Intrusion Prevention System (IPS) Firmware Upgrade Proves Virtually 100 Percent Effective in Blocking 'Kaminsky' Exploit when Combined with DNS Patch PORTSMOUTH, N.H., Sept. 23
PORTSMOUTH, N.H., Sept. 23 /PRNewswire/ -- NitroSecurity, Inc.
(http://www.nitrosecurity.com), a leading provider of network and information
security solutions, today announced that it has developed a unique IPS
solution that virtually eliminates the threat of DNS Cache Poisoning. Through
research with the Rochester Institute of Technology (RIT), NitroSecurity
demonstrated that its IPS, combined with the DNS server patch, provides
protection against the exploit that is nearly 100 percent effective.
The DNS exploit presents a challenge in regard to protection. Simply
blocking the vulnerability via a standard IPS detection signature would
prevent access to the DNS altogether. Therefore, it is crucial to have a
broad solution that not only blocks the exploit, but does not compromise the
functionality of the DNS. Working with RIT, NitroSecurity has validated a
solution to actively detect and block the DNS exploit while still allowing the
DNS to function properly.
Recently, the DNS exploit gained widespread industry attention when Dan
Kaminsky presented on the topic at this year's Black Hat Conference in Las
Vegas. If successfully executed, the exploit represents a massive security
threat. Although a patch has been released, DNS servers can still be easily
compromised over a short period of time. NitroSecurity's research with
leading experts puts the risk at 10 percent within a week's time and 37
percent within a month. For those organizations that are unable to apply a
DNS patch, the research also validates that utilizing the upgraded
NitroSecurity IPS solution without the DNS server patch provides similar
protection as using the patch alone.
"In our rigorous testing, we found that the solution to the DNS problem is
to provide secondary measures, in addition to the current patch, to reduce the
chances of exploitation," said Bill Stackpole, assistant professor, Rochester
Institute of Technology. "In the specified test environment a successful DNS
attack without the NitroSecurity IPS in place took approximately four minutes
to exploit. With the IPS in place the attack continued for more than 24 hours
without a successful exploit."
"The recent attention the DNS vulnerability has garnered is highly
important since companies need to know it's out there and how they can protect
against it. IPS solutions are widely deployed throughout the industry to
combat many vulnerabilities," said Michael Leland, chief technology officer,
NitroSecurity. "However, the DNS exploit requires more than just a
signature-based IPS solution. Nitro's IPS is capable of rate/threshold-based
signatures, blacklisting and stateful firewall functions -- all components
that, when used in conjunction, can dramatically improve the protection for
DNS servers."
The NitroSecurity IPS solution is currently available. A firmware upgrade
is available for existing customers. For more information please contact
NitroSecurity at (800) 795-4771 or visit http://www.nitrosecurity.com.
NitroSecurity will be hosting a Webinar to provide further details on the DNS
exploit and available solutions on September 25, 2008 from 1:00 - 2:00 p.m.
EDT. To register, please go to
https://www1.gotomeeting.com/register/243976897 .
To download NitroSecurity's Whitepaper on the DNS exploit and available
solutions go to http://nitrosecurity.com/media/whitepapers/. You can also
view Chief Technology Officer Michael Leland's recent DNS blog posting on the
SIEMBlog at http://siemblog.com/?p=10 .
About NitroSecurity
NitroSecurity is the leading supplier of information security products
that protect business information and infrastructure -- Edge-to-Core.
NitroSecurity solutions reduce business risk exposure and increase network and
information availability by monitoring, protecting and alerting organizations
about suspicious or harmful network activities from inside or outside the
enterprise. Utilizing the industry's fastest analytical tools, NitroSecurity
will identify, correlate and remediate threats in minutes instead of hours,
allowing organizations to quickly mitigate risks to the organization's
information and infrastructure.
NitroSecurity serves more than 500 enterprises across many vertical
markets, including healthcare, education, financial services, government,
retail, hospitality and managed services. For more information, please visit
http://www.nitrosecurity.com.
SOURCE NitroSecurity
