Moving to address emerging security issues relating to how DNS is used inside the data center, Infoblox this week unveiled an appliance that can detect and block DNS attacks.
Designed to be deployed in a network rack, the Infoblox Internal DNS Security appliance prevents hackers from launching attacks against DNS server that data center operators deploy inside a data center to manage external requests.
In recent months Arya Barirani, vice president of product marketing for Infoblox, says DNS servers inside the data center have become targets because firewalls don’t inspect DNS queries. Unfortunately, as one of the earliest Internet technologies ever developed, Barirani says DNS assumes a level of trust that doesn’t exist in the IT world today.
“Hackers are now going after the soft underbelly of the network,” says Barirani. “We’re starting to see more attacks aimed at the DNS server inside the data center.
Specifically, Barirani says the Infoblox Internal DNS Security appliance is designed to harden the DNS server in a way prevents distributed denial of service (DDoS) attacks from being launched. Barirani says it also prevents malware from hijacking it to communicate with a botnet server or steal data using DNS queries.
The Infoblox Internal DNS Security appliance is a complement to the Infoblox External DNS Security appliance that is designed to mitigate external threats such as volumetric DDoS, DNS hijacking, DNS-based exploits, and reconnaissance attacks. When a DDoS attack is detected, the appliance is designed to blocking hostile DNS traffic.
In addition, Infoblox has exposed a set of application programming interfaces through which its appliance can consume threat intelligence provided by third-party security intelligence services. In the event of a DNS attack, the Infoblox appliances can be alerted to the threat before those attacks cripple a local DNS server.
At this point, however, the biggest challenge may be finding who inside the data center is actually responsible for securing the DNS server. The networking team often tends to think of anything to do with security to be outside their purview. The IT security team, conversely, assumes anything associated with DNS is being handled by the networking specialists inside the data center.
Hackers, meanwhile, are not only getting savvier about exploiting seams between how teams inside data centers are organized, they have access to advanced analytics tools that make it easy to identify vulnerable DNS servers. Given that level of sophistication of those tools it’s probably only a matter of time before an existing DNS server gets compromised.