Infoblox upgrade thwarts DNS attacks

Infoblox Monday announced upgrades across its line of core network services appliances that are designed to better protect DNS servers from cache poisoning and other malicious attacks.

The IP address management vendor upgraded its NIOS operating system with security features that monitor DNS protocol traffic to alert IT managers when an attack is in progress and provide methods to automatically mitigate an attack. To combat the recent vulnerabilities revealed about DNS, Infoblox NIOS Version 4.3r2 includes a DNS firewall feature that Infoblox says will protect servers from potentially malicious activities. NIOS runs on hardware appliances ranging in size and capacity, depending on the environment.

With this release, enterprise network managers can reconfigure internal servers to send recursive queries to the appliances equipped with the DNS firewall capability, which will protect internal systems without causing a reduction in DNS services. Infoblox appliances sit in a data center in front of DNS and DHCP servers in a high-availability pair. The appliances are part of the company's grid technology, which enables enterprise network managers to perform one-to-many upgrades across multiple appliances.

"Despite the patches that have been released to protect against recent DNS vulnerabilities, those are short-term fixes. Recursive queries are the subject of attacks and you simply can't not have them and it is a challenge to keep up with patching multiple systems," says Brett Eldridge, vice president of product management at Infoblox. "By reconfiguring the servers to send those queries to protected appliances, the scope of where someone can attack you is reduced."

The company, which competes with the likes of BlueCat Networks, BT Diamond and MetaInfo, also added a feature that monitors signs, or fingerprints, of the attack. (Compare IP address management products.) With this information, enterprise network managers can more quickly identify similar attacks in the future and take steps, such as limiting traffic to the IP address under attack, to mitigate the risk.

"You can't sit and watch your DNS servers all the time, but with this fingerprint feature, there is earlier indication that you are under attack and measures can be taken," Eldridge says. "These features make it easier to understand when you might be under attack."

NIOS Version 4.3r2 is available across five appliance platforms. Pricing starts at about US$2,500 for the lower-end appliances. The operating system software upgrade is available free of charge to current customers with valid maintenance contracts.