DNS, DHCP & IP Address Management appliances
For Microsoft DNS & DHCP servers
For open source DNS & DHCP servers
Manage multi-vendor cloud DNS servers centrally
RIR Declaration Management and Automation
Automated network device configuration and management
Centralized visibility over all your clouds
A single source of truth for your network automation
Why DDI is an Obvious Starting Point
DNS Threat Intelligence for proactive defense
Adaptive DNS security for service continuity and data protection
Improve Application Access Control to prevent spread of attacks
Protect users and block DNS-based malware activity
Carrier-grade DNS DDoS attack protection
Optimize application delivery performance from the edge
for Proactive Network Security
Visibility, analytics and micro segmentation for effective Zero Trust strategy
Enable work from anywhere by controlling access, security and data privacy
Simplify management and control costs across AWS, Azure and GCP environments
Risk-free migration to reduce DDI complexity and cost
Move risk-free to improve performance, security and costs
Automate management, unify control and strengthen security of connected devices
Protect your network against all DNS attacks, data exfiltration and ransomware
Enable zero touch operations for network management and security
Improve resiliency, deployment velocity and user experience for SD-WAN projects
Integrated DNS, DHCP, IPAM services to simplify, automate and secure your network.
Simplify design, deployment and mgmt of critical DDI services for telcos
Simplify and automate management of critical DDI services for finance
Simplify and automate management of critical DDI services for higher education
Simplify and automate management of critical DDI services for retail
Open architecture for DDI integration
Technology partnerships for network security & management ecosystems
Extend security perimeters and strengthen network defenses
Submit requests for temporary licenses
Submit access requests for EfficientIP knowledge platforms
Submit membership requests for EfficientIP Community
Strengthen Your Network Protection with Smart DNS Security
Customer-centric DDI project delivery and training
Acquire the skills needed to manage EfficientIP SOLIDserver™
Identify vulnerabilities with an assessment of your DNS traffic
Test your protection against data breaches via DNS
Dedicated representation for your organization inside EfficientIP
Explore content which helps manage and automate your network and cloud operations
Read content which strengthens protection of your network, apps, users and data
Learn how to enhance your app delivery performance to improve resilience and UX
Why Using DNS Allow Lists is a No-Brainer
Who we are and what we do
Meet the team of leaders guiding our global growth
Technology partnerships for network security and management ecosystems
Discover the benefits of the SmartPartner global channel program
Become a part of the innovation
The latest updates, release information, and global events
July 25, 2018 | EfficientIP | DNS, DNS Security
This blog is the first of four episodes which help describe best practices for utilizing DNS to protect your overall network.
When it comes to network security, everyone thinks about firewalls, proxies, IPS and endpoint protection. But very few think about DNS. This neglected component of any network is, without doubt, a foundation of the internet, making it both a target of cyber attacks and a powerful tool to detect and mitigate all kind of threats. The DNS allows anyone to reach any application through any network. Consequently, its security is essential – to guarantee its availability and integrity. The key role of DNS provides it with unique visibility over all network activity, allowing it to quickly detect both suspicious clients and domains, thus making it a vital security component of the overall ecosystem. Missing the opportunity of using DNS to help secure your network would therefore be a terrible mistake.
Users trying to reach an application have to pass via DNS to access its nearest endpoint. This means that any failure occurring in the DNS resolution process will cause at least part of the internet to go dark or lead to inaccessibility to enterprise applications. Real-life examples of this are numerous. The most famous one probably being the Dyn outage – an attack on authoritative DNS which caused inaccessibility to the websites of several major companies. There are also many examples of outages caused by attacks on internal recursive DNS services, including those which hit telcos Orange and Free Mobile earlier this year. By applying suitable security measures to DNS servers, such as smart distribution of services across various providers and removing reliance on single technologies, you are able to help guarantee DNS availability to have always-up services.
Performance and productivity of users can also become other areas of concern if you don’t take proper care of your DNS implementation. Accessing websites or apps often leads to massive amounts of related background activity, including DNS, for retrieving information hosted on remote 3rd-party sites. This obviously impacts latency for the user. DNS performance needs to be maximized by implementing more intelligent DNS architecture, as is the case for CDNs, in order to optimize this latency and as a result vastly improve user experience.
The DNS protocol is connectionless, and has been minimally secured since its inception. Continuous efforts are being made to enhance and secure it – DNSSEC, for instance, brings integrity mechanism for authoritative transactions. Yet, communications between the client and the resolver remain poorly secured. Responses of the resolver can easily be forged, or may have come from a poisoned DNS cache. The packets themselves may even be intercepted without the resolver’s or client’s knowledge. The results can lead to denial of service, or worse still, users being redirected to malicious resources.
Solutions are being constantly studied, but until a standard is adopted, it is important to minimize the risk as much as possible. Local network and DNS need to be properly deployed and configured to thwart these attack types. Best practices provide means to mitigate risk of communication corruption between the client and the resolver. This ensures that only authorized clients use company’s permissible applications and prevents users from being tricked into using non-legitimate resources.
DNS has the privilege of unique visibility over network activity, so is a natural and vital first line of defense for overall network security. Advanced threat intelligence enhances its ability to detect infected devices and malicious behaviors, thus making it an essential tool for timely attack prevention across your network, as well as for protecting data confidentiality.
Tags: DNSDNS architectureThreat Intelligence
When our goal is to help companies face the challenges of modern infrastructures and digital transformation, actions speak louder than words.
Explore content highlighting the value EfficientIP solutions bring to your network
