Infoblox IB 1552-A Grid Upgrade for NS1 IB-1552-A-GRID-UPG Data Sheet
Product codes
IB-1552-A-GRID-UPG
DATA SHEET
©2010 Infoblox Inc. All Rights Reserved. Infoblox-data-sheet-NS1-grid-July10
NS1 with Grid
™
Package
4
•
Easy workflow to manage permissions. The administrator can quickly set
permissions by right-clicking on any object to bring up a list of permissions. This
is much easier than having to switch to a separate administration panel. It also
provides a comprehensive list of which permissions have been granted to each
administration group.
permissions by right-clicking on any object to bring up a list of permissions. This
is much easier than having to switch to a separate administration panel. It also
provides a comprehensive list of which permissions have been granted to each
administration group.
•
Administration is also eased through the use of roles. Roles can be mapped to
an organization or job (e.g., Printer Admins, DNS Admins) and then roles can
be assigned to administrative groups. This abstraction model allows a set of
permissions to be defined once any changes to the role are inherited by all groups
that are associated with it.
an organization or job (e.g., Printer Admins, DNS Admins) and then roles can
be assigned to administrative groups. This abstraction model allows a set of
permissions to be defined once any changes to the role are inherited by all groups
that are associated with it.
Hardened Security: The Infoblox NIOSTM software is hardened and consistently
withstands security scans and attacks within the most demanding government and
military organizations. DNS and DHCP services can be upgraded easily to support the
latest versions of BIND and DHCP, ensuring minimum exposure to security threats. In
the event that a new exploit is discovered, the underlying Infoblox NIOS software can be
upgraded in minutes via a single, simple operation. This makes it much more difficult
to penetrate than general-purpose operating systems with known vulnerabilities.
Management communication is secured using Secure Sockets Layer (SSL)-encrypted
VPNs for protection against management compromise.
withstands security scans and attacks within the most demanding government and
military organizations. DNS and DHCP services can be upgraded easily to support the
latest versions of BIND and DHCP, ensuring minimum exposure to security threats. In
the event that a new exploit is discovered, the underlying Infoblox NIOS software can be
upgraded in minutes via a single, simple operation. This makes it much more difficult
to penetrate than general-purpose operating systems with known vulnerabilities.
Management communication is secured using Secure Sockets Layer (SSL)-encrypted
VPNs for protection against management compromise.
DNS Attack Detection and Mitigation: Infoblox provides the ability to detect, alert and
mitigate any attacks against members that are configured as recursive DNS servers.
The NIOS software will monitor two key parameters that are indicators of an attack:
mis-matched DNS message IDs and mis-matched UDP ports on DNS responses. This
happens when an attacker is guessing on those parameters to “spoof” a response with
the poisoned data. The administrator can set a threshold for both parameters and when
either is exceeded the system will send an email alert and/or SNMP trap (whichever is
configured for the system). This feature will give administrators an early warning that
one of their servers is under attack.
mitigate any attacks against members that are configured as recursive DNS servers.
The NIOS software will monitor two key parameters that are indicators of an attack:
mis-matched DNS message IDs and mis-matched UDP ports on DNS responses. This
happens when an attacker is guessing on those parameters to “spoof” a response with
the poisoned data. The administrator can set a threshold for both parameters and when
either is exceeded the system will send an email alert and/or SNMP trap (whichever is
configured for the system). This feature will give administrators an early warning that
one of their servers is under attack.
In addition, Infoblox NIOS allows attack mitigation by implementing query rate-limiting.
The administrator can implement a filter on a specific IP or network to limit or stop all
traffic. This will slow down or stop the attack, the success of which is based on the
attacker’s ability to try as many response “guesses” as possible before the legitimate
DNS server can respond.
The administrator can implement a filter on a specific IP or network to limit or stop all
traffic. This will slow down or stop the attack, the success of which is based on the
attacker’s ability to try as many response “guesses” as possible before the legitimate
DNS server can respond.
One-Click DNSSEC: Infoblox has a “one-click DNSSEC” solution that automates the
processes of signing and maintaining a signed zone. This eliminates dozens of error-
prone, manual operations and eliminates the need to write and maintain custom
scripts. Key generation is performed automatically using DNSSEC properties specified
at the Grid or zone level; resource record signatures are maintained; and, zone
signing key rollover occurs seamlessly and automatically according to best practices
recommended by the National Institute of Standards and Technology (NIST-800-81) and
RFC 4641 standards.
processes of signing and maintaining a signed zone. This eliminates dozens of error-
prone, manual operations and eliminates the need to write and maintain custom
scripts. Key generation is performed automatically using DNSSEC properties specified
at the Grid or zone level; resource record signatures are maintained; and, zone
signing key rollover occurs seamlessly and automatically according to best practices
recommended by the National Institute of Standards and Technology (NIST-800-81) and
RFC 4641 standards.