Thales And Infoblox Help Protect Internet Integrity

Joint solution addresses common DNSSEC deployment challenges

January 12, 2012

4 Min Read


Weston, FL – 10 January 2012 – Thales, leader in information systems and communications security, announces that the Thales nShield hardware security module (HSM) is now integrated with the Infoblox DNS platform to enable the simple and secure deployment of Domain Name System Security Extensions (DNSSEC). This joint solution addresses common DNSSEC deployment challenges and enables service providers, government departments, financial institutions and other organizations to secure their online identities more easily and protect critical services against cyber threats.

DNS allows the names of web servers, email addresses and VPNs to be mapped to server IP addresses. The DNSSEC specification enables the owners of these services to sign their domain name records and provide proof of the integrity and validity of their IP addresses. DNSSEC uses strong public key cryptography to significantly reduce the risk of an attacker spoofing DNS records and re-directing traffic to a server they control. Like any Public Key Infrastructure (PKI) based application, DNSSEC relies on the integrity of the private keys that underpin this process. The fact that domain name servers are typically deployed in hostile network environments with internet connectivity underscores how critical it is to protect these private keys throughout their lifecycle.

The Infoblox DNSSEC-enabled platform helps simplify IP address management (IPAM), increases reliability of DNS and IP address assignment (DHCP) services, and helps automate many manual and often error-prone network infrastructure related tasks. Infoblox IPAM solutions are designed to deliver highly reliable, manageable and secure DNS services with built-in, automated DNSSEC features, now including support for Thales-secured DNSSEC key generation. The combination simplifies deployment and management by saving significant administrative overhead and reducing repetitive, time-sensitive operations required to maintain DNSSEC.

When Infoblox systems are used together with a Thales nShield hardware security module (HSM), all cryptographic processing and protection of the critically important signing keys used to validate the integrity of DNSSEC-protected records occurs inside a FIPS 140-2 level 3 certified hardware platform. This significantly reduces vulnerability to cache poisoning, man-in-the-middle and other related cyber attacks.

“As a global authentication and validation schema, DNSSEC represents a new security frontier,” said Kevin Dickson, vice president of product management at Infoblox. “However, protecting access to the cryptographic keys that underpin the security framework is crucial. That’s why the Infoblox IPAM platform now offers support for the Thales HSM, which is both easy to integrate and well proven to protect DNSSEC key signing.”

“The number of recent high profile cyber attacks, such as Stuxnet and the DigiNotar hack demonstrate that crypto alone is not sufficient. Protecting cryptographic keys throughout their lifecycle is essential to achieve the benefits promised by DNSSEC and this joint Infoblox and Thales solution lowers the barriers to adopting DNSSEC,” says Cindy Provin, vice president of the Americas, Thales e-Security. “DNSSEC is an important method of securing the Domain Name System, protecting the integrity of an online presence and brand. Just as SSL became the standard mechanism for website authentication and encryption, DNSSEC is expected to become an integral component of Internet trust and a key element in enterprise security policies, further demonstrating the increasing value of encryption, digital signatures and key management in today’s ever-changing threat landscape.”

For more information about Thales, industry issues and comment, visit:

The Information Technology Security activities of Thales Thales e-Security is a leading global provider of data encryption solutions to the financial services, high technology manufacturing, government and technology sectors. With a 40-year track record of protecting corporate and government information, Thales solutions are used by four of the five largest energy and aerospace companies, 22 NATO countries, and they secure more than 70 percent of worldwide payment transactions. Thales e-Security has offices in France, Hong Kong, Norway, United States and the United Kingdom. For more information, visit

About Thales
Thales is a global technology leader for the defence & security and the aerospace & transport markets. In 2010 the company generated revenues of 13.1 billion, with 68,000 employees in 50 countries. With its 22,500 engineers and researchers, Thales has a unique capability to design, develop and deploy equipment, systems and services that meet the most complex security requirements. Thales has an exceptional international footprint, with operations around the world working with customers as local partners.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights