Single (Infoblox) pane of glass for DNS security
At the very moment you are reading this, there could be someone (more likely more than one person though) somewhere on this big, blue planet simply taking something which does not belong to them.
While something big and physical like a car, would require the garage door to be open before it can be driven away, data or more specifically data exfiltration, can happen from inside your organisation’s firewalls and with your security defences still up.
All it needs is malware that breaks down data files, encrypts each chunk, then sneaks them off your premises disguised as DNS queries, to be reassembled elsewhere.
Data exfiltration or DNS tunnelling allows bad guys to get free airport WiFi, use SSH to evade corporate firewalls and sneak into places where they shouldn’t be, and steal sensitive information.
There are many well-publicised malware attacks that leverage DNS, and chances are there will be many more to come.
But what is DNS?
The universe of domain name systems or DNS, isn’t what it used to be when the Internet first started in the 80s. Security for DNS servers and the protocol didn’t really exist back then because there wasn’t much of a need for it at the time. But the same doesn’t hold true for current times.
Over the years, DNS servers and protocols have become target for incessant attacks of many varieties.
According to Infoblox’s Managing Director, ASEAN & ANZ, Ken Pohniman, “So the DNS community developed new mechanisms to combat these attacks including access controls on queries, dynamic updates, and zone transfers; DNS security extensions; response policy zones; and response rate limiting.”
All this is necessary to make the convenience we have come to expect from the Internet, possible.
The Domain Name System is the “phonebook of the Internet,” listing human-intelligible IP addresses such as www.enterpriseitnews.com.my which in turn are mapped to a string of numbers. It does this also for many Internet-based services like email.
So yes, if DNS or this phonebook does not work, many, many things on the Internet would not be able to work.
Another way to think of DNS is with this distributed file browser metaphor.
The amount of data that the Internet contains is growing at an astronomical pace. All this data isn’t contained in one physical location, but must be distributed across countless computers all over the world. With an Internet connection, you can navigate to any file on the Internet as easily as you find a file on your own hard drive.
DNS is the tool that your browser uses to quickly find a file that might be stored in a computer anywhere on earth.
This tool, or system has expanded its role and significance over the years, and today it is responsible for the smooth usage of the Internet and the many, many various services that the Internet enables.
Trends like the cloud computing and the Internet of Things, has led to billions of devices being connected to the Internet, and if all the invisible networks that keep all these devices connected, could be made visible, what we would likely see is a huge, indecipherable, entangled ball of networks.
How do organisations keep track? More importantly, how do organisations manage and control these networks, and the flow of their data?
The bad guys know this, and they are already taking advantage of this extremely messy situation to manipulate and control the flow of sensitive data into their hands.
The network landscape today
Today, 75-percent of organisations are concerned that malware will infiltrate their networks due to increase in off-network access. Infoblox President and CEO Jesper Andersen, had stated in an earlier interview with EITN, “DNS is the number one pathway for malware, and globally distributed enterprises grapple with the flood of new requests for IP addresses and the onslaught of new network endpoints.”
When an attack on the DNS is successful, it can bring an organisation to a screeching halt.
Here’s another reason why DNS is often targeted – it is one of the oldest and most relied-on protocols of the modern Internet.
This has necessitated a need for control and security of this very massive spaghetti of networks, and Infoblox with its 17 years of experience is a market leader in the area of DNS, DHCP and IP address management (DDI).
Infoblox has created the industry’s first Actionable Network Intelligence Platform, that goes beyond DDI – it enables users to harness insights from all the data traffic moving through various networks, all around the globe.
We are talking about networks for over 9000 enterprises, government agencies and service providers in over 25 countries. An enterprise today, typically has a million or more IP addresses, which solution providers like Infoblox will manage.
Infoblox’s unified platform will be able to manage all these millions if not billions of streams of data traffic, whilst providing a single pane of glass for organisations to fully control, secure and analyse every aspect of their network, so as to be able to leverage context-aware threat intelligence for their network defences.