We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byKatarina Hooton
Modified over 3 years ago
© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll
© 2011 Infoblox Inc. All Rights Reserved. Telecom Retail Manufacturing Media and Internet Transportation Government Life Sciences Financial Services Education Energy Infoblox Alliance Partners Market Leaders Choose Infoblox 7500+ Global Customers, 300+ Fortune 500
© 2011 Infoblox Inc. All Rights Reserved. Networks Without Infoblox – Siloes of Data, Multiple Management Points APPS & END-POINTS END POINTSVIRTUAL MACHINESPUBLIC CLOUDAPPLICATIONS 3 NETWORK INFRASTRUCTURE FIREWALLSSWITCHESROUTERSWEB PROXYLOAD BALANCERS Complexity Risk & Cost Agility Flexibility CONTROL PLANE SCRIPTS COMMAND LINE MICROSOFT DHCPMICROSOFT DNSVMWARE DNS EXTERNAL DNS BIND / MICROSOFT MALWARE X X X X X X IPAM (IP ADDRESS MANAGEMENT)
© 2011 Infoblox Inc. All Rights Reserved. Infrastructure Security With Infoblox NETWORK INFRASTRUCTURE FIREWALLSSWITCHESROUTERSWEB PROXYLOAD BALANCERS Historical / Real-time Reporting & Control Historical / Real-time Reporting & Control APPS & END-POINTS END POINTSVIRTUAL MACHINESPRIVATE CLOUDAPPLICATIONS CONTROL PLANE Infoblox Grid TM w/ Real-time Network Database
© 2011 Infoblox Inc. All Rights Reserved. Infoblox DDI and Grid Agentless Management of Microsoft DNS/DHCP & Full AD Integration Cloud Orchestration Integration (VMware, BMC) Virtualization VMware Integration Microsoft DNS, DHCP Branch Office Reporting Server Integrated Advanced Reporting Integrated Advanced Reporting Edge Network/ Remote Offices Branch Office DNS/DHCP Branch Office DNS/DHCP Branch Office Grid Master Grid Master Candidate @Recovery Site Patented Grid Technology: Central Management, Authoritative DB Virtualization & Cloud Integration HA pr. Grid Member
© 2011 Infoblox Inc. All Rights Reserved. Simplified Workflow Design Drag and drop GUI Create highly effective workflows within minutes
© 2011 Infoblox Inc. All Rights Reserved. Orchestration Highlights Automate IP/DNS and network configurations for VMs provisioned by MS System Center Pre-defined workflows that can be customized. E.g. Reserve an IP for VMs Create VM in an existing virtual network Remove VM and related DNS records Create network Delete network Batch processing support
© 2011 Infoblox Inc. All Rights Reserved. Infoblox Provides Complete Network Awareness 8 Authoritative Network Database, 360 Degree View of IP Data
© 2011 Infoblox Inc. All Rights Reserved. Secure DNS 9
© 2011 Infoblox Inc. All Rights Reserved. DNS Attacks In the last year alone there has been an increase of 200% DNS attacks 1 58% DDoS attacks 1 With possible amplification up to 100x on a DNS attack, the amount of traffic delivered to a victim can be huge 28M Pose a significant threat to the global network infrastructure and can be easily utilized in DNS amplification attacks 2 33M Number of open recursive DNS servers 2 With enterprise level businesses receiving an average of 2 million DNS queries every single day, the threat of attack is significant 2M2M 1. Quarterly Global DDoS Attack Report, Prolexic, 4 th Quarter, 2013 2. www.openresolverproject.org Financial services Technology company Government Financial impact is huge Avg estimated loss per DDoS event in 2012 3 -$7.7M -$13.6M -$17M The average loss for a 24-hour outage from a DDoS attack 3 42% Enterprise 29% Commerce Miscellaneous5% Automotive1%1% Healthcare2%2% Business Services 21% Financial Services 13% Public Sector 5%5% Media & Entertainment 17% High Tech 7% Consumer Goods 2% Hotels 5% Retail 22% Top Industries Targeted 4 $27 million 3. Develop A Two-Phased DDoS Mitigation Strategy, Forrester Research, Inc. May 17, 2013 4. State of the Internet, Akamai, 2nd Quarter, 2013
© 2011 Infoblox Inc. All Rights Reserved. DNS Protection Is Not Just About DDoS DNS reflection/DrDoS attacks Using third-party DNS servers(open resolvers) to propagate a DOS or DDOS attack DNS amplification Using a specially crafted query to create an amplified response to flood the victim with traffic DNS-based exploits Attacks that exploit vulnerabilities in the DNS software TCP/UDP/ICMP floods Denial of service on layer 3 by bringing a network or service down by flooding it with large amounts of traffic DNS cache poisoning Corruption of the DNS cache data with a rogue address Protocol anomalies Causing the server to crash by sending malformed packets and queries Reconnaissance Attempts by hackers to get information on the network environment before launching a DDoS or other type of attack DNS tunneling Tunneling of another protocol through DNS for data exfiltration
© 2011 Infoblox Inc. All Rights Reserved. Advanced DNS Protection Work? Reporting Server Automatic updates Infoblox Threat-rule Server Advanced DNS Protection (External DNS) Reports on attack types, severity Amplification Cache Poisoning Legitimate Traffic Reconnaissance DNS Exploits Advanced DNS Protection (Internal DNS) Grid-wide rule distribution Data for Reports ADP appliance reaches out to Threat-rule server periodically for updates
© 2011 Infoblox Inc. All Rights Reserved. Advanced DNS Protection Programmable Technology (PT series) For SP who have IB 4030-Rev2 just need the protection service <50,000 QPS <143,000 QPS <200,000 QPS Sizing recommendation:
© 2011 Infoblox Inc. All Rights Reserved. Malware Threats Booming! 14 Average over 7 million new Malware threats per quarter in 2014* Mobile threats grew about 10X in 2014* 855 successful breaches / 174 million records compromised in 2014** 69% of successful breaches utilized Malware** 54% took months to discover, 29% weeks** 92% discovered by external party** Startling statistics
© 2011 Infoblox Inc. All Rights Reserved. DNS Firewall: Block Malware/APT An infected device brought into the office. Malware spreads to other devices on network. 123 Malware makes a DNS query to find “home.” (botnet / C&C) DNS Firewall blocks DNS query (by Domain name / IP Address ) Malicious domains Infoblox DDI with DNS Firewall Blocked attempt sent to Syslog 34 Malware / APT 12 Malware / APT spreads within network; Calls home 4 Pinpoint any infected device: IP address MAC address Device type (DHCP fingerprint) Host name DHCP lease history Reputation data comes from: DNS Firewall Subscription Svc FireEye Adapter (NX Series) DNS FW – Security Net that can catch 80% of Malware comm.
© 2011 Infoblox Inc. All Rights Reserved. Introducing: DNS Firewall + FireEye Adapter C & C / Botnet Portal IP’s C & C / Botnet Portal IP’s Detects & detonates advanced malware C&C Proxies C&C Portals Malware DNS Query to ‘find & phone home’ DNS Server with DNS Firewall 126.96.36.199 188.8.131.52…. Infoblox Firewall Subscription service INTRANET INTERNET Infected Enterprise End-point Block / Re-direct DNS Query Ips/Domains/etc. of ‘bad servers’ 123B Infoblox Reporting Server – ID infected device by IP/MAC address & device type A FireEye Play Malware Attack Domain-name & Host IP address to be blocked DNS Firewall Subscription Svc DNS Firewall - FireEye Adapter AB
© 2011 Infoblox Inc. All Rights Reserved. DNS FW & FEYE Use Case Infoblox account team helped Mobile Device Company extend their current investment in Infoblox and FireEye. 35 to 40 thousand DNS suspicious queries/day FireEye alerts and Dynamically Updates the Infoblox DNS Firewall w/ the Bad Domains, IP Addresses that the malware is querying. GameOver Zeus & ThreatStop! Key Takeaway: Infoblox and FireEye prevent infected (present and future)clients from exploiting DNS services
© 2011 Infoblox Inc. All Rights Reserved. IB DNS FW Use Case Healthcare Cryptolocker discovered and stopped We blocked DNS query's to the HealthCare's webpage Banner infected determined to be hosting cryptolocker to trusted and guest network. Key Takeaway: DNS FW and Feed is automatically updated. Manually blacklisting is not a viable solution.
© 2011 Infoblox Inc. All Rights Reserved. In Review Defense In Depth DNS is critical infrastructure Unprotected DNS infrastructure introduces serious security risks Infoblox Secure DNS Solution protects critical DNS services Infoblox Advanced DNS Protection Defend Against DNS Attacks Infoblox Advanced DNS Protection Defend Against DNS Attacks Infoblox DNS Firewall Prevents Malware/APT from Using DNS Infoblox DNS Firewall Prevents Malware/APT from Using DNS Hardened Appliance & OS Secure the DNS Platform
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Expanding Your Network Security
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Securing DNS Infrastructure Steven Barber | Principle Sales.
SCADA Security, DNS Phishing
System Center 2012 R2 Overview
Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
HUIT dns/dhcp redesign and roadmap Improved dns, right size IB, modern design, linux fallback.
Domain Name System (DNS) Network Security Asset or Achilles Heel?
1 | © 2013 Infoblox Inc. All Rights Reserved. Protecting Critical Network Infrastructure Krupa Srivatsan | Senior Product Marketing Manager January 2014.
1 | © 2013 Infoblox Inc. All Rights Reserved. Securing External & Internal DNS Edward O’Connell | Sr. Product Marketing Manager February 2014.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Domain Name System (DNS) Network Security Asset or Achilles.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Computer Security and Penetration Testing
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
With the Help of the Microsoft Azure Platform, Devbridge Group Provides Powerful, Flexible, and Scalable Responsive Web Solutions MICROSOFT AZURE ISV PROFILE:
Arbor Multi-Layer Cloud DDoS Protection
© 2018 SlidePlayer.com Inc. All rights reserved.