When Network Security Becomes a Network-management Problem

Similar documents
Reliable DNS and DHCP for Microsoft Active Directory

Grid and Multi-Grid Management

Securing Your Business with DNS Servers That Protect Themselves

Securing Your Business with DNS Servers That Protect Themselves

Securing Your Business with DNS Servers That Protect Themselves

Reliable DNS and DHCP for Microsoft Active Directory Protecting and Extending Active Directory Infrastructure with Infoblox Appliances

Securing Your Business with DNS Servers That Protect Themselves

TECHNICAL WHITE PAPER. Infoblox and the Relationship between DNS and Active Directory

Beyond Quality of Service (QoS) Preparing Your Network for a Faster Voice over IP (VoIP)/ IP Telephony (IPT) Rollout with Lower Operating Costs

WHITEPAPER. Designing a Secure DNS Architecture

WHITE PAPER. Automating Network Provisioning for Private Cloud

Top Five DNS Security Attack Risks and How to Avoid Them

Infoblox Grid Technology

Challenges in Deploying Public Clouds

GiftWrap 4.0 Security FAQ

Concierge SIEM Reporting Overview

Securing External Name Servers

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

WHITE PAPER. Infoblox IPAM Integration with Microsoft AD Sites and Local Services

Integrated IP Address Management Solution WHITEPAPER. Private Cloud Without Network Automation. Can it be done?

STARTER KIT. Infoblox DNS Firewall for FireEye

Recommended IP Telephony Architecture

WHITEPAPER. Defeating Advanced Persistent Threat Malware

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Infoblox Inc. All Rights Reserved. Talks about DNS: architectures & security

SANS Top 20 Critical Controls for Effective Cyber Defense

WHITEPAPER. Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI

Detect Malware and APTs with DNS Firewall Virtual Evaluation

DNS Appliance Architecture: Domain Name System Best Practices

How To Secure Your System From Cyber Attacks

Protecting your enterprise network:

Defending Against Data Beaches: Internal Controls for Cybersecurity

DNS Security: New Threats, Immediate Responses, Long Term Outlook Infoblox Inc. All Rights Reserved.

V1.4. Spambrella Continuity SaaS. August 2

WHITEPAPER. Top 10 Reasons NetMRI Adds More Value than Basic Configuration and Change Management Software

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Information Technology Solutions

VMware vcloud Networking and Security Overview

At dincloud, Cloud Security is Job #1

Five keys to a more secure data environment

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Breaking the Cyber Attack Lifecycle

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

White Paper. Five Steps to Firewall Planning and Design

Achieving PCI-Compliance through Cyberoam

24/7 Visibility into Advanced Malware on Networks and Endpoints

Basics of Internet Security

Infoblox Inc. All Rights Reserved. Securing the critical service - DNS

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015

DeltaV System Cyber-Security

Injazat s Managed Services Portfolio

Infoblox vnios Software for CISCO AXP

Cisco RSA Announcement Update

5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep)

Internet Content Provider Safeguards Customer Networks and Services

How To Achieve Pca Compliance With Redhat Enterprise Linux

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Simplifying Private Cloud Deployments through Network Automation

GE Measurement & Control. Cyber Security for NEI 08-09

A Guide to Common Cloud Security Concerns. Why You Can Stop Worrying and Start Benefiting from SaaS

The Importance of a Resilient DNS and DHCP Infrastructure

Cyber Security for NERC CIP Version 5 Compliance

Virtualization Success Depends on Network Automation

With Great Power comes Great Responsibility: Managing Privileged Users

Network protection and UTM Buyers Guide

The Global Attacker Security Intelligence Service Explained

How To Run A Windows Server 2008 With Hyperv On A Poweredge Poweredge Server On A Mini Computer (Dell)

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

Industrial Security Solutions

Comparing SolarWinds IP Address Manager to Windows Server 2012 IP Address Management. By: Brien M. Posey. whitepaper

White Paper. McAfee Web Security Service Technical White Paper

McAfee SECURE Technical White Paper

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Policy Management: The Avenda Approach To An Essential Network Service

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Mucho Big Data y La Seguridad para cuándo?

Infoblox Grid TM. Automated Network Control for. Unifying DNS Management and Extending the Infoblox Grid TM to the F5 Global Traffic Manager

Managing and Maintaining Windows Server 2008 Servers

WildFire. Preparing for Modern Network Attacks

Using Rsync for NAS-to-NAS Backups

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

WHITEPAPER. Defeating DoS/DDoS Attacks in Real Time

The Hillstone and Trend Micro Joint Solution

Zone Labs Integrity Smarter Enterprise Security

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

10 Smart Ideas for. Keeping Data Safe. From Hackers

A Modern Framework for Network Security in Government

WHITE PAPER. Creating a Best-of-Breed DDI Solution in a Microsoft Environment

Top tips for improved network security

A HELPING HAND TO PROTECT YOUR REPUTATION

Transcription:

WHITEPAPER When Network Security Becomes a Network-management Problem 6 Ways your Network Team Can Help Fight Malware and Improve IT Efficiency at the Same Time

When you hear about security breaches, you think about disruption of services to customers, stolen data and identities, and damage to company reputation. All these externally facing consequences are dire which is why IT departments have implemented next-generation firewalls with unified threat management, web-application firewalls, layered security, intrusion-detection and prevention solutions, and security information and event management (SIEM) systems. But there is another kind of damage that is only beginning to make the news. Attacks on the computing infrastructure also directly impinge on network management teams. The ability of network management teams to do their jobs, the time and resources they have available, and their ability to scale the network up to support the business as it grows are all impacted by security threats whether those threats succeed, or simply consume resources as IT staff work to detect and thwart them. Security isn t just a security issue; it s a network management issue as well. The two cannot be separated in today s network management environment. The good news, though, is that network management teams are in a position to defend themselves, the IT organization at large, and the enterprise from security threats. This white paper explains six ways in which your network management team can make strong contributions to your company s defense against botnets, distributed denial of service (DDoS) attacks, designer malware, and all the other scary things that go bump in the Ethernet. 1. Let the Infrastructure Do the Work. Most of us are accustomed to thinking of network infrastructure the way we think of a city in terms of services delivered, communications transmitted, power provided for activities, space available for storing things. Networks today still have to be all those things, but now we have to think of them as a fortresses as well, as walled cities that not only allow dwellers to carry out vital functions, but also protect them from external perils. Two elements of your network need to be designed with external threats in mind: the underlying architecture, and the hardware devices that host the applications and services the network supports. A Threat-resistant, High-Availability Architecture Most network architectures today are more the result of evolution than design. Big corporate networks have grown over years or decades and are made up of components from different eras and different vendors, managed using dissimilar tools ranging from Microsoft Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) services to Excel spreadsheets, Perl scripts, and command-line interfaces. These ad hoc architectures are highly vulnerable to attack, and the network teams who manage them are too busy to do much about it. 1 WHITEPAPER When Network Security Becomes a Network Management Problem

Now that network security has risen to the top of the IT agenda, greenfield architectures have to be purpose-built and legacy architectures have to be refitted to keep cyberattackers at bay. The starting point is a security-hardened network infrastructure that supports highavailability operation and withstands security scans and attacks. The key tactic is to have centralized control across network subnets, zones, and sites. This network architecture should be managed from a central appliance that pushes global configuration data and other information out to other appliances, and it should be coupled with an integrated, zero-administration, real-time database so that the infrastructure can continue to deliver services without data loss or corruption if a device or a wide-area network (WAN) fails or becomes infected and needs to be quarantined. Connections and communications across the network should obey established principles of high availability. The central appliance and all its subordinate appliances should be instantly upgradable in case a new operational fix or security flaw has been identified or a new patch has been made available. Servers should be linked in high-availability pairs, with constant back-and-forth health checking and automatic failover. There should be no single point of failure, and if a link fails temporarily, communications should go into a queue that is maintained until the link is restored. Industry-standard Secure Socket Layer (SSL) encryption should be used in VPN tunnels to reduce the vulnerability of the entire infrastructure. The central controlling appliance should be coupled with a mirrored backup appliance at another site that can take over instantly. Other desirable features include a hardened operating system with no root access, two-factor authentication for login, detailed audit logging, EAL-2 Common Criteria Certification, and granular access control. Hardened Appliances The increasing frequency and destructiveness of cyberthreats are good reasons to reconsider the budgetary advantages of general-purpose servers and the free software that often comes bundled with them. Today s cybercriminals know commodity servers inside out and have refined techniques for compromising them. In addition, using multiple free utilities with no readily available technical support or training to manage network services consumes time and staff resources. Purpose-built appliances are inherently more reliable, manageable, scalable, and secure than software running on general-purpose servers. And the software that runs on them usually offers features such as real-time environmental and fault monitoring that bundled utilities don t have. Other security-enhancing features that can be found in purpose-built appliances include: Redundant, hot-swappable components such as power supplies, fans, and hard-disk drives The ability to be deployed in high-availability pairs 2

Enterprise-quality construction Compliance with government security requirements 2. Make Management in General Easier. Complexity and vulnerability go hand in hand, and the more time your network team spends performing its traditional repetitive functions, the less time it has to contribute to security initiatives or more valueadded short-term projects. So goals you ve pursued for financial reasons simplification, centralization, and integration now become contributors to network defense as well. Simplify If you or your staff are using client stations and command-line interfaces to manage your network, operational efficiency is taking a hit because you re spending too much time on mundane, repetitive tasks, and you might be making errors that can leave you vulnerable to attack. If you can replace these outmoded vendor-based systems with a single networkcentric, web-based GUI, your staff can manage from any station on the network, monitor more easily, and enter data more accurately saving time and freeing resources to work on strengthening your defenses. Centralize Any military commander will tell you that an effective defense requires central direction. A distributed network whose devices are operated as a single, centrally controlled system across network subnets, zones, and sites is more secure than a loose collection of locally managed networks. Central control makes it easier to monitor and report on network devices and operations, give administrators single sign-on capability and role-based access and permissions, and identify trends that impact efficiency as well as security. Integrate Many network management teams are still juggling a mismatched collection of management tools that might include: Microsoft DNS and DHCP utilities Microsoft Clustering Separate DHCP servers DNS tools on virtual machines Excel spreadsheets used to manage IP addresses Perl script or command line interfaces used for automation 3 WHITEPAPER When Network Security Becomes a Network Management Problem

In short, they have too many steps, too many tools, and too much complexity. Expert staff are tied up with repetitive administrative tasks, information that needs to be in one place is scattered around in disparate systems, and both management efficiency and network security are difficult to attain. One of the best steps you can take to reduce complexity is to integrate three key functions so that they share a management interface: Domain Name System Dynamic Host Configuration Protocol IP address management (IPAM) With these vital functions combined, your network operations are easier to automate, easier to connect securely, easier to virtualize, easier to scale and upgrade and easier to protect from outages, whether their causes are natural or malicious. 3. Get All the Visibility You can into Network Data. Network managers are already familiar with the value of having easily accessible network data at their fingertips. Using data for long-term historical reporting, trending, and analysis enables you to improve application up time, maximize staff resources, and plan to accommodate growth. It can also enable network teams to protect the business against malware. Historical reporting, especially on DNS activity, enhances security by making it possible to track intermittent and suspicious activity over time. By being aware of factors such as how many queries are going to questionable outside addresses or whether any of your DNS servers are sending an unusual number of queries, you can detect infected clients quickly, limiting the damage and eliminating the infection. 4. Manage DNS for Security. Cyberattacks on DNS servers represent one of the most significant hazards to network security today. DNS querying goes on unobtrusively behind the scenes, and yet it is pervasive and continuous, making it an excellent vehicle for unauthorized and malicious access to computing systems. Trojan-horse spyware and backdoor codes can be found via DNS queries undetected by almost all security approaches. Once they are inside the firewall, they can communicate with the malefactors who created them using the same DNS path they entered on. 4

Spyware can collect financial data, account numbers, passwords, credit card numbers, and other keys that give access to proprietary company data, confidential healthcare patient information, insider trading secrets, and customer bank accounts and send it to criminals who will use it to commit fraud, theft, and sabotage, to highjack computing resources and use them for launching DDoS attacks on other companies, or to generate SPAM. Even if your business has a robust SIEM system with all of the latest security tools, chances are it s not protected against DNS-exploiting attacks. And because DNS is used by nearly all networked applications including email, web browsing, ecommerce, Internet telephony, and more these types of attacks threaten the very basis of modern communications and commerce. As noted above, general-purpose free applications and commodity servers aren t well equipped to combat modern cybercrime techniques. They usually don t have rollback or reporting. DNS, DHCP, and IPAM are handled separately via different control interfaces. And most of them have no discovery, analysis, or change-management tools. The safest course of action is to: Either fortify the management of your commodity servers, or replace them entirely with servers engineered specifically to stop DNS-exploiting malware Deploy DNS firewalls to prevent clients from connecting to identified malware sites, keep botnet DNS command-and-control requests from executing, and make it possible to pinpoint infected clients Network management best practices for securing DNS servers include: Reviewing and blocking resolved DNS queries to bad domains from infected clients Implementing reports that give you visibility into infected devices by IP/MAC address and device type Accessing frequently updated malware data feeds to counter fast-flux changes of IP addresses to bad domains Blocking potentially dangerous geographies such as North Korea, Iran, and Russia Another important DNS-related management tool is DNSSEC, which uses asymmetric cryptography to provide origin authentication and integrity checking for DNS Data. The consequences of cache poisoning are so calamitous that it s worth implementing DNSSEC purely to address it so your network infrastructure should definitely have support for DNSSEC. 5. Unify Management of Routers and Access Control Lists. The management of network devices in large, heterogeneous networks is complex, timeconsuming, and error prone. Most network teams are using manual processes and numerous vendorsupplied management tools. Visibility into network devices and configurations is patchy and limited, and rule-changing, provisioning, and security analysis are unsystematic. 5 WHITEPAPER When Network Security Becomes a Network Management Problem

The solution is to unite processes on a platform focused on access-policy management, provisioning of access control lists (ACLs), and management of network security device rules. Centralized management makes it possible to discover network devices, capture and update configuration settings, and implement changes. It simplifies provisioning and tightens control over user access rights. And it makes firewall intelligence available by allowing users to model changes before they are deployed so that unplanned effects can be identified before they make it into production and create security vulnerabilities. 6. Automate Everything. Hand-to-hand combat with an army of robots is a losing proposition. Automation is the enemy s most powerful weapon. And in the arms race that network security has become, you have to fight fire with fire. By automating the management of everything from DNS to DHCP to IP addresses; from switch ports and security devices to policies and compliance; from provisioning, change and configuration, and reporting to infrastructure control, you can: Respond more quickly to security threats Avoid errors that leave your network at risk Defend a larger perimeter with limited staff resources Infoblox Can Help You Seamlessly Integrate Network Management with Network Security. Technology that can empower your network team to employ the tactics described above is available today and Infoblox can supply it. As you perform your day-today network management tasks and gear up to take advantage of trends like cloud computing, virtualization, and software-defined networking, we can help you make yet another vital contribution to your business. Infoblox can help make network management a key contributor in securing your business against cyber-attacks. Contact us to discuss how we can help you control your network for security as well as efficiency. About Infoblox Infoblox (NYSE:BLOX) helps customers control their networks. Infoblox solutions help businesses automate complex network control functions to reduce costs and increase security and uptime. Our technology enables automatic discovery, real-time configuration and change management and compliance for network infrastructure, as well as critical network control functions such as DNS, DHCP, and IP Address Management (IPAM) for applications and endpoint devices. Infoblox solutions help over 6,500 enterprises and service providers in 25 countries control their networks. 6

CORPORATE HEADQUARTERS: +1.408.986.4000 +1.866.463.6256 (toll-free, U.S. and Canada) info@infoblox.com www.infoblox.com EMEA HEADQUARTERS: +32.3.259.04.30 info-emea@infoblox.com APAC HEADQUARTERS: +852.3793.3428 sales-apac@infoblox.com 2013 Infoblox Inc. All rights reserved. infoblox-whitepaper-when-network-security-becomes-network-management-problem-sept2013

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information