Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/15/2011
01:43 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

F5 Security Solutions Help Deliver DNS Security For Newly Signed .com Domain

BIG-IP solutions provide a central point of control for DNSSEC based on trusted, signed query responses

SEATTLE, APRIL 15, 2011 – F5 Networks, Inc. (NASDAQ: FFIV), the global leader in Application Delivery Networking (ADN), today announced that its BIG-IP' Global Traffic Manager™ (GTM™) product helps customers deploy powerful Domain Name System Security Extensions (DNSSEC) protection for .com and other Internet domain types. By incorporating DNS security capabilities into their IT infrastructures, customers can drastically reduce the risks of threats such as cache poisoning, domain hijacking, man-in-the-middle, and DNS redirection attacks. Defending against these specific attacks helps customers mitigate the risk of customer data theft, fraud, or other malicious activity. With the help of F5' DNSSEC solutions, organizations can deliver secure, dynamically signed responses in real time for all internet domains, including the recently signed top-level .com domain.

Details

On March 31, VeriSign announced that the top-level domain for .com—the Internet’s largest domain with more than 90 million domain name registrations worldwide—now supports DNS Security Extensions. With this development, all major generic top-level domains (.org, .edu, .net, and .gov) support DNSSEC, signifying that the broader DNSSEC infrastructure is ready for production. This is an important step that enables organizations to realize the significant benefits of deploying DNSSEC capabilities for their specific domain names. Accordingly, because organizations managing .com sites can now configure their infrastructures to digitally sign their domain names, an increasing number of DNSSEC-focused technology deployments are expected worldwide. A digitally signed domain name provides an added layer of infrastructure security to help ensure data integrity and increase customer confidence.

To help organizations best address DNSSEC considerations, F5 established an innovative technology partnership with Infoblox, the industry leader in network infrastructure automation and control solutions. Together, these companies offer a comprehensive, integrated solution that provides industry-leading global load balancing, real-time signing, enhanced DNS management, and simplified DNSSEC deployment. “The combination of BIG-IP GTM with Infoblox IPv6- and DNSSEC-ready DDI appliances delivers a complete end-to-end, secure, scalable, and manageable DNS infrastructure along with multi-data center traffic management and disaster recovery,” said Cricket Liu, Vice President of Architecture and Technology at Infoblox and author of O’Reilly Media’s best-selling series of books on DNS.

Advantages of the joint F5/Infoblox solution include:

Easy Deployment of Compelling DNSSEC Capabilities

The joint solution incorporates the benefits of F5’s traditional ADN global traffic management and Infoblox’s DNS server and zone management capabilities, providing customers with powerful DNS security. F5 BIG-IP solutions deliver automated, realtime DNSSEC signing—a particularly critical feature for dynamic zones that contain globally load balanced DNS names. Customers enjoy flexible deployment options and can select which domains use F5’s real-time signing or Infoblox’s DNSSEC functionality.

To help organizations seamlessly bring their infrastructures up to speed, the solution includes default settings based on governmental guidelines, making DNSSEC enforcement simple and easy to manage by using a convenient turnkey implementation. Moreover, while other DNSSEC solutions require complex and expensive manual provisioning of keys, F5 and Infoblox automate DNSSEC key generation, rollover, and distribution.

Global Load Balancing Capabilities for High Availability and Disaster Recovery

Because basic DNSSEC architecture has not supported intelligent global server load balancing (GSLB) systems in the past, organizations historically have been forced to choose between deploying DNSSEC and ensuring the high availability of GSLB functions for their infrastructures. This made it incredibly difficult for organizations that relied on multiple data centers for site resiliency to integrate DNSSEC capabilities with disaster recovery efforts. With F5’s GSLB capabilities, customers leveraging multiple and globally dispersed data centers can ensure high availability and centralized management capabilities without exposing their infrastructures to DNS-related attacks. F5’s real-time DNSSEC signing functionality enables organizations to realize both the business benefits of GSLB and a high performance, secure DNS infrastructure.

Tested, Proven, and Supported DNSSEC Interoperability

Depending on an organization’s infrastructure, there are many possible designs for DNSSEC deployments. At the F5 Technology Center in Seattle, F5 and Infoblox devices were tested and proven to support several deployment configurations that simulate customers’ diverse IT environments. Additionally, F5 and Infoblox continue to conduct successful proof-of-concept engagements with customers and prospects, further validating the joint solution. Separately, F5 and Infoblox have also reviewed their devices in VeriSign’s DNSSEC Interoperability Lab.

“Security is a crucial, integrated part of our solution offerings, and we understand organizations’ need to defend against emerging attacks while maintaining an agile, optimized IT infrastructure overall,” said Dan Matte, SVP of Marketing and Business Development at F5. “By making it easy for customers to add security capabilities such as DNSSEC or DDoS protection into their environments, we can help them defend their information—and their brand—without sacrificing performance for users. Because F5’s Application Delivery Controllers can intelligently process application traffic traversing the network, they’re in an ideal position to thwart many targeted attacks, helping organizations implement comprehensive, end-to-end security solutions.”

About F5 Networks

F5 Networks is the global leader in Application Delivery Networking (ADN), focused on ensuring the secure, reliable, and fast delivery of applications. F5’s flexible architectural framework enables community-driven innovation that helps organizations enhance IT agility and dynamically deliver services that generate true business value. F5’s vision of unified application and data delivery offers customers an unprecedented level of choice in how they deploy ADN solutions. It redefines the management of application, server, storage, and network resources, streamlining application delivery and reducing costs. Global enterprise organizations, service and cloud providers, and Web 2.0 content providers trust F5 to keep their business moving forward. For more information, go to www.f5.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.