Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Secure DNS Key Management With nShield

Thales : 11 January, 2012  (Application Story)
The nShield HSM from Thales is enabling Domain Name System Security Extension deployment on the Infoblox DNS platform
Secure DNS Key Management With nShield
Thales nShield hardware security module (HSM) is now integrated with the Infoblox DNS platform to enable the simple and secure deployment of Domain Name System Security Extensions (DNSSEC). This joint solution addresses common DNSSEC deployment challenges and enables service providers, government departments, financial institutions and other organizations to secure their online identities more easily and protect critical services against cyber threats.

DNS allows the names of web servers, email addresses and VPNs to be mapped to server IP addresses. The DNSSEC specification enables the owners of these services to sign their domain name records and provide proof of the integrity and validity of their IP addresses. DNSSEC uses strong public key cryptography to significantly reduce the risk of an attacker spoofing DNS records and re-directing traffic to a server they control. Like any Public Key Infrastructure (PKI) based application, DNSSEC relies on the integrity of the private keys that underpin this process. The fact that domain name servers are typically deployed in hostile network environments with internet connectivity underscores how critical it is to protect these private keys throughout their lifecycle.

The Infoblox DNSSEC-enabled platform helps simplify IP address management (IPAM), increases reliability of DNS and IP address assignment (DHCP) services, and helps automate many manual and often error-prone network infrastructure related tasks. Infoblox IPAM solutions are designed to deliver highly reliable, manageable and secure DNS services with built-in, automated DNSSEC features, now including support for Thales-secured DNSSEC key generation. The combination simplifies deployment and management by saving significant administrative overhead and reducing repetitive, time-sensitive operations required to maintain DNSSEC.

When Infoblox systems are used together with a Thales nShield hardware security module (HSM), all cryptographic processing and protection of the critically important signing keys used to validate the integrity of DNSSEC-protected records occurs inside a FIPS 140-2 level 3 certified hardware platform. This significantly reduces vulnerability to cache poisoning, man-in-the-middle and other related cyber attacks.

“As a global authentication and validation schema, DNSSEC represents a new security frontier,” said Kevin Dickson, vice president of product management at Infoblox. “However, protecting access to the cryptographic keys that underpin the security framework is crucial. That’s why the Infoblox IPAM platform now offers support for the Thales HSM, which is both easy to integrate and well proven to protect DNSSEC key signing.”

“The number of recent high profile cyber attacks, such as Stuxnet and the DigiNotar hack demonstrate that crypto alone is not sufficient. Protecting cryptographic keys throughout their lifecycle is essential to achieve the benefits promised by DNSSEC and this joint Infoblox and Thales solution lowers the barriers to adopting DNSSEC,” says Cindy Provin, vice president of the Americas, Thales e-Security. “DNSSEC is an important method of securing the Domain Name System, protecting the integrity of an online presence and brand. Just as SSL became the standard mechanism for website authentication and encryption, DNSSEC is expected to become an integral component of Internet trust and a key element in enterprise security policies, further demonstrating the increasing value of encryption, digital signatures and key management in today’s ever-changing threat landscape.” 
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo