Thales has announced that its nShield hardware security module (HSM) is now integrated with the Infoblox DNS platform to enable the simple and secure deployment of Domain Name System Security Extensions (DNSSEC).
When Infoblox systems are used with the HSM, all cryptographic processing and protection of the critically important signing keys used to validate the integrity of DNSSEC-protected records occurs inside a FIPS 140-2 level 3-certified hardware platform. This will reduce vulnerability to cache poisoning, man-in-the-middle and other related cyber attacks.
The DNSSEC specification enables the owners of domain name server services to sign their records and provide proof of the integrity and validity of their IP addresses. Using public key cryptography to reduce the risk of an attacker spoofing DNS records and redirecting traffic to a server they control, DNSSEC relies on the integrity of the private keys that underpin this process.
Therefore, Thales said, the fact that domain name servers are typically deployed in hostile network environments with internet connectivity underscores how critical it is to protect these private keys throughout their lifecycle.
According to the companies, the Infoblox DNSSEC-enabled platform helps simplify IP address management (IPAM), increases reliability of DNS and IP address assignment services and helps automate many manual and often error-prone network infrastructure-related tasks.
Kevin Dickson, vice-president of product management at Infoblox, said: “As a global authentication and validation schema, DNSSEC represents a new security frontier. However, protecting access to the cryptographic keys that underpin the security framework is crucial. That's why the Infoblox IPAM platform now offers support for the Thales HSM, which is both easy to integrate and well proven to protect DNSSEC key signing.”
Cindy Provin, vice-president of the Americas at Thales e-Security, said: “Protecting cryptographic keys throughout their lifecycle is essential to achieve the benefits promised by DNSSEC, and this joint Infoblox and Thales solution lowers the barriers to adopting DNSSEC.
“DNSSEC is an important method of securing the domain name system, protecting the integrity of an online presence and brand. Just as SSL became the standard mechanism for website authentication and encryption, DNSSEC is expected to become an integral component of internet trust and a key element in enterprise security policies.”