Tuesday, May 8, 2012
Whether it's in the form of a distributed denial of service (DDoS) attack or the hijacking of DNS servers as part of an effort to divert traffic to sites that distributed malicious malware, interest in all things DNS is on the rise.
The fundamental problem that many of these organizations have with DNS is that they depend on open source software running on commodity servers. The end result is a DNS server that is not particularly secure or robust enough to combat basic attacks.
For these reasons the folks at Infoblox think that as solution providers morph into providers of IT services many of them are going to need a more hardened approach to DNS. To help address that issue Infoblox today is launching an Infoblox 4030 DNS Caching Appliance that can process more than one million DNS queries per second.
According to Steven Garrison, Infoblox vice president of marketing, that's about 25 times faster than most legacy systems. But just as important as that might be from a performance perspective in terms of dealing with the requirements of social media and mobile computing applications, Garrison notes that kind of performance capability has multiple security implications as well.
Beyond the built-in detailed reporting and blacklisting capabilities that help automate early detection of certain attacks and disable URLs of attacking servers, multiple Infoblox 4030 appliances can be connected via a grid to provide the ability to process billions of DNS queries per second. In the event of a DDoS attack that capability could prove crucial because it buys service providers the time they need to track down the source of the attack and block it before the entire system crashes.
The Infoblox 4030 also includes hardened chassis and a custom operating system to prevent root access to the system while also supporting DNS Security Extensions (DNSSEC).
Infoblox, which just filed for an initial public offering, has been specializing in the delivery of DNS server appliances for years. For the most part the market for Infoblox appliances has been limited to telecommunications carriers and high-end enterprise IT organizations. But as the volume of Web application connections that need to be made increases alongside the sophistication of the attacks being aimed at DNS servers, the need for more robust DNS appliances among providers of cloud computing and managed service providers (MSPs) has become apparent.
Not everyone may need an appliance as robust as the Infoblox 430, which is why Infoblox makes a range of appliance platforms available. But as Garrison notes, the world is a very much different place today when it comes to DNS security than it was even a year ago. In fact, the government planning to shut down in March a DNS network that was built to help catch hackers that had been poisoning DNS server results in order to redirect end users to fake Web sites where they were infected by malware. Known as Operation Ghost-Click, that shutdown could affect millions of PC and Macintosh systems worldwide. Because so many PC systems were found with altered DNS settings that pointed to the rogue DNS servers, authorities responsible for Operation Ghost Click decided to leave the network intact and just convert it to run as a legitimate DNS system. As a result, any PC still infected with the DNSChanger malware would start resolving URLs properly again. But the government plans to suspend that support for the rogue network in March, which could leave a lot of organizations without access to millions of Web pages.
Obviously, that creates both and opportunity and a headache for solution providers in the channel. But the good news longer term is a lot more organizations - both inside and outside the channel - have a much greater appreciation for the need secure DNS appliances.
"Interest in All Things DNS Rises 346889." Channel Insider 7 May 2012. Computer Database. Web. 8 May 2012.
Gale Document Number: GALE|A288939289