HP Networking
Discover how the new HP Networking combines the technologies and alliances of 3Com, ProCurve and TippingPoint into the next networking leader.

SDN Enables Central DNS Security, Globally Delivered

Guest blog by: Thomas Borrel, VP of Strategic Alliances, BlueCat

 

BlueCat-Colour.pngThere isn't a single client we talk to who hasn't noticed how critical their network has become for their business. Originally designed to connect terminals to a mainframe, desktops to printers, and laptops to web-based services, the network is now expected to support an ever-growing number of connected things and adapt to constantly evolving needs and security requirements. For the network to become more adaptable and elastic, its core services, like DNS (Domain Name System) need to also become elastic while providing security capabilities that it has never had to before.

 

DNS is essential to enabling device-to-app, app-to-app and device-to-device communication, but despite an ever-increasing business dependency, DNS continues to operate based on implicit trust. Devices are assumed to be querying the proper DNS server, and the DNS server is assumed to be trustworthy and provide accurate responses. This trust-as-a-foundation approach has made DNS a very popular attack vector with highly publicized attacks involving cache poisoning, amplification and reflection, tunneling or hijacking. While recent addendums to the DNS protocol help address some of those vulnerabilities, DNS continues to depend upon the configuration and operational integrity of the devices that use it. Combine this foundation with IT transformations such as BYOD, which allow employees to connect their own personal devices to the corporate network, and you end up with an environment ideally suited for internal attacks and malware proliferation.

 

Despite all that, DNS is ideally positioned in the network to provide complete visibility and control. Every connection starts with a DNS lookup – that DNS lookup signals the intent to connect and can expose unexpected or unwanted behaviors. The IP address provided by the DNS response will drive the rest of the connection. Controlling which IP address gets returned means controlling where the device will connect. Network designs that include the ability to define and enforce policies directly at the DNS level will separate themselves from the rest by offering greater intelligence on devices and apps connections combined with stronger security capabilities.

 

So here's the challenge - How can IT administrators continue to respond to the dynamic needs of the business, provide an elastic and secure network and embrace BYOD when foundational services have not adapted to the changing landscape? How can they ensure complete visibility and control over devices they do not provision, and ensure that DNS policies are applied across all devices, irrespective of their network access and configuration? Not that long ago, the answer would have been "impossible without affecting the user experience," but today, open network infrastructures based on SDN can solve these problems.

 

 

With a combination of SDN Controller and SDN App, you can deploy dynamic rules across all edge switches to intercept DNS traffic destined to non-corporate DNS servers and redirect it to your own DNS Servers where threat protection policies will be applied across all devices, regardless of their configuration. By blocking connection to non-corporate DNS Servers, your infrastructure will also prevent the establishment of DNS tunnels used to exfiltrate corporate data, spot mis-configured or infected devices, while ensuring complete visibility and control over all DNS traffic across all devices within the enterprise. All of this, without negatively affecting your user experience.

 

>> Learn more about the power of BlueCat DNS Director with the HP VAN SDN Controller.

 

>> For details on how BlueCat's DNS Director app combined with BlueCat's DNS Threat Prevention can help secure your network, access the HPand BlueCat Solution brief here.  

>> Contact us if you’d like to give this SDN application a try.

 

>> For more information visit www.hp.com/go/networking 

>> Follow HP Networking on Twitter and Google+| Join HPN LinkedIn Community | Like us HPN Facebook 

 

>> Register to receive the HP Networking newsletter

 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.