Offering an intelligent, layered approach with built-in “defense in depth” against DNS cache poisoning, Nominum (News - Alert) has unveiled a comprehensive new security release for its Vantio caching DNS server platform. DNS cache poisoning and other attacks, including the recently publicized Kaminsky vulnerability, can be defeated now with the help of multi-layer intelligent defenses provided by the latest Vantio software release.

 

The new Vantio DNS security provides various benefits such as identifying perpetrators and recording attack attempts; defending automatically against query response spoofing and takes attackers out of loop; providing protection in Enterprise and Service Provider networks that use network address translation (NAT), which can undermine UDP (News - Alert) SPR (NAT devices include server load balancers and firewalls); resisting and stops all forms of cache poisoning attacks; reducing the chance of poisoning answers for valuable domains (www.mybank.com) to zero

Protection Well Beyond the Industry Response; and preventing hijacking of subscriber traffic, or “pharming” attacks.

 

The Nominum solution far surpasses the recently released industry standard UDP Source Port Randomization (UDP SPR) as it provides built-in defense-in-depth. The brute force advantage attackers gained with the latest DNS cache poisoning vulnerability is easily negated by the Vantio’s new defenses. Vantio features security layers such as Deterrence Layer, Defense Layer; Resistance Layer and Remediation Layer.

 

As UDP source port randomization is only the beginning response to the new vulnerability, network operators need additional deterministic defenses to address important exploits. Cache poisoning attacks rely on many techniques, and response spoofing is only one of them. Nominum’s new defenses ensure that the attacker does not succeed.

 

Available as a standard software purchase for carriers, large enterprise and government customers, the new Vantio release provides layered defenses in the DNS system. A layered approach such as Nominum's will help in ensuring ongoing Internet security as new DNS vulnerabilities are discovered.

 

“Layered security is the only way to defend against the emerging threats to the Internet,” said Tom Tovar, CEO of Nominum. “Our customers, the largest networks in the world, have an obligation to deliver the highest-level of security in delivering Internet service to consumer, enterprise and government users. Nominum’s new software release ensures that our customers can meet that obligation immediately and completely.”