Firmware protects against Kaminsky DNS exploit.October 7, 2008 -
Intrusion Prevention System (IPS) firmware virtually eliminates threat of Domain Name Server (DNS) Cache Poisoning when combined with existing DNS patch. While able to actively detect and block DNS exploit while still allowing the DNS to function properly, solution also includes components for rate/threshold-based signatures, blacklisting, and stateful firewall functions, components that promote protection for DNS servers.
(Archive News Story - Products mentioned in this Archive News Story may or may not be available from the manufacturer.)
Original Press release
NitroSecurity, Inc.
230 Commerce Way
Portsmouth, NH, 03801
USA
NitroSecurity Releases New Defense for Domain Name Server (DNS) Cache Poisoning Threat
Intrusion Prevention System (IPS) Firmware Upgrade Proves Virtually 100 Percent Effective in Blocking 'Kaminsky' Exploit when Combined with DNS Patch
PORTSMOUTH, N.H., Sept. 23 -- NitroSecurity, Inc. (http://www.nitrosecurity.com/), a leading provider of network and information security solutions, today announced that it has developed a unique IPS solution that virtually eliminates the threat of DNS Cache Poisoning. Through research with the Rochester Institute of Technology (RIT), NitroSecurity demonstrated that its IPS, combined with the DNS server patch, provides protection against the exploit that is nearly 100 percent effective.
The DNS exploit presents a challenge in regard to protection. Simply blocking the vulnerability via a standard IPS detection signature would prevent access to the DNS altogether. Therefore, it is crucial to have a broad solution that not only blocks the exploit, but does not compromise the functionality of the DNS. Working with RIT, NitroSecurity has validated a solution to actively detect and block the DNS exploit while still allowing the DNS to function properly.
Recently, the DNS exploit gained widespread industry attention when Dan Kaminsky presented on the topic at this year's Black Hat Conference in Las Vegas. If successfully executed, the exploit represents a massive security threat. Although a patch has been released, DNS servers can still be easily compromised over a short period of time. NitroSecurity's research with leading experts puts the risk at 10 percent within a week's time and 37 percent within a month. For those organizations that are unable to apply a DNS patch, the research also validates that utilizing the upgraded NitroSecurity IPS solution without the DNS server patch provides similar protection as using the patch alone.
"In our rigorous testing, we found that the solution to the DNS problem is to provide secondary measures, in addition to the current patch, to reduce the chances of exploitation," said Bill Stackpole, assistant professor, Rochester Institute of Technology. "In the specified test environment a successful DNS attack without the NitroSecurity IPS in place took approximately four minutes to exploit. With the IPS in place the attack continued for more than 24 hours without a successful exploit."
"The recent attention the DNS vulnerability has garnered is highly important since companies need to know it's out there and how they can protect against it. IPS solutions are widely deployed throughout the industry to combat many vulnerabilities," said Michael Leland, chief technology officer, NitroSecurity. "However, the DNS exploit requires more than just a signature-based IPS solution. Nitro's IPS is capable of rate/threshold-based signatures, blacklisting and stateful firewall functions -- all components that, when used in conjunction, can dramatically improve the protection for DNS servers."
The NitroSecurity IPS solution is currently available. A firmware upgrade is available for existing customers. For more information please contact NitroSecurity at (800) 795-4771 or visit http://www.nitrosecurity.com/. NitroSecurity will be hosting a Webinar to provide further details on the DNS exploit and available solutions on September 25, 2008 from 1:00 - 2:00 p.m. EDT. To register, please go to https://www1.gotomeeting.com/register/243976897 .
To download NitroSecurity's Whitepaper on the DNS exploit and available solutions go to http://nitrosecurity.com/media/whitepapers/. You can also view Chief Technology Officer Michael Leland's recent DNS blog posting on the SIEMBlog at http://siemblog.com/?p=10 .
About NitroSecurity
NitroSecurity is the leading supplier of information security products that protect business information and infrastructure -- Edge-to-Core. NitroSecurity solutions reduce business risk exposure and increase network and information availability by monitoring, protecting and alerting organizations about suspicious or harmful network activities from inside or outside the enterprise. Utilizing the industry's fastest analytical tools, NitroSecurity will identify, correlate and remediate threats in minutes instead of hours, allowing organizations to quickly mitigate risks to the organization's information and infrastructure.
NitroSecurity serves more than 500 enterprises across many vertical markets, including healthcare, education, financial services, government, retail, hospitality and managed services. For more information, please visit http://www.nitrosecurity.com/.
CONTACT: Frank Hayes of NitroSecurity, +1-603-570-3909, fhayes@nitrosecurity.com; or Rachel Miller of SHIFT Communications for NitroSecurity, +1-617-779-1856, nitrosecurity@shiftcomm.com
|
|
|
|
|
|
|
| 
