advanced dns protection
DESCRIPTION
DNS is one of the fastest growing attack vectors and current security solutions don’t address DNS threats. Infoblox Advanced DNS Protection is a self-protecting DNS appliance that provides defense against widest range of attacks – enabling you to automatically defend your business from DNS threats.TRANSCRIPT
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved.
Infoblox Advanced DNS ProtectionAutomatically Defend Your Business from DNS Attacks
2 | © 2013 Infoblox Inc. All Rights Reserved. 2 | © 2014 Infoblox Inc. All Rights Reserved.
The Problem
DNS is one of the fastest growing attack vectors
Traditional protection is
ineffective against evolving threats
DNS outage causes network downtime,
loss of revenue, and negative brand impact
Unprotected DNS infrastructure introduces security risks
3 | © 2013 Infoblox Inc. All Rights Reserved. 3 | © 2014 Infoblox Inc. All Rights Reserved.
Why is DNS an Ideal Attack Target?
3
DNS is the cornerstone of the Internet, used by
every business and government
DNS protocol is stateless and
attackers cannot be traced easily
DNS as a protocol is easy
to exploit
Maximum impact with minimum effort
4 | © 2013 Infoblox Inc. All Rights Reserved. 4 | © 2014 Infoblox Inc. All Rights Reserved.
The Rising Tide of DNS Threats
In the last year alone there has been an increase of
200%DNS attacks1
58%DDoS attacks1
With possible amplification up to
100x on a DNS attack, the amount of traffic delivered to a victim can be huge
28MPose a significant threat to the global network infrastructure and can be easily utilized in DNS amplification attacks2
33M Number of openrecursive DNS servers2
With enterprise level businesses receiving an average of 2 million DNS queries every single day, the threat of attack is significant
2M
1. Quarterly Global DDoS Attack Report, Prolexic, 4th Quarter, 2013 2. www.openresolverproject.org
Financial servicesTechnologycompanyGovernment
Financial impact is huge
Avg estimated loss per DDoS event in 20123
-$7.7M-$13.6M
-$17M
The average loss for a 24-houroutage from a DDoS attack3
42%Enterprise
29%Commerce
Miscellaneous5%
Automotive1%
Healthcare2%
BusinessServices
21%
Financial Services
13%
Public Sector
5%
Media &Entertainment
17%
High Tech
7%
Consumer Goods
2%
Hotels5%
Retail22%
Top Industries Targeted4
$27million
3. Develop A Two-Phased DDoS Mitigation Strategy, Forrester Research, Inc. May 17, 2013 4. State of the Internet, Akamai, 2nd Quarter, 2013
5 | © 2013 Infoblox Inc. All Rights Reserved. 5 | © 2014 Infoblox Inc. All Rights Reserved.
DNS Hijackings: 2013 & 2014
6 | © 2013 Infoblox Inc. All Rights Reserved. 6 | © 2014 Infoblox Inc. All Rights Reserved.
Anatomy of an AttackDistributed Reflection DoS Attack (DrDoS)
How the attack works
Attacker
Internet
Spoofed
Queries
Open Recursive Servers
Am
plified
Reflected
Packets
Target Victim
Combines reflection and amplification
Uses third-party open resolvers in the Internet (unwitting accomplice)
Attacker sends spoofed queries to the open recursive servers
Uses queries specially crafted to result in a very large response
Causes DDoS on the victim’s server
7 | © 2013 Infoblox Inc. All Rights Reserved. 7 | © 2014 Infoblox Inc. All Rights Reserved.
Advanced DNS Protection: Defend Against DNS Attacks
Threat Adapt Technology• Continuously adapts to evolving threats; automatically
updates protection without patching or downtime
• Uses latest threat intelligence from analysis and research, and new threats seen in customer networks
• Morphs protection to reflect DNS configuration changes
Protection against the Widest Range of DNS Attacks
• Intelligently defends against widest range of attacks to ensure secure, resilient, and trustworthy DNS services
• Blocks attacks while continuing to respond to legitimate DNS requests
Quick Deployment• Deploys easily and runs in any environment
• Immediately starts blocking attacks—even if an attack is already in progress
8 | © 2013 Infoblox Inc. All Rights Reserved. 8 | © 2014 Infoblox Inc. All Rights Reserved.
Solution Components
Infoblox Advanced AppliancePT-1400, PT-2200, PT-4000
Infoblox Advanced DNS Protection Service
• Advanced DNS Protection activation
• Threat Adapt technology for automatic protection against new and evolving DNS threats
• 1- or 3-year term support and maintenance
• DNS appliance purpose built with security in mind
• Next-generation programmable processor and dedicated compute for threat mitigation
Note: Customers who have IB-4030 Rev2 need to purchase a separate Advanced DNS Protection license
9 | © 2013 Infoblox Inc. All Rights Reserved. 9 | © 2014 Infoblox Inc. All Rights Reserved.
Fully Integrated into Infoblox GRID™
ReportingServer
Automatic Updates(Threat Adapt)
Infoblox Threat-rule
Server
Advanced DNS Protection
(External DNS)
Reports on attack types, severity
Amplif
icationCache Poisoning
Legitimate Traffic
Legi
timat
e Tr
affic
Le
git
ima
te T
raff
ic
Legitimate Traffic
Rec
on
nai
ssan
ceDN
S E
xploits
Advanced DNS Protection
(Internal DNS)
Grid-wide rule distribution
Dat
a fo
r R
epo
rts
10 | © 2013 Infoblox Inc. All Rights Reserved. 10 | © 2014 Infoblox Inc. All Rights Reserved.
DNS Protection is Not Just About DDoSDNS reflection/DrDoS attacks
Using third-party DNS servers (mostly open resolvers) to propagate a DoS or DDoS attack
DNS amplificationUsing a specially crafted query to create an amplified response to flood the victim with traffic
TCP/UDP/ICMP floodsDenial of service on layer 3 or 4 by bringing a network or service down by flooding it with large amounts of traffic
DNS-based exploits Attacks that exploit bugs or vulnerabilities in the DNS software
DNS cache poisoning Corruption of DNS server cache data with a rogue domain or IP
Protocol anomaliesCausing the server to crash by sending malformed DNS packets and queries
Reconnaissance Attempts by hackers to get information on the network environment before launching a DDoS or other type of attack
DNS tunneling Tunneling of another protocol through DNS port 53 for malware insertion and/or data exfiltration
Volumetric/DDoS Attacks
DNS hijackingModifying the DNS record settings to point to a rogue DNS server or domain
NXDomain attackAttacks that flood DNS server with requests for non-existent domains, causing it to send NXDomain (non-existent domain) responses
Phantom domain attack Attacks where a DNS resolver is forced to resolve multiple non-existent domains, causing it to consume resources while waiting for responses
DNS-specific Exploits
11 | © 2013 Infoblox Inc. All Rights Reserved. 11 | © 2014 Infoblox Inc. All Rights Reserved.
Global Visibility with ReportingIntelligence Needed to Take Action
• Attack details by category, member, rule, severity, and time• Visibility into source of attacks for blocking, to understand scope and severity• Early identification and isolation of issues for corrective action
12 | © 2013 Infoblox Inc. All Rights Reserved. 12 | © 2014 Infoblox Inc. All Rights Reserved.
Legitim
ate Tra
ffic
Reconnaissance
Amplif
ication
Exploits
Cache P
oisoning
Legitim
ate Tra
ffic
Legitim
ate Tra
ffic
Legitim
ate Tra
ffic
Deployment Options
INTERNET
Grid Masterand Candidate (HA)
Advanced DNS Protection
D M Z
INTRANET
DATACENTER CAMPUS/REGIONAL
Advanced DNS Protection
EXTERNAL
13 | © 2013 Infoblox Inc. All Rights Reserved. 13 | © 2014 Infoblox Inc. All Rights Reserved.
Deployment Options
Grid Masterand Candidate (HA)
INTRANET
Endpoints
DATACENTER CAMPUS/REGIONAL
Advanced DNS Protection
Advanced DNS Protection
Amplificatio
n
Explo
its
Legitim
ate Tra
ffic
Legitim
ate Tra
ffic
INTERNAL
14 | © 2013 Infoblox Inc. All Rights Reserved. 14 | © 2014 Infoblox Inc. All Rights Reserved.
For more information www.infoblox.com