Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Whirlpool Spins New Address Scheme

New DNS address management tools help appliance maker wash away previous security woes

A year ago, the most frequent cause of network problems at Whirlpool wasn't hackers or disgruntled insiders. It was fat-fingered local network administrators.

"The problems were almost purely accidental," recalls Greg Fisbeck, lead network engineer for the appliance giant, which operates a global network of some 80,000 endpoints, including the Maytag business acquired last year.

"Some administrator would put in an extraneous character, or put a space in the middle of a host name, and the next thing you know, they'd bring down a whole [address] zone. And here in the data center, nobody knew about it until people started calling in to say they couldn't get into Whirlpool.com."

The problem, Fisbeck explains, was the company's address management system. The old system required a good deal of manual configuration, and many of the local administrators weren't familiar with the conventions of IP addressing. Worse, the old system didn't allow Whirlpool to restrict administrator access -- once they were in the system, untrained admins could make changes that might unintentionally affect whole address zones.

Whirlpool had been considering the purchase of a new IP address management system for years, but the functionality of earlier systems was limited, and it was difficult to explain the value of a DNS/DHCP administration tool to top-level managers who weren't familiar with addressing technology, Fisbeck recalls.

Then, in 2006, the stars began to align. Whirlpool acquired Maytag -- and all its IP addresses -- which made it easier to create a business case for an overarching management system. And Bluecat Networks was nearing completion of its Proteus 2.0 IP Address Management (IPAM) and Adonis 5.0 DNS/DHCP appliance lines, which answered many of Whirlpool's concerns about earlier address management systems.

With Proteus and Adonis, Whirlpool can now restrict administrators' access to addressing functions, so that they can make changes only to their own domains. Instead of several different systems, administrators make changes only in one central system, which reduces the likelihood of a mistake that takes down a whole zone of addresses. And the new systems offer templates for IP addressing, reducing the chances that an administrator will use the wrong format.

"With Proteus and Adonis, we've really reduced the chances of an administrator creating problems by accident," Fisbeck says.

The new appliances may also help Whirlpool avoid problems created by targeted attacks, Fisbeck says. For example, the Bluecat technology can manage heavy address requests created by a denial-of-service attack, and it can help Whirlpool's security team identify and quarantine bogus requests.

Fisbeck wouldn't say how much Whirlpool spent on the installation. Pricing for Adonis starts at $2,995; Proteus is $29,995. Whirlpool has five Adonis units in service and one Proteus.

Over the longer term, Whirlpool may also use Proteus and Adonis to help implement network admission control (NAC) at its endpoints. "Proteus has the ability to authenticate a user before we give them a permanent IP address, which would be one of the steps we need to take for NAC," Fisbeck says. The company still isn't completely sold on NAC, but the Bluecat products will allow Whirlpool to do some trials and test it out, he says.

In the meantime, Whirlpool is deploying Proteus and Adonis across its network, and expects to complete that deployment by the end of this month. "We think it's going to help a lot," Fisbeck says. "We won't have to worry anymore about losing a zone just because someone made a typo."

— Tim Wilson, Site Editor, Dark Reading

  • BlueCat Networks Inc. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/13/2020
    Omdia Research Launches Page on Dark Reading
    Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
    Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
    Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-14300
    PUBLISHED: 2020-07-13
    The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in th...
    CVE-2020-14298
    PUBLISHED: 2020-07-13
    The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the co...
    CVE-2020-15050
    PUBLISHED: 2020-07-13
    An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
    CVE-2020-10987
    PUBLISHED: 2020-07-13
    The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
    CVE-2020-10988
    PUBLISHED: 2020-07-13
    A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.