Dominic Stahl Infoblox DNSSEC Solution - DENIC eG: Wir ... · Infoblox DNSSEC Solution simple,...

Preview:

Click to see full reader

Citation preview

© 2010 Infoblox Inc. All Rights Reserved.

4. DNSSEC-Testbed-Meeting 24.11.20104. DNSSEC-Testbed-Meeting 24.11.2010

Infoblox DNSSEC Solutionsimple, secure and reliableInfoblox DNSSEC Solutionsimple, secure and reliable

Dominic Stahldstahl@infoblox.comDominic Stahldstahl@infoblox.com

© 2010 Infoblox Inc. All Rights Reserved.

The Infoblox DNSSEC Solution

Makes the process of deploying and managing DNSSEC as simple as possible– Transparent to the end user– Single-click configuration– Automatic and on-the-fly key

generation and management

Uses the latest technology and protocol features– BIND 9.7.0 with NSEC3 support

HSM Module planed for future release

© 2010 Infoblox Inc. All Rights Reserved.

Infoblox Appliances Automate Core Network Services

SIMPLE

DNS DHCP IPAM FTP/TFTP/HTTP NTP MORE…

Integrated core network services on hardened appliances

Centralized visibility & control of appliances, protocols and data

RELIABLESECURE

© 2010 Infoblox Inc. All Rights Reserved.

IPAM and DNSSEC

One central Management Interface to all your DNS and even IPAM Data

API for automation Easy to upgrade Easy to monitor/ audit Grid Master

Member

Member

InfobloxGrid

Member

Member

© 2010 Infoblox Inc. All Rights Reserved.

Example zone w/o DNSSEC

© 2010 Infoblox Inc. All Rights Reserved.

Example zone with DNSSEC

© 2010 Infoblox Inc. All Rights Reserved.

Easy Access to All Global DNSSEC Configuration Parameters

Central configuration of all DNSSEC parameters

Enforce standards by configuring DNSSEC parameters at a Grid level– Default key type, size and

validity period Defaults based on NIST-

800-81 and RFC 4641 standards

NSEC and NSEC3 support included

© 2010 Infoblox Inc. All Rights Reserved.

One-Click Zone Signing and Automated Zone Maintenance

Any zone can be signed with a single click” by using the “Sign Zone” toolbar button– Keys are generated on the fly

and records are automatically signed

– Auto-creation of all associated DNSSEC records

Automatic maintenance of signed zones– All key expiration and resigning

are handled automatically– DNSSEC zones automatically

resigned when new records are added

© 2010 Infoblox Inc. All Rights Reserved.

More useful tasks…

© 2010 Infoblox Inc. All Rights Reserved.

Automating DNSSEC – No Hassles!

Signed zones are easily identified with the DNSSEC icon– The following record types are

supported: DNSKEY, RRSIG, DS, NSEC, NSEC3, NSEC3PARAM

New Zone Signing Keys are automatically generated before the current keys expire– Key rollover is transparent to

the admin– Admins are automatically

notified in the GUI before keys expire

© 2010 Infoblox Inc. All Rights Reserved.

The BIND way– The NIST guidelines for signing a single zone with

standard BIND tools are 16 pages long– Typical steps required to sign a zone:

Generate a key pair for the Key Signing Key using the command line tool dnssec-keygen

Generate a key pair for the Zone Signing Key using the command line tool dnssec-keygen. E.g.,dnssec-keygen –a RSASHA1 –b 1024 –n ZONE foo.com

Add the output of the KSK and the ZSK public key to the zone db file

Use the dnssec-signzone command line tool to sign the zone using the private key pair. E.g.,dnssec-signzone –o foo.com –k Kfoo.com.+005+67829.key /var/named/zonedb.foo.com Kfoo.com.+005+45798.key

– The zone must be re-signed every time there is a change in the contents

– Manual process is error prone and can take hours– Tool development requires significant expertise

Comparison to “command line” BIND configuration of DNSSEC

The Infoblox way– One click

© 2010 Infoblox Inc. All Rights Reserved.

IPAM/DDI

DNSDHCP

NTPIPAM

Even more… also integrates NCCM

Network Infrastructure

Applications

MSFTAD

CRMWeb

E-Commerce

VoIP

ERP

Messaging

Routing, Switching, Firewalls, etc.

TFTP

FTPHTTP

InfobloxDDI

InfobloxNCCM

Automation

VisibilityVirtualization

Cloud Computing

Check Infrastructure

Provide DDI service

Recognize change

Detect IPs

Communicate Change

© 2010 Infoblox Inc. All Rights Reserved.

References

For More Info

DNS Security Center: http://www.infoblox.com/library/dns-security.cfm

Infoblox DNSSEC Offering:

http://www.infoblox.com/en/solutions/technology-solutions/dnssec.html

Infoblox general: http://www.infoblox.com

Cricket Liu:http://www.ask-mrdns.com

Recommended

DNSSEC in Practice: Using DNSSEC- Tools to Deploy DNSSEC · DNSSEC in Practice: Using DNSSEC-Tools to Deploy DNSSEC Wes Hardaker. Russ Mundy. Suresh Krishnaswamy {hardaker,mundy,suresh}@sparta.com
Documents
Protección Avanzada de DNS de Infobloxxnetworks.es/contents/Infoblox/infoblox-datasheet-advanced-dns... · HOJA DE DATOS ©2013 Infoblox Inc. Todos los derechos reservados. infoblox-datasheet-Advanced-DNS-Protection-Nov2013
Documents
Infoblox Administrator Guidedloads.infoblox.com/...//NIOS/NIOS_AdminGuide_5.1r5.pdf · 2012-11-26 · Infoblox Administrator Guide NIOS 5.1 for Infoblox Core Network Services AppliancesFile
Documents
Infoblox Installation Guide - Home - Infoblox Experts … Infoblox Installation Guide Document Overview This guide introduces the Infoblox vNIOS virtual appliance for Citrix XenServer
Documents
DANONE - Infoblox
Documents
Infoblox Certifications - TrendsNet, Inc. - Cisco Training ... · Infoblox Certifications NIOS Certification Path Certified Infoblox Core Administrator (CICA) Certifies essential
Documents
Infoblox Integrated IP Address Management Solution - Webtorials
Documents
Infoblox CLI Guide
Documents
Internal DNS Security - Kite Distribution · The Infoblox Solution DNS is a critical infrastructure element ... Infoblox Internal DNS Security is an easy-to ... secure, and scale
Documents
Infoblox NIOS Software · Infoblox NIOS core technologies form the foundation of every Infoblox network services appliance. Infoblox NIOS software contains a security-hardened operating
Documents
Infoblox Secure DNS Solution
Technology
Control Your Network! - STALLION · Control Your Network! Infoblox Overview 1 ... Robust and secure DNS infrastructure ... Industry’s First True DNS Security Solution 7 Infoblox
Documents
WHITEPAPER Infoblox IP Address Management - Grupo … · Secure and Harder to ... in which IPAM is “built-on” to DNS and DHCP servers, the Infoblox solution requires no extra
Documents
Infoblox appliances
Technology
Building a Bridge to Security, The Infoblox Cybersecurity · Building a Bridge to Security, The Infoblox Cybersecurity ... dedicated solution •Infoblox is best positioned to plug
Documents
Infoblox Deployment Guide - Infoblox vDiscovery for GCP - …€¦ · Infoblox REST API guide for examples and guidelines on this process. Deployment Guide – Infoblox vDiscovery
Documents
DEPLOYMENT GUIDE Infoblox Network Insight Integration with Cisco · PDF fileDEPLOYMENT GUIDE Infoblox Network Insight Integration ... Infoblox Network Insight Integration with Cisco
Documents
NetMRI - Infoblox...management challenges. Infoblox NetMRI is the leading automation solution for network change, configura-tion, security policy, and compliance management—and is
Documents
DATASHEET - Westconbe.security.westcon.com/documents/43220/infoblox-datasheet-trinzic... · DATASHEET ©2011 Infoblox Inc. All Rights Reserved. infoblox-datasheet-trinzic-switch-port-manager-November2011
Documents
DEPLOYMENT GUIDE Infoblox Cloud Platform and Cloud … · Infoblox Cloud Platform and Cloud Network Automation ... DEPLOYMENT GUIDE Infoblox Cloud Platform and Cloud ... Infoblox
Documents