Datasheet

DATA SHEET

NS1 with Grid

™

Package

• Easyworkowtomanagepermissions.Theadministratorcanquicklyset

permissionsbyright-clickingonanyobjecttobringupalistofpermissions.This

ismucheasierthanhavingtoswitchtoaseparateadministrationpanel.Italso

providesacomprehensivelistofwhichpermissionshavebeengrantedtoeach

administrationgroup.

• Administrationisalsoeasedthroughtheuseofroles.Rolescanbemappedto

anorganizationorjob(e.g.,PrinterAdmins,DNSAdmins)andthenrolescan

beassignedtoadministrativegroups.Thisabstractionmodelallowsasetof

permissionstobedenedonceanychangestotheroleareinheritedbyallgroups

thatareassociatedwithit.

Hardened Security: TheInfobloxNIOSTMsoftwareishardenedandconsistently

withstandssecurityscansandattackswithinthemostdemandinggovernmentand

militaryorganizations.DNSandDHCPservicescanbeupgradedeasilytosupportthe

latestversionsofBINDandDHCP,ensuringminimumexposuretosecuritythreats.In

theeventthatanewexploitisdiscovered,theunderlyingInfobloxNIOSsoftwarecanbe

upgradedinminutesviaasingle,simpleoperation.Thismakesitmuchmoredifcult

topenetratethangeneral-purposeoperatingsystemswithknownvulnerabilities.

ManagementcommunicationissecuredusingSecureSocketsLayer(SSL)-encrypted

VPNsforprotectionagainstmanagementcompromise.

DNS Attack Detection and Mitigation: Infobloxprovidestheabilitytodetect,alertand

mitigateanyattacksagainstmembersthatareconguredasrecursiveDNSservers.

TheNIOSsoftwarewillmonitortwokeyparametersthatareindicatorsofanattack:

mis-matchedDNSmessageIDsandmis-matchedUDPportsonDNSresponses.This

happenswhenanattackerisguessingonthoseparametersto“spoof”aresponsewith

thepoisoneddata.Theadministratorcansetathresholdforbothparametersandwhen

eitherisexceededthesystemwillsendanemailalertand/orSNMPtrap(whicheveris

conguredforthesystem).Thisfeaturewillgiveadministratorsanearlywarningthat

oneoftheirserversisunderattack.

Inaddition,InfobloxNIOSallowsattackmitigationbyimplementingqueryrate-limiting.

TheadministratorcanimplementalteronaspecicIPornetworktolimitorstopall

trafc.Thiswillslowdownorstoptheattack,thesuccessofwhichisbasedonthe

attacker’sabilitytotryasmanyresponse“guesses”aspossiblebeforethelegitimate

DNSservercanrespond.

One-Click DNSSEC: Infobloxhasa“one-clickDNSSEC”solutionthatautomatesthe

processesofsigningandmaintainingasignedzone.Thiseliminatesdozensoferror-

prone,manualoperationsandeliminatestheneedtowriteandmaintaincustom

scripts.KeygenerationisperformedautomaticallyusingDNSSECpropertiesspecied

attheGridorzonelevel;resourcerecordsignaturesaremaintained;and,zone

signingkeyrolloveroccursseamlesslyandautomaticallyaccordingtobestpractices

recommendedbytheNationalInstituteofStandardsandTechnology(NIST-800-81)and

RFC4641standards.