Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/15/2011
01:43 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

F5 Security Solutions Help Deliver DNS Security For Newly Signed .com Domain

BIG-IP solutions provide a central point of control for DNSSEC based on trusted, signed query responses

SEATTLE, APRIL 15, 2011 – F5 Networks, Inc. (NASDAQ: FFIV), the global leader in Application Delivery Networking (ADN), today announced that its BIG-IP' Global Traffic Manager™ (GTM™) product helps customers deploy powerful Domain Name System Security Extensions (DNSSEC) protection for .com and other Internet domain types. By incorporating DNS security capabilities into their IT infrastructures, customers can drastically reduce the risks of threats such as cache poisoning, domain hijacking, man-in-the-middle, and DNS redirection attacks. Defending against these specific attacks helps customers mitigate the risk of customer data theft, fraud, or other malicious activity. With the help of F5' DNSSEC solutions, organizations can deliver secure, dynamically signed responses in real time for all internet domains, including the recently signed top-level .com domain.

Details

On March 31, VeriSign announced that the top-level domain for .com—the Internet’s largest domain with more than 90 million domain name registrations worldwide—now supports DNS Security Extensions. With this development, all major generic top-level domains (.org, .edu, .net, and .gov) support DNSSEC, signifying that the broader DNSSEC infrastructure is ready for production. This is an important step that enables organizations to realize the significant benefits of deploying DNSSEC capabilities for their specific domain names. Accordingly, because organizations managing .com sites can now configure their infrastructures to digitally sign their domain names, an increasing number of DNSSEC-focused technology deployments are expected worldwide. A digitally signed domain name provides an added layer of infrastructure security to help ensure data integrity and increase customer confidence.

To help organizations best address DNSSEC considerations, F5 established an innovative technology partnership with Infoblox, the industry leader in network infrastructure automation and control solutions. Together, these companies offer a comprehensive, integrated solution that provides industry-leading global load balancing, real-time signing, enhanced DNS management, and simplified DNSSEC deployment. “The combination of BIG-IP GTM with Infoblox IPv6- and DNSSEC-ready DDI appliances delivers a complete end-to-end, secure, scalable, and manageable DNS infrastructure along with multi-data center traffic management and disaster recovery,” said Cricket Liu, Vice President of Architecture and Technology at Infoblox and author of O’Reilly Media’s best-selling series of books on DNS.

Advantages of the joint F5/Infoblox solution include:

Easy Deployment of Compelling DNSSEC Capabilities

The joint solution incorporates the benefits of F5’s traditional ADN global traffic management and Infoblox’s DNS server and zone management capabilities, providing customers with powerful DNS security. F5 BIG-IP solutions deliver automated, realtime DNSSEC signing—a particularly critical feature for dynamic zones that contain globally load balanced DNS names. Customers enjoy flexible deployment options and can select which domains use F5’s real-time signing or Infoblox’s DNSSEC functionality.

To help organizations seamlessly bring their infrastructures up to speed, the solution includes default settings based on governmental guidelines, making DNSSEC enforcement simple and easy to manage by using a convenient turnkey implementation. Moreover, while other DNSSEC solutions require complex and expensive manual provisioning of keys, F5 and Infoblox automate DNSSEC key generation, rollover, and distribution.

Global Load Balancing Capabilities for High Availability and Disaster Recovery

Because basic DNSSEC architecture has not supported intelligent global server load balancing (GSLB) systems in the past, organizations historically have been forced to choose between deploying DNSSEC and ensuring the high availability of GSLB functions for their infrastructures. This made it incredibly difficult for organizations that relied on multiple data centers for site resiliency to integrate DNSSEC capabilities with disaster recovery efforts. With F5’s GSLB capabilities, customers leveraging multiple and globally dispersed data centers can ensure high availability and centralized management capabilities without exposing their infrastructures to DNS-related attacks. F5’s real-time DNSSEC signing functionality enables organizations to realize both the business benefits of GSLB and a high performance, secure DNS infrastructure.

Tested, Proven, and Supported DNSSEC Interoperability

Depending on an organization’s infrastructure, there are many possible designs for DNSSEC deployments. At the F5 Technology Center in Seattle, F5 and Infoblox devices were tested and proven to support several deployment configurations that simulate customers’ diverse IT environments. Additionally, F5 and Infoblox continue to conduct successful proof-of-concept engagements with customers and prospects, further validating the joint solution. Separately, F5 and Infoblox have also reviewed their devices in VeriSign’s DNSSEC Interoperability Lab.

“Security is a crucial, integrated part of our solution offerings, and we understand organizations’ need to defend against emerging attacks while maintaining an agile, optimized IT infrastructure overall,” said Dan Matte, SVP of Marketing and Business Development at F5. “By making it easy for customers to add security capabilities such as DNSSEC or DDoS protection into their environments, we can help them defend their information—and their brand—without sacrificing performance for users. Because F5’s Application Delivery Controllers can intelligently process application traffic traversing the network, they’re in an ideal position to thwart many targeted attacks, helping organizations implement comprehensive, end-to-end security solutions.”

About F5 Networks

F5 Networks is the global leader in Application Delivery Networking (ADN), focused on ensuring the secure, reliable, and fast delivery of applications. F5’s flexible architectural framework enables community-driven innovation that helps organizations enhance IT agility and dynamically deliver services that generate true business value. F5’s vision of unified application and data delivery offers customers an unprecedented level of choice in how they deploy ADN solutions. It redefines the management of application, server, storage, and network resources, streamlining application delivery and reducing costs. Global enterprise organizations, service and cloud providers, and Web 2.0 content providers trust F5 to keep their business moving forward. For more information, go to www.f5.com.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This gives a new meaning to blind leading the blind.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9493
PUBLISHED: 2021-06-16
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.
CVE-2021-28815
PUBLISHED: 2021-06-16
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link vers...
CVE-2021-3535
PUBLISHED: 2021-06-16
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. ...
CVE-2021-32685
PUBLISHED: 2021-06-16
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-5...
CVE-2021-32623
PUBLISHED: 2021-06-16
Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using...