Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL DNS Security with AntiDDoS and AntiMalware for.

Published byJemimah Gaines Modified over 9 years ago

Similar presentations

Presentation on theme: "1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL DNS Security with AntiDDoS and AntiMalware for."— Presentation transcript:

1 1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL DNS Security with AntiDDoS and AntiMalware for YOUR subscribers Only with Infoblox hardware appliances Adam Obszyński, aobszynski@infoblox.comaobszynski@infoblox.com

2 2 | © 2013 Infoblox Inc. All Rights Reserved. 2 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Why Securing DNS is Critical Unprotected, DNS increases risk to critical infrastructure and data # 1 protocol for volumetric reflection/ amplification attacks DNS is critical networking infrastructure DNS protocol is easy to exploit and attacks are prevalent Traditional security is ineffective against evolving threats

3 3 | © 2013 Infoblox Inc. All Rights Reserved. 3 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL One of the fastest growing attack vectors Easy-to-exploit protocol Firewalls and IDS/IPS devices not focused on DNS threats Proliferation of BYOD devices and mobile users, meaning threats may be inside the firewall DNS security layer needed to complement existing security solutions DNS Security Gap

4 4 | © 2013 Infoblox Inc. All Rights Reserved. 4 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL DNS Security Challenges Stopping APTs/malware from using DNS (Recursive) 2 Defending against DNS DDoS attacks (Authoritative + Recursive) 1 Preventing data exfiltration via DNS (Recursive) 3

5 5 | © 2013 Infoblox Inc. All Rights Reserved. 5 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Malicious traffic is visible on 100% of corporate networks 1 Every minute a host accesses a malicious website 1 The question isn’t if, but when you will be attacked, and how effectively you can respond APTs rely on DNS at various stages of the cyber kill chain to infect devices, propagate malware, and exfiltrate data APTs: The New Threat Landscape Source: 1 Cisco 2014 Annual Security Report Organized and well funded Profile organizations using public data/social media Target key POI’s via spear phishing “Watering hole” target groups on trusted sites Leverage tried and true techniques like SQLi, DDoS & XSS Coordinated attacks, distract big, strike precisely Operational sophistication

6 6 | © 2013 Infoblox Inc. All Rights Reserved. 6 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Evolution of DNS DDoS Attacks DNS based DDoS attacks are constantly evolving and affect both external and internal DNS servers Methods range from amplification/reflection, floods and simple NXDOMAIN to highly sophisticated attacks involving botnets, chain reactions and misbehaving domains DNS Tunneling DNS Hijacking Floods Cache Poisoning DrDoS Random Sub- domain CPE Botnet Based Domain Lock-up Basic NXDOMAIN Phantom Domain

7 7 | © 2013 Infoblox Inc. All Rights Reserved. 7 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL DNS Caching Protection against attacks on caching servers Advanced DNS Protection can secure DNS Caching Servers from DNS Floods and other threats Large number of bots make more requests of the DNS server than it can handle Causes the DNS server to drop inbound DNS requests

8 8 | © 2013 Infoblox Inc. All Rights Reserved. 8 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL How Infoblox Secures DNS

9 9 | © 2013 Infoblox Inc. All Rights Reserved. 9 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Infoblox and Service Providers 9 Dedicated SP Business Unit Dedicated Sales, SEs, Marketing, Engineering, Product Mgmt Market leadership #1 in DNS Caching; First DNS Firewall Competition in decline IPO April 2012 NYSE (BLOX) $225M Revenue; $2B Market Cap Dedicated SP product line Leads Industry with >1M DNS qps and Advanced DDoS protection Carrier-grade solution adopted at major Tier 1 providers 230+ Service Providers; 55,000+ systems shipped; 6800+ Enterprises Total Revenue (Fiscal Year Ending July 31) 28% CAGR

10 10 | © 2013 Infoblox Inc. All Rights Reserved. 10 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL  Dedicated hardware with no unnecessary logical or physical ports  No OS-level user accounts—only admin accts  Immediate updates to new security threats  Secure HTTPS-based access to device management  No SSH or root-shell access  Encrypted device-to-device communication  Hardware based Security & DNS Acceleration Many open ports are subject to attack. Users have OS-level account privileges on server. Requires time-consuming manual updates. Conventional Server Approach Hardened Appliance Approach Multiple Open Ports Limited Port Access Update Service Secure Access Hardened DNS Appliances

11 11 | © 2013 Infoblox Inc. All Rights Reserved. 11 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL DNS Protection is Not Only About DDoS Volumetric/DDoS AttacksDNS-specific Exploits DNS reflection DNS amplification TCP/UDP/ICMP floods NXDOMAIN attack Phantom domain attack Random subdomain attack Domain lockup attack DNS-based exploits DNS cache poisoning DNS tunneling Protocol anomalies Reconnaissance DNS hijacking Domain lockup attack

12 12 | © 2013 Infoblox Inc. All Rights Reserved. 12 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL DNS reflection DNS amplification TCP/UDP/ICMP floods NXDOMAIN attack Phantom domain attack Random subdomain attack Domain lockup attack DNS-based exploits DNS cache poisoning DNS tunneling Malformed DHCP requests Protection Against DNS Attacks Infoblox Internal DNS Security DNS attacks detected & dropped Legitimate Traffic DNS DDoS Legitimate TrafficDNS Tunneling x x Firewall Infoblox Automated Threat Intelligence Service INTERNET ENTERPRISE

13 13 | © 2013 Infoblox Inc. All Rights Reserved. 13 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Security Built-in to the DNS Infrastructure 13 DNS Server Security DNS Server Infoblox PT- Appliances Protection against DNS threats Serve DNS queries under attack Internet Use Cases Enterprise Customers ̶ External authoritative DNS server ̶ Internal DNS- Enterprise / Universities with open networks Service Providers ̶ Recursive Caching ̶ Authoritative DNS services Traditional security appliances mitigate only partial attacks against DNS

14 14 | © 2013 Infoblox Inc. All Rights Reserved. 14 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Protection Against APTs/Malware DNS Firewall An infected device brought into the office. Malware spreads to other devices on network. 1 Malware makes a DNS query to find “home” (botnet / C&C). DNS Firewall looks at the DNS response and takes admin-defined action (disallows communication to malware site or redirects traffic to a landing page or “walled garden” site). 2 Pinpoint. Infoblox Reporting lists DNS Firewall action as well as the: Device IP address Device MAC address Device type/OS (DHCP fingerprint) Device host name Device lease history AD login name Switch/port/VLAN 3 An update will occur every 2 hours (or more often for significant threat). 4 Malware/APT Malicious Domains Infoblox threat update device IPs, Domains, ect. of Bad Servers Blocked communication attempt sent to Syslog Malware/APT spreads within network; calls home INTERNET INTRANET

15 15 | © 2013 Infoblox Inc. All Rights Reserved. 15 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL DNS can make huge difference!

16 16 | © 2013 Infoblox Inc. All Rights Reserved. 16 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Web Delay – Sample Fast Web Performance Starts with DNS… © http://blog.catchpoint.com/ http://techcrunch.com/ ̶ 300 objects++ ̶ 60++ domains http://techcrunch.com/ ̶ 300 objects++ ̶ 60++ domains

17 17 | © 2013 Infoblox Inc. All Rights Reserved. 17 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Web Delay – Sample 2 Fast Web Performance Starts with DNS… Two components to DNS latency: ̶ Latency Client Server ̶ Caches name servers -Cache misses -Under provisioning -Malicious traffic © https://developers.google.com/

18 18 | © 2013 Infoblox Inc. All Rights Reserved. 18 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Devices vs Solutions Self made vs Dedicated. Dedicated DNS Cache appliance does not stop answering queries from cache when capacity limits are reached for cache misses, NX Domain Qs etc. 18 Bind Infoblox 4030 DNS Cache Avg. Latency (Seconds) a

19 19 | © 2013 Infoblox Inc. All Rights Reserved. 19 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Advanced Appliances Come in Four Physical Platforms Advanced Appliances have next-generation programmable processors that provide dedicated compute for threat mitigation. The appliances offer both AC and DC power supply options. Performance: 50 000 qps 143 000 qps 200 000 qps 300k / 600k / 5 000 000 qps SP & Enterprise SP / ISP Subscribers DNS Caching Hardware based!

20 20 | © 2013 Infoblox Inc. All Rights Reserved. 20 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Test US! Find DNS Threats in your Network

21 21 | © 2013 Infoblox Inc. All Rights Reserved. 21 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Send Us Your PCAP Files Infoblox analyzes and provides insights on malicious activity in seconds Report on findings to take back to management

22 22 | © 2013 Infoblox Inc. All Rights Reserved. 22 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL How to deploy + Case Study from Poland

23 23 | © 2013 Infoblox Inc. All Rights Reserved. 23 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Cable SP Huge attacks Press info about ISP being down for 8 days!

24 24 | © 2013 Infoblox Inc. All Rights Reserved. 24 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Design System topology

25 25 | © 2013 Infoblox Inc. All Rights Reserved. 25 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL First month stats: Blocked 6M events with multiple risk level

26 26 | © 2013 Infoblox Inc. All Rights Reserved. 26 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL CHR vs CPU vs User Experience == NO CHURN Cache Hit Ratio Resources User exp.

27 27 | © 2013 Infoblox Inc. All Rights Reserved. 27 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Secure DNS Deployment INTERNET DMZ INTRANET Infoblox Automated Threat Update Service Legitimate Traffic External attacks Firewall Block DNS attacks Infoblox Reporting Server External Authoritative Caching Server Infoblox DNS Caching Server Rule updates for DNS-based attacks Updates for DNS-based attacks and malicious domains Infoblox Internal DNS Security Send data for reports DNS Query Send data for reports Block attacks and Malware communication Internal Recursive Legitimate Traffic Data Exfiltration Attempt DNS DDoS Malware/APT Infoblox External DNS Security Legitimate Traffic DNS DDoS DNS Exploits

28 28 | © 2013 Infoblox Inc. All Rights Reserved. 28 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Q&A

29 29 | © 2013 Infoblox Inc. All Rights Reserved. 29 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL Infoblox Differentiation and Value Infoblox Advanced DNS Protection Load Balancers Pure DDoS Next-gen Firewalls IPSCloud Dedicated compute for threat mitigation General DDoS DNS DDoS DNS amplification DNS reflection NXDOMAIN DNS server OS and application vulnerabilities DNS semantic attacks Cache poisoning DNS tunneling DNS hijacking Volumetric/DDoS Attacks DNS-specific Exploits

Download ppt "1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL DNS Security with AntiDDoS and AntiMalware for."

Similar presentations

Review iClickers. Ch 1: The Importance of DNS Security.

Review iClickers. Ch 1: The Importance of DNS Security.
Barracuda Link Balancer Link Reliability and Bandwidth Optimization.

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Securing DNS Infrastructure Steven Barber | Principle Sales.

1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Securing DNS Infrastructure Steven Barber | Principle Sales.
© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.

© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.
The Threat Landscape Jan 2013. 2013 Threat Report 2.

The Threat Landscape Jan Threat Report 2.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Domain Name System (DNS) Network Security Asset or Achilles Heel?

Domain Name System (DNS) Network Security Asset or Achilles Heel?
1 | © 2013 Infoblox Inc. All Rights Reserved. Protecting Critical Network Infrastructure Krupa Srivatsan | Senior Product Marketing Manager January 2014.

1 | © 2013 Infoblox Inc. All Rights Reserved. Protecting Critical Network Infrastructure Krupa Srivatsan | Senior Product Marketing Manager January 2014.
1 | © 2013 Infoblox Inc. All Rights Reserved. Securing External & Internal DNS Edward O’Connell | Sr. Product Marketing Manager February 2014.

1 | © 2013 Infoblox Inc. All Rights Reserved. Securing External & Internal DNS Edward O’Connell | Sr. Product Marketing Manager February 2014.
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Domain Name System (DNS) Network Security Asset or Achilles.

1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Domain Name System (DNS) Network Security Asset or Achilles.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Harness Your Internet Activity. DNS-Based DDoS Evolving Threat RIPE May 2015 Amsterdam Ralf Weber Bruce Van Nice.

Harness Your Internet Activity. DNS-Based DDoS Evolving Threat RIPE May 2015 Amsterdam Ralf Weber Bruce Van Nice.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.

SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg

Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

Similar presentations

Ads by Google