An upgrade to NetContinuum's NC-1000 network security appliance adds Domain Name System (DNS)-based attack prevention to a list of features that includes prevention of attacks using the HTTP (Hypertext Transfer Protocol) and SSL (Secure Sockets Layer) protocols.
The new feature will enable NetContinuum customers using the NC-1000 to inspect traffic coming into their network on Port 53, the default DNS port.
DNS is used to translate alphanumeric domain names into the numeric IP (Internet Protocol) addresses that machines on the Internet use to contact each other. Typically, Port 53 is left open on corporate firewalls to allow DNS traffic to reach Web and application servers behind the firewall, making organizations vulnerable to attacks that use DNS to penetrate a network's defenses.
DNS-borne attacks have garnered more attention in recent months. Securing DNS received a prominent mention in the Bush administration's National Strategy to Secure Cyberspace. Recent warnings from the U.S. Federal Bureau of Investigation and Carnegie Mellon's CERT Coordination Center about the vulnerability of commonly used DNS implementation like the Berkeley Internet Name Domain (BIND) DNS package have also raised awareness among network administrators.
With the NC-1000 upgrade, incoming DNS traffic can be inspected in the same way that the HTTP traffic on Port 80 and SSL (Secure Sockets Layer) traffic on Port 443 are inspected.
DNS traffic will be fully terminated at the NC-1000 device and held in memory while it is inspected down to the packet and request level. The NC-1000 can spot invalid DNS formats, malicious code embedded in DNS packets, unsolicited DNS responses and other anomalies, according to NetContinuum.
The NC-1000 is powered by an application-specific integrated circuit (ASIC) that allows the packet inspections to occur at line speed, without impacting network communications, according to NetContinuum.
The NC-1000 supplements the protection offered by corporate firewalls, sitting in between the firewall and the corporate data center and inspecting all traffic to Web and application servers in the data center, according to NetContinuum.
While some firewalls do offer similar features, they frequently can't perform the kinds of deep packet inspections that are necessary to stop all attacks, according to according to Richard Stiennon, research director of network security at Gartner Inc.
When they work well, security gateway appliances also relieve some of the pressure on network administrators to push configuration changes, software patches and upgrades to their network hosts and DNS servers to protect against emerging threats, according to Stiennon.
The new feature is a natural extension of the NC-1000's existing deep inspection features, but the company, which is based in Santa Clara, California, deserves credit for taking up the problem of DNS-based attacks, according to Stiennon.
"This is a no-brainer for deep packet inspection devices. The most important aspect of what they're doing is highlighting that other ports need to be inspected and can be inspected," Stiennon said.
The NetContinuum announcement is the latest in the market for gateway security appliances, as companies such as Teros Inc. (formerly Stratum8 Networks Inc.) and Fortinet Inc. race to protect as many vulnerable ports as possible, according to Stiennon.
"This is the first of many that will appear. Instant messaging, proxies, time servers -- all these different Internet servers will eventually be protected by gateway devices," Stiennon said.
One competitor, TippingPoint Technologies Inc. of Austin, Texas, said that its ASIC-based appliances already offer the kind of protection NetContinuum is announcing.
TippingPoint's appliances, which range from 400 M bits per second (bps) to 2.2 G bps models, sit at the heart of the network and look at all traffic and all ports, including DNS and port 53, according to Marc Willebeek-LeMair, chief technology officer at TippingPoint.
The new DNS inspection feature will be available to existing NC-1000 customers as a free software update in May. For new customers, the NC-1000 retails for US$28,000 for the 10/100 model or $38,000 for a Gigabit model, according to NetContinuum.