Thales And Infoblox Help Protect Internet Integrity
Leading Vendors Provide Integrated, Bst-In-Class IP Address Management And Highly Secure DNSSEC Key Management
Thales, leader in information systems and communications security, announces that the Thales nShield hardware security module (HSM) is now integrated with the Infoblox DNS platform to enable the simple and secure deployment of Domain Name System Security Extensions (DNSSEC). This joint solution addresses common DNSSEC deployment challenges and enables service providers, government departments, financial institutions and other organizations to secure their online identities more easily and protect critical services against cyber threats.
DNS allows the names of web servers, email addresses and VPNs to be mapped to server IP addresses. The DNSSEC specification enables the owners of these services to sign their domain name records and provide proof of the integrity and validity of their IP addresses. DNSSEC uses strong public key cryptography to significantly reduce the risk of an attacker spoofing DNS records and re-directing traffic to a server they control. Like any Public Key Infrastructure (PKI) based application, DNSSEC relies on the integrity of the private keys that underpin this process. The fact that domain name servers are typically deployed in hostile network environments with internet connectivity underscores how critical it is to protect these private keys throughout their lifecycle.
The Infoblox DNSSEC-enabled platform helps simplify IP address management (IPAM), increases reliability of DNS and IP address assignment (DHCP) services, and helps automate many manual and often error-prone network infrastructure related tasks. Infoblox IPAM solutions are designed to deliver highly reliable, manageable and secure DNS services with built-in, automated DNSSEC features, now including support for Thales-secured DNSSEC key generation. The combination simplifies deployment and management by saving significant administrative overhead and reducing repetitive, time-sensitive operations required to maintain DNSSEC.
When Infoblox systems are used together with a Thales nShield hardware security module (HSM), all cryptographic processing and protection of the critically important signing keys used to validate the integrity of DNSSEC-protected records occurs inside a FIPS 140-2 level 3 certified hardware platform. This significantly reduces vulnerability to cache poisoning, man-in-the-middle and other related cyber attacks.
“As a global authentication and validation schema, DNSSEC represents a new security frontier,” said Kevin Dickson, vice president of product management at Infoblox. “However, protecting access to the cryptographic keys that underpin the security framework is crucial. That’s why the Infoblox IPAM platform now offers support for the Thales HSM, which is both easy to integrate and well proven to protect DNSSEC key signing.”
“The number of recent high profile cyber attacks, such as Stuxnet and the DigiNotar hack demonstrate that crypto alone is not sufficient. Protecting cryptographic keys throughout their lifecycle is essential to achieve the benefits promised by DNSSEC and this joint Infoblox and Thales solution lowers the barriers to adopting DNSSEC,” says Cindy Provin, vice president of the Americas, Thales eSecurity. “DNSSEC is an important method of securing the Domain Name System, protecting the integrity of an online presence and brand. Just as SSL became the standard mechanism for website authentication and encryption, DNSSEC is expected to become an integral component of Internet trust and a key element in enterprise security policies, further demonstrating the increasing value of encryption, digital signatures and key management in today’s ever-changing threat landscape.”
- DNSSEC solution brief and ISC BIND integration guide
- Key Management for Dummies Guide
- Thales Key Management Insights blog