Infoblox did some enhancements to its line of core network services appliances to provide unique DNS security capabilities such as alerting, reporting, and attack mitigation. These capabilities along with the automated software update capabilities of Infoblox grid technology — which links multiple Infoblox appliances into a unified system for central management and control — can help enterprises thwart current and future DNS vulnerability exploits.
The Infoblox appliance-based solution provides immediate protection against the DNS exploit discovered by Kaminsky and also provides features that will be essential for detecting and thwarting future attacks. Infoblox’s newest NIOS release, version 4.3r2, includes several new security features that monitor DNS protocol traffic, provide reports and proactive alerts when an attack is in progress, and a means to automatically mitigate attacks.
The new features monitor multiple indicators of an attack in-progress, such as mis-matched UDP ports and DNS Query IDs, and send email and/or SNMP traps when the traffic pattern is consistent with an attack. This enables IT administrators to take preventive actions. For example, the new NIOS software also includes a command to throttle or completely deny connections from a specific DNS server, allowing the administrator to mitigate or stop an attack.
Infoblox’s hardened NIOS operating system and unique grid technology provide lasting protection against future attacks. Infoblox grid technology makes it possible to patch and upgrade dozens or hundreds of appliances with a single command, in a production network, without incurring DNS service downtime. This is essential to enabling fast response when new attacks are unleashed in the wild.
The new Infoblox NIOS software version 4.3r2 is now available. Pricing for the solution on the Infoblox-250 appliance starts at $2,495 in the U.S. Software upgrades are available free of charge for all current customers with a valid maintenance contract.