Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2013 Infoblox Inc. All Rights Reserved. Tim Connelly, Manager, Systems Engineering Tim Connelly, Manager, Systems Engineering.

Similar presentations


Presentation on theme: "© 2013 Infoblox Inc. All Rights Reserved. Tim Connelly, Manager, Systems Engineering Tim Connelly, Manager, Systems Engineering."— Presentation transcript:

1 © 2013 Infoblox Inc. All Rights Reserved. Tim Connelly, Manager, Systems Engineering Tim Connelly, Manager, Systems Engineering Expanding Your Network Security 1

2 © 2013 Infoblox Inc. All Rights Reserved. What We Do: Innovative Technology for Network Control APPS & END-POINTS END POINTSVIRTUAL MACHINESPRIVATE CLOUDAPPLICATIONS NETWORK INFRASTRUCTURE FIREWALLSSWITCHESROUTERSWEB PROXYLOAD BALANCERS CONTROL PLANE Infoblox Grid TM w/ Real-time Network Database Historical /Real-time Reporting & Control Historical /Real-time Reporting & Control 2

3 © 2013 Infoblox Inc. All Rights Reserved. THREAT LANDSCAPE MOBILE DEVICE EXPLOSION VIRTUALIZATION / CLOUD CONSOLIDATION SOFTWARE DEFINED NETWORKS IPv6 TRANSITION Trends Redefining Business Networks 3

4 © 2013 Infoblox Inc. All Rights Reserved. Maintaining Security with Infoblox Compliance & Policy Standardization Enforce Firewall Rule & ACL Automation Control Secure DNS, DHCP and IP Address ManagementSecuring DNS Protect 4

5 © 2013 Infoblox Inc. All Rights Reserved. Securing DNS Protect 5

6 © 2013 Infoblox Inc. All Rights Reserved. Securing DNS DNS Firewall 6

7 © 2013 Infoblox Inc. All Rights Reserved. DNS-exploiting Malware 7 Technology trends are accelerating the spread of this class of malware DNS-exploiting malware are the underpinning for a variety of attacks Professional attackers are successfully exploiting the largely unprotected DNS infrastructure This is a subset of threats security experts call Advanced Persistent Threat (APT) or Botnet Malware

8 © 2013 Infoblox Inc. All Rights Reserved. Getting Around Traditional Defenses Fast Flux – Rapid Change of IP Addresses – Requires DNS Query Security researchers discovered Fast Flux usage in November 2006 Multiple nodes within network registering / de-registering IP addresses as part of the DNS A (address) record list for a single DNS name. TTL = 5 minutes (300 sec) DNS Queries used to find C&C or BotNet Server(s).

9 © 2013 Infoblox Inc. All Rights Reserved. Complement to Existing Security Defense in Depth… Traditional or Next Generation Firewall (e.g. Checkpoint, Juniper, Palo Alto, Imperva, Cisco, etc.) Anti-Virus (e.g. Symantec, McAfee, Webroot, Kapersky, etc.) / Web Security (e.g. Blue Coat, McAfee, Websense) Advance Persistent Threat ( e.g. Damballa, FireEye) Security Information and Event Management (SIEM) (e.g. Trustwave, McAfee, Q1Labs)

10 © 2013 Infoblox Inc. All Rights Reserved. Write to Syslog and send to Trinzic Reporting Infoblox DNS Firewall Reputational Feed from Infoblox Walled Garden garden.yourcompany.com Infected Client Infoblox DNS Firewall / Recursive DNS Server Infoblox DNS Firewall / Recursive DNS Server Infoblox DNS Firewall / Recursive DNS Server Redirect Dynamic Grid-Wide Policy Distribution Dynamic Policy Update Block / Disallow session Contact botnet Query to badsite.com Apply Policy 10

11 © 2013 Infoblox Inc. All Rights Reserved. Detailed Tracking and Reporting Options Automatic reporting Top Infected Clients Malicious requested domains and number of requests Lease history by MAC address with detailed drill down Security Policy Violations Report 11

12 © 2013 Infoblox Inc. All Rights Reserved. Securing DNS Advanced DNS Protecion 12

13 © 2013 Infoblox Inc. All Rights Reserved. The Problem 13 DNS-based attacks are on the rise Traditional protection is ineffective against evolving threats DNS outage causes network downtime, loss of revenue, and negative brand impact Unprotected DNS infrastructure introduces security risks

14 © 2013 Infoblox Inc. All Rights Reserved. Why is DNS an Ideal Attack Target? 14 DNS is the cornerstone of the Internet, used by every business and government DNS protocol is stateless and hence vulnerable DNS as a protocol is easy to exploit Maximum impact with minimum effort

15 15 | © 2013 Infoblox Inc. All Rights Reserved – DNS Threat is Significant Attacks against DNS infrastructure growing ̶ DNS-specific attacks up 200% in 2012 ̶ ICMP, SYN, UDP attacks growing significantly too Source: Arbor Networks Source: Prolexic Quarterly Global DDoS Attack Report Q ACK: 1.69% CHARGEN: 3.37% FIN PUSH: 0.39% DNS: 8.94% ICMP: 11.41%RESET: 1.94% RIP: 0.13% RP: 0.39% SYN: 18.16% TCP FRAGMENT: 0.65% SYN PUSH: 0.13% UDP FLOODS: 14.66% UDP FRAGMENT: 14.66% Infrastructure Layer: 76.52%

16 © 2013 Infoblox Inc. All Rights Reserved. Attack apps being built How DNS DDoS is Becoming Easier DDoS attacks against major U.S financial institutions Launching (DDoS) taking advantage of Server bandwidth 4 types of DDoS attacks: –DNS amplification, –Spoofed SYN, –Spoofed UDP –HTTP+ proxy support Script offered for $800

17 © 2013 Infoblox Inc. All Rights Reserved. The Solution - Infoblox Advanced DNS Protection Unique Detection and Mitigation Intelligently distinguishes legitimate DNS traffic from attack traffic like DDoS, DNS exploits, tunneling Mitigates attacks by dropping malicious traffic and responding to legitimate DNS requests Centralized Visibility Centralized view of all attacks happening across the network through detailed reports Intelligence needed to take action Ongoing Protection Against Evolving Threats Regular automatic threat-rule updates based on threat analysis and research Helps mitigate attacks sooner vs. waiting for patch updates

18 © 2013 Infoblox Inc. All Rights Reserved. Solution Components 18 Infoblox Advanced Appliance PT-1400, PT-2200, PT-4000 Infoblox Advanced DNS Protection Service DNS Advanced DNS Protection activation Automatic updates for protection against new and evolving threats Support and Maintenance DNS appliance purpose built with security in mind Enhanced processing and dedicated compute for threat mitigation Note: Customers who have IB-4030 Rev2 need to purchase a separate Adv. DNS Protection license.

19 © 2013 Infoblox Inc. All Rights Reserved. Fully Integrated into Infoblox Grid Reporting Server Automatic updates Infoblox Threat-rule Server Infoblox Advanced DNS Protection (External Auth.) GRID Master Reports on attack types, severity New Amplification Cache Poisoning Legitimate Traffic Reconnaissance DNS Exploits Infoblox Advanced DNS Protection (Internal Recursive) New Block DNS attacks Grid-wide rule distribution Data for Reports

20 © 2013 Infoblox Inc. All Rights Reserved. What Attacks Do We Protect Against? DNS reflection/DrDoS attacks Using third-party DNS servers(open resolvers) to propagate a DOS or DDOS attack DNS amplification Using a specially crafted query to create an amplified response to flood the victim with traffic DNS-based exploits Attacks that exploit vulnerabilities in the DNS software TCP/UDP/ICMP floods Denial of service on layer 3 by bringing a network or service down by flooding it with large amounts of traffic DNS cache poisoning Corruption of the DNS cache data with a rogue address Protocol anomalies Causing the server to crash by sending malformed packets and queries Reconnaissance Attempts by hackers to get information on the network environment before launching a DDoS or other attack DNS tunneling Tunneling of another protocol through DNS for data exfiltration

21 © 2013 Infoblox Inc. All Rights Reserved. Intelligence Needed to Take Action Centralized Visibility: Reporting Attack details by category, member, rule, severity, and time Visibility into source of attacks for blocking, to understand scope and severity Early identification and isolation of issues for corrective action

22 © 2013 Infoblox Inc. All Rights Reserved. External authoritative and Internal Recursive Enterprise Legitimate Traffic INTERNET Advanced DNS Protection Grid Master and Candidate (HA) Advanced DNS Protection D M Z INTRANET Reconnaissance Amplification Exploits DNS Tunneling Legitimate Traffic Protection against cyber attacks and internal DNS attacks GRID Master and Candidate (HA) INTRANET Endpoints Advanced DNS Protection Amplification Cache Poisoning Legitimate Traffic DATACENTERCAMPUS/REGIONAL DATACENTER CAMPUS/REGIONAL

23 © 2013 Infoblox Inc. All Rights Reserved. Infoblox Security Device Controller Control 23

24 © 2013 Infoblox Inc. All Rights Reserved. Manual The Pain of Legacy Processes Legacy Approach Hours/ Days Firewall Change Needed 1 Search For Devices 2 Figure Out Impacted Devices 3 Determine Correct Config 4 Compare Change to Standards/ Compliance 5 Request Change/ Implement Manually 6 Reconfirm Correctness and Compliance Hours/DaysNetwork Provisioning Time Manual processes cannot keep up SLA are lengthening to weeks or a even a month Require dedicated, senior network architects –Routine, repetitive, error-prone –Multiple vendor expertise needed 24

25 © 2013 Infoblox Inc. All Rights Reserved. Automated Network Discovery Simple and complete network-wide discovery Powerful topology to visualize path 25

26 © 2013 Infoblox Inc. All Rights Reserved. Embedded Expertise Built-in intelligence automatically provides detailed ACL/rule views Detects problems like unused, overlapping and duplicate rules out-of-the box Detects problems like unused, overlapping and duplicate rules out-of-the box 26

27 © 2013 Infoblox Inc. All Rights Reserved. Powerful Search Search results identify all matching devices including vendor specific syntax Easily customize search criteria for one or multiple devices 27

28 © 2013 Infoblox Inc. All Rights Reserved. Customizable Alerting Immediately identify and track defined alerts to allow or deny access Create Alerts for both Blacklisting and Whitelisting 28

29 © 2013 Infoblox Inc. All Rights Reserved. Multi-vendor Provisioning Maintain control with user-based access rights and change process Provision changes in the same platform and view the vendor-specific syntax 29

30 © 2013 Infoblox Inc. All Rights Reserved. Manual The Power of Infoblox Legacy Approach Infoblox Approach Hours/ Days Automated Days/ Weeks Firewall Change Needed 1 Search For Devices 2 Figure Out Impacted Devices 3 Determine Correct Config 4 Compare Change to Standards/ Compliance 5 Request Change/ Implement Manually 6 Reconfirm Correctness and Compliance Firewall Change Needed 30

31 © 2013 Infoblox Inc. All Rights Reserved. Compliance, Internal Policies & Best Practices Enforce & Maintain 31

32 © 2013 Infoblox Inc. All Rights Reserved. Common Standardization & Compliance Situation Requirements are researched and documented The Gap –Between the Policies and the actual state of the network devices Manual vs Automation –Its not reasonable to expect to be able to achieve full compliance through manual processes 32

33 © 2013 Infoblox Inc. All Rights Reserved. Infoblox Network Automation Overview Network discovery Built-in analysis Check against best practices Detect issues Monitor and manage change Automate change Maintain compliance Provision ACL & rules Collected Via: SNMP CLI/configuration Syslog Fingerprinting Real-time & Historical Analysis 33

34 © 2013 Infoblox Inc. All Rights Reserved. Standardization - Compliance Management Embedded compliance rules Customizable best practice templates Manage multiple policies Proactive violation detected Multiple remediation options Current and historical views 34

35 © 2013 Infoblox Inc. All Rights Reserved. Configuration Analysis Unique pre-packaged expertise Identifies common misconfigurations Customizable alerting Recommended remediation options Understand concept of the network Network Scorecard views 35

36 © 2013 Infoblox Inc. All Rights Reserved. Powerful Reporting Single-click compliance reports Pre-packaged and customizable Powerful filtering Executive and detailed reports On-demand or scheduled User-based view rights 36

37 © 2013 Infoblox Inc. All Rights Reserved. Value of Network Standardization Verify your desired state to the as is state Verify your desired state to the as is state Improve network stability and consistency Reduce manual processes Eliminate extensive, time- consuming audit teams Increase accuracy with automation and embedded expertise Focus on building secure infrastructure instead of waiting for audits 37

38 © 2013 Infoblox Inc. All Rights Reserved. DNS, DHCP and IP Address Management Secure 38

39 © 2013 Infoblox Inc. All Rights Reserved. DHCP Fingerprinting DHCPDISCOVER Option Sequence 1,15,3,6,44,46,47,31,33,121,249,43 Laptop DHCPOFFER Option Sequence 1,3,6,15,119,78,79,95,252 Tablet DHCPOFFER DHCPDISCOVER X X

40 © 2013 Infoblox Inc. All Rights Reserved. Introducing DHCP Automatically detect DHCP clients during the DHCPDISCOVER process Manage DHCP leases by asset or device Improve network planning with new device focused reports Auto organize and group devices in Smart Folders Integrated with Reporting Server with pre-defined reports Benefits Un-intrusive discovery, and management of devices Flexibly enforce corporate policy Plan for network growth, determine application trends Improve device supportability and security 40

41 © 2013 Infoblox Inc. All Rights Reserved. Integrated IP Address Management Tracks whats connected on the network Enhances IP allocation through automation Increases accuracy with continuous updates Helps with IPv4 to IPv6 migrations 41

42 © 2013 Infoblox Inc. All Rights Reserved. Maintaining Security with Infoblox Compliance & Policy Standardization Enforce Firewall Rule & ACL Automation Control Secure DNS, DHCP and IP Address ManagementSecuring DNS Protect 42

43 © 2013 Infoblox Inc. All Rights Reserved. Thank You 43


Download ppt "© 2013 Infoblox Inc. All Rights Reserved. Tim Connelly, Manager, Systems Engineering Tim Connelly, Manager, Systems Engineering."

Similar presentations


Ads by Google