Presentation is loading. Please wait.

Presentation is loading. Please wait.

Expanding Your Network Security

Similar presentations

Presentation on theme: "Expanding Your Network Security"— Presentation transcript:

1 Expanding Your Network Security
Tim Connelly, Manager, Systems Engineering

2 What We Do: Innovative Technology for Network Control
APPS & END-POINTS End points VIRTUAL MACHINES Private cloud applications Essential Network Control Functions: DNS, DHCP, IPAM (DDI) CONTROL PLANE Infoblox GridTM w/ Real-time Network Database Historical /Real-time Reporting & Control Discovery, Real-time Configuration & Change, Compliance NETWORK INFRASTRUCTURE firewalls switches routers Web proxy Load balancers

3 Trends Redefining Business Networks
Threat landscape Mobile device explosion VIRTUALIZATION / Cloud consolidation Software defined Networks Ipv6 transition

4 Maintaining Security with Infoblox
Secure DNS, DHCP and IP Address Management Securing DNS Protect Compliance & Policy Standardization Enforce Firewall Rule & ACL Automation Control

5 Protect Securing DNS

6 DNS Firewall Securing DNS

7 DNS-exploiting Malware
Professional attackers are successfully exploiting the largely unprotected DNS infrastructure Technology trends are accelerating the spread of this class of malware DNS-exploiting malware are the underpinning for a variety of attacks This is a subset of threats security experts call “Advanced Persistent Threat (APT)” or “Botnet” Malware

8 Getting Around Traditional Defenses Fast Flux – Rapid Change of IP Addresses – Requires DNS Query
Security researchers discovered Fast Flux usage in November 2006 Multiple nodes within network registering / de-registering IP addresses as part of the DNS A (address) record list for a single DNS name. TTL = 5 minutes (300 sec) DNS Queries used to ‘find’ C&C or BotNet Server(s).

9 Complement to Existing Security Defense in Depth…
Traditional or Next Generation Firewall (e.g. Checkpoint, Juniper, Palo Alto, Imperva, Cisco, etc.) Anti-Virus (e.g. Symantec, McAfee, Webroot, Kapersky, etc.) / Web Security (e.g. Blue Coat, McAfee, Websense) Advance Persistent Threat (e.g. Damballa, FireEye) Security Information and Event Management (SIEM) (e.g. Trustwave, McAfee, Q1Labs)

10 Infoblox DNS Firewall /
Redirect 4 Infected Client Query to Apply Policy 3 Block / Disallow session Contact botnet 5 Walled Garden Infoblox DNS Firewall / Recursive DNS Server Dynamic Grid-Wide Policy Distribution 2 Write to Syslog and send to Trinzic Reporting 6 Dynamic Policy Update 1 Infoblox DNS Firewall / Recursive DNS Server Reputational Feed from Infoblox Infoblox DNS Firewall / Recursive DNS Server

11 Detailed Tracking and Reporting Options
Automatic reporting Top Infected Clients Malicious requested domains and number of requests Lease history by MAC address with detailed drill down Security Policy Violations Report

12 Advanced DNS Protecion
Securing DNS

13 The Problem Unprotected DNS infrastructure introduces security risks
DNS-based attacks are on the rise Traditional protection is ineffective against evolving threats DNS outage causes network downtime, loss of revenue, and negative brand impact DNS based attacks are on the rise for all the reasons we saw earlier. Just in the last year alone, there can been an increase in DNS attacks by 200%. The problem with traditional firewalls is that they leave port 53 open, which is for DNS queries. So they basically cannot protect against DNS based DDoS attacks like amplification, reflection etc. They require extremely high compute performance to accurately detect DNS-based attacks, making deep inspection an impractical approach in terms of cost and the number of distribution points that are needed. Hence traditional protection is ineffective. DNS cannot go down and if a DNS service goes down, network attached devices stop working. A company loses connectivity to the internet and hence cannot conduct business online. This leads to loss of revenue, customer defection and negative brand impact. If a DNS service goes down, network attached devices stop working bringing loss of revenue and negative brand recognition Unprotected DNS infrastructure introduces security risks

14 Why is DNS an Ideal Attack Target?
DNS is the cornerstone of the Internet, used by every business and government DNS protocol is stateless and hence vulnerable DNS as a protocol is easy to exploit Maximum impact with minimum effort

15 2013 – DNS Threat is Significant
Attacks against DNS infrastructure growing DNS-specific attacks up 200% in 2012 ICMP, SYN, UDP attacks growing significantly too Source: Arbor Networks Infrastructure Layer: 76.52% ACK: 1.69% CHARGEN: 3.37% FIN PUSH: 0.39% DNS: 8.94% ICMP: 11.41% RESET: 1.94% RIP: 0.13% RP: 0.39% SYN: 18.16% TCP FRAGMENT: 0.65% SYN PUSH: 0.13% UDP FLOODS: 14.66% UDP FRAGMENT: 14.66% Source: Prolexic Quarterly Global DDoS Attack Report Q3 2013

16 How DNS DDoS is Becoming Easier
Attack apps being built DDoS attacks against major U.S financial institutions Launching (DDoS) taking advantage of Server bandwidth 4 types of DDoS attacks: DNS amplification, Spoofed SYN, Spoofed UDP HTTP+ proxy support Script offered for $800

17 The Solution - Infoblox Advanced DNS Protection
Unique Detection and Mitigation Intelligently distinguishes legitimate DNS traffic from attack traffic like DDoS, DNS exploits, tunneling Mitigates attacks by dropping malicious traffic and responding to legitimate DNS requests Centralized Visibility Centralized view of all attacks happening across the network through detailed reports Intelligence needed to take action Ongoing Protection Against Evolving Threats Regular automatic threat-rule updates based on threat analysis and research Helps mitigate attacks sooner vs. waiting for patch updates

18 Infoblox Advanced DNS Protection Service Infoblox Advanced Appliance
Solution Components Advanced DNS Protection activation Automatic updates for protection against new and evolving threats Support and Maintenance DNS Infoblox Advanced DNS Protection Service DNS appliance purpose built with security in mind Enhanced processing and dedicated compute for threat mitigation Infoblox Advanced Appliance PT-1400, PT-2200, PT-4000 Note: Customers who have IB-4030 Rev2 need to purchase a separate Adv. DNS Protection license.

19 Fully Integrated into Infoblox Grid
Amplification Cache Poisoning Legitimate Traffic Reconnaissance DNS Exploits New Automatic updates Block DNS attacks Infoblox Threat-rule Server Infoblox Advanced DNS Protection (External Auth.) Grid-wide rule distribution New Infoblox Advanced DNS Protection (Internal Recursive) GRID Master Data for Reports Reporting Server Reports on attack types, severity

20 What Attacks Do We Protect Against?
DNS reflection/DrDoS attacks Using third-party DNS servers(open resolvers) to propagate a DOS or DDOS attack DNS amplification Using a specially crafted query to create an amplified response to flood the victim with traffic DNS-based exploits Attacks that exploit vulnerabilities in the DNS software TCP/UDP/ICMP floods Denial of service on layer 3 by bringing a network or service down by flooding it with large amounts of traffic DNS cache poisoning Corruption of the DNS cache data with a rogue address Protocol anomalies Causing the server to crash by sending malformed packets and queries Reconnaissance Attempts by hackers to get information on the network environment before launching a DDoS or other attack DNS tunneling Tunneling of another protocol through DNS for data exfiltration

21 Centralized Visibility: Reporting
Intelligence Needed to Take Action Attack details by category, member, rule, severity, and time Visibility into source of attacks for blocking, to understand scope and severity Early identification and isolation of issues for corrective action

22 External authoritative and Internal Recursive
Enterprise External authoritative and Internal Recursive Legitimate Traffic INTERNET Advanced DNS Protection Grid Master and Candidate (HA) D M Z INTRANET Reconnaissance Amplification Exploits DNS Tunneling INTRANET DATACENTER CAMPUS/REGIONAL GRID Master and Candidate (HA) Advanced DNS Protection Advanced DNS Protection Cache Poisoning Legitimate Traffic Amplification Legitimate Traffic DATACENTER CAMPUS/REGIONAL Endpoints Protection against cyber attacks and internal DNS attacks

23 Infoblox Security Device Controller

24 The Pain of Legacy Processes
Approach Firewall Change Needed 1 Search For Devices 2 Figure Out Impacted Devices 3 Determine Correct Config 4 Compare Change to Standards/ Compliance 5 Request Change/ Implement Manually 6 Reconfirm Correctness and Compliance Hours/ Days Manual Hours/Days Network Provisioning Time Manual processes cannot keep up SLA are lengthening to weeks or a even a month Require dedicated, senior network architects Routine, repetitive, error-prone Multiple vendor expertise needed

25 Automated Network Discovery
Powerful topology to visualize path Simple and complete network-wide discovery

26 Embedded Expertise Detects problems like unused, overlapping and duplicate rules out-of-the box Built-in intelligence automatically provides detailed ACL/rule views

27 Easily customize search criteria for one or multiple devices
Powerful Search Search results identify all matching devices including vendor specific syntax Easily customize search criteria for one or multiple devices

28 Customizable Alerting
Immediately identify and track defined alerts to allow or deny access Create Alerts for both Blacklisting and Whitelisting

29 Multi-vendor Provisioning
Maintain control with user-based access rights and change process Provision changes in the same platform and view the vendor-specific syntax

30 The Power of Infoblox Legacy Approach Infoblox Approach 1 2 3 4 5 6
Firewall Change Needed 1 Search For Devices 2 Figure Out Impacted Devices 3 Determine Correct Config 4 Compare Change to Standards/ Compliance 5 Request Change/ Implement Manually 6 Reconfirm Correctness and Compliance Days/ Weeks Manual Infoblox Approach 1 2 3 4 5 6 Hours/ Days Firewall Change Needed Automated

31 Compliance, Internal Policies & Best Practices
Enforce & Maintain Compliance, Internal Policies & Best Practices

32 Common Standardization & Compliance Situation
Requirements are researched and documented The “Gap” Between the Policies and the actual state of the network devices Manual vs Automation It’s not reasonable to expect to be able to achieve full compliance through manual processes

33 Infoblox Network Automation Overview
Real-time & Historical Analysis Network discovery Built-in analysis Check against best practices Detect issues Monitor and manage change Automate change Maintain compliance Provision ACL & rules Collected Via: SNMP CLI/configuration Syslog Fingerprinting

34 Standardization - Compliance Management
Embedded compliance rules Customizable best practice templates Manage multiple policies Proactive violation detected Multiple remediation options Current and historical views

35 Configuration Analysis
Unique pre-packaged expertise Identifies common misconfigurations Customizable alerting Recommended remediation options Understand concept of the network Network Scorecard views

36 Powerful Reporting Single-click compliance reports
Pre-packaged and customizable Powerful filtering Executive and detailed reports On-demand or scheduled User-based view rights

37 Value of Network Standardization
Verify your “desired state” to the “as is state” Improve network stability and consistency Reduce manual processes Eliminate extensive, time- consuming audit teams Increase accuracy with automation and embedded expertise Focus on building secure infrastructure instead of waiting for audits

38 DNS, DHCP and IP Address Management
Secure DNS, DHCP and IP Address Management

Option Sequence 1,15,3,6,44,46,47,31,33,121,249,43 DHCPDISCOVER Laptop DHCPOFFER X DHCPOFFER DHCPDISCOVER Tablet Option Sequence 1,3,6,15,119,78,79,95,252

40 Introducing DHCP Benefits
Automatically detect DHCP clients during the DHCPDISCOVER process Manage DHCP leases by asset or device Improve network planning with new device focused reports Auto organize and group devices in Smart Folders Integrated with Reporting Server with pre-defined reports Benefits Un-intrusive discovery, and management of devices Flexibly enforce corporate policy Plan for network growth, determine application trends Improve device supportability and security

41 Integrated IP Address Management
Tracks what’s connected on the network Enhances IP allocation through automation Increases accuracy with continuous updates Helps with IPv4 to IPv6 migrations

42 Maintaining Security with Infoblox
Secure DNS, DHCP and IP Address Management Securing DNS Protect Compliance & Policy Standardization Enforce Firewall Rule & ACL Automation Control

43 Thank You

Download ppt "Expanding Your Network Security"

Similar presentations

Ads by Google