IPAM and DNSSEC key management integration
The Thales nShield hardware security module (HSM) is now integrated with the Infoblox DNS platform to enable the deployment of DNSSEC. This joint solution addresses common DNSSEC deployment challenges and enables organizations to secure their online identities more easily and protect critical services against cyber threats.
DNS allows the names of web servers, email addresses and VPNs to be mapped to server IP addresses. The DNSSEC specification enables the owners of these services to sign their domain name records and provide proof of the integrity and validity of their IP addresses.
DNSSEC uses strong public key cryptography to significantly reduce the risk of an attacker spoofing DNS records and re-directing traffic to a server they control. Like any PKI based application, DNSSEC relies on the integrity of the private keys that underpin this process. The fact that domain name servers are typically deployed in hostile network environments with internet connectivity underscores how critical it is to protect these private keys throughout their lifecycle.
The Infoblox DNSSEC-enabled platform helps simplify IP address management (IPAM), increases reliability of DHCP services, and helps automate many manual and often error-prone network infrastructure related tasks. I
nfoblox IPAM solutions are designed to deliver DNS services with built-in, automated DNSSEC features, now including support for Thales-secured DNSSEC key generation. The combination simplifies deployment and management by saving significant administrative overhead and reducing repetitive, time-sensitive operations required to maintain DNSSEC.
When Infoblox systems are used together with a Thales nShield HSM, all cryptographic processing and protection of the critically important signing keys used to validate the integrity of DNSSEC-protected records occurs inside a FIPS 140-2 level 3 certified hardware platform. This significantly reduces vulnerability to cache poisoning, man-in-the-middle and other related cyber attacks.
“DNSSEC is an important method of securing the Domain Name System, protecting the integrity of an online presence and brand. Just as SSL became the standard mechanism for website authentication and encryption, DNSSEC is expected to become an integral component of Internet trust and a key element in enterprise security policies, further demonstrating the increasing value of encryption, digital signatures and key management in today’s ever-changing threat landscape,” says Cindy Provin, vice president of the Americas, Thales e-Security.