specific Exploits
10. Defend Against Attacks
Advanced DNS Protection
10 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
Reporting
Server
Automatic Updates
(Threat Adapt)
Infoblox
Threat-rule
Server
Advanced DNS
Protection
(External DNS)
Reports on attack types, severity
Legitimate Traffic
Advanced DNS
Protection
(Internal DNS)
Data for
Reports
11. Security Breaches Using Malware / APT
Q2 Q3 Q4 Q1
11 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
2013 2014
12. Real World Example
Cryptolocker “Ransomware”
• Targets Windows-based computers
• Appears as an attachment to legitimate
looking email
• Upon infection, encrypts files: local hard
drive & mapped network drives
• Ransom: 72 hours to pay $300 US
• Fail to pay and the encryption key is
deleted and data is gone forever
• Only way to stop (after executable has
started) is to block outbound connection to
encryption server
12 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
13. Anatomy of an Attack
GameOver Zeus (GOZ)
• 500,000 to 1M infections worldwide
• Top countries affected: US (13%), Italy (12%),
UAE (8%)
• Top Industry targeted: Financial Services
• Highly sophisticated and hard to track
• Uses peer-to-peer (P2P) communication to
control infected devices or botnet
• Upon infection, it monitors the machine for
finance-related information
• Takes control of private online transactions and
diverts funds to criminal accounts
• Hundreds of millions of dollars stolen
• Responsible for distribution of Cryptolocker
• Infected systems can be used for DDoS attacks
13 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
14. Blocking Malware/APT
DNS Firewall
14 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
An infected device brought into
the office. Malware spreads to
other devices on network.
1
2
3
Malware makes a DNS query
to find “home.” (botnet / C&C)
DNS Firewall blocks DNS query
(by Domain name / IP Address)
Malicious
domains
Infoblox DDI
with DNS
Firewall Blocked attempt
sent to Syslog
3
4
Malware /
APT
1
2
Malware / APT spreads
within network; Calls home
4
Infoblox Reporting lists blocked
attempts as well as the:
• IP address
• MAC address
• Device type (DHCP fingerprint)
• Host name
• DHCP lease history
Reputation data comes from:
• DNS Firewall Subscription Svc
• FireEye Adapter (NX Series)
15. Malware / APT We Block
DGA Domain generating algorithm malware that randomly generates
15 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
domains to connect to malicious networks or botnets
Fast Flux Rapidly changing of domains & IP addresses by malicious
domains to obfuscate identity and location
APT / Malware Malware designed to spread, morph and hide within IT
infrastructure to perpetrate a long term attack (FireEye)
DNS Hijacking Hijacking DNS registry(s) & re-directing users to malicious
domain(s)
Geo-Blocking Blocking access to geographies that have rates of malicious
domains or Economic Sanctions by US Government
16. Secure DNS
DNS is critical
infrastructure
Unprotected DNS
infrastructure introduces
serious security risks
Infoblox Secure DNS
Solution protects critical
DNS services
16 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..
Infoblox DNS Firewall
Prevents Malware/APT from Using DNS
Infoblox Advanced DNS Protection
Defend Against DNS Attacks
Hardened Appliance & OS
Secure the DNS Platform
17. For more information
www.infoblox.com
17 © 2013 Infoblox | 2014 IInncc.. AAllll RRiigghhttss RReesseerrvveedd..