Home / Industry

NeuStar Addresses DNS Vulnerability with Cache Defender, a Secure DNS Authentication System

NeuStar, Inc. today announced the availability of Cache Defender™, a secure DNS authentication system that mitigates a fundamental flaw in how traffic is managed on the Internet. This vulnerability, brought to public attention last year by security researcher Dan Kaminsky, allows criminal elements to engage in "DNS cache poisoning" for the malicious hijacking of domain names and results in consequent damage from large-scale identity theft, among other illegal activities.

Cache poisoning causes erroneous addresses to be provided to users, directing them to fraudulent websites where their sensitive data can be "pharmed." Continued advances in processing speeds have made it much easier for criminal elements to exploit this fundamental DNS vulnerability. For example, a major Brazilian financial institution was recently the subject of a pharming attack launched from a poisoned DNS cache at a leading Brazilian ISP.

Cache Defender is a patent-pending system that deploys proprietary NeuStar appliances both in the core of an ISP network and at each node of NeuStar's UltraDNS Directory Services Platform. This creates a secure link between each recursive and authoritative server, preventing malicious DNS responses from poisoning the recursive server's cache and protecting all of the participating ISP's customers. While it may well take years for Domain Names System Security Extensions (DNSSEC) to be widely adopted by the industry, Cache Defender is currently the only global solution that can protect Internet users and brands with the most useful benefits of end-to-end DNSSEC.

"The security of DNS infrastructure is critical to the security of the Internet as a whole," said Lydia Leong, research director for Enterprise Network Services at Gartner. "Businesses need to keep in mind that their Internet presence is only as available and secure as their DNS infrastructure. New DNS vulnerabilities continue to emerge, and need to be taken seriously by businesses and service providers alike."

The recursive DNS server is the first step for all Internet activity, as it begins and ends the DNS resolution process that directs users to their desired websites by providing IP addresses for requested domains. Cache Defender leverages NeuStar's UltraDNS Directory Services Platform, a global authoritative DNS infrastructure that powers the DNS for over 20 million domains and thousands of enterprise customers globally.

"The DNS vulnerability identified by Dan Kaminsky represents one of the most serious threats ever to face the Internet," said Rodney Joffe, senior vice president and senior technologist at NeuStar. "Until DNSSEC has been adopted by the entire Internet community — an event that is still many months and possibly years away — NeuStar's Defender can help an ISP protect its recursive servers from malicious cache poisoning."

Cache Defender can be implemented immediately by any ISP and delivers the following benefits:

  • Participating ISPs receive cache poisoning protection for domains supported by the UltraDNS Platform.
  • End users of participating ISPs are shielded from identify theft resulting from such pharming attacks.
  • NeuStar's UltraDNS enterprise customers are protected from pharming attacks based on cache poisoning, thus safeguarding their online revenue and brand equity.

Grande Communications, a Texas-based communications company providing residential and business customers with high-speed Internet, telephony, and digital cable services over a single network, has recently deployed NeuStar's Cache Defender. "The threat of cache poisoning of recursive DNS servers is very real, and it is critical that the industry takes every precaution to minimize the threat," said Lamar Horton, Director of Network Engineering at Grande Communications. "We were very impressed with both the advanced security and ease of deployment of NeuStar's Cache Defender, and pleased to bring our customers additional peace of mind to their Internet experience."

"We have been a very satisfied customer of NeuStar's UltraDNS Services for several years, and have benefited from the increased reliability and security it has brought our authoritative DNS," said Tom Gade, manager of the Server Infrastructure Team at Allianz Global Investors. "We are delighted that NeuStar will now protect our brand and revenue streams from malicious pharming attacks. Cache Defender provides additional levels of security for our online customers by addressing this critical vulnerability to which we are susceptible whenever our DNS answer is cached in a partnering ISP. We cannot get this protection anywhere else."

More information about NeuStar's UltraDNS suite of services is available at http://www.ultradns.com/.

About NeuStar
NeuStar (NYSE: NSR) provides market-leading and innovative services that enable trusted communication across networks, applications, and enterprises around the world. For more information, visit www.neustar.biz.

About Grande Communications
Headquartered in San Marcos, Grande Communications(R) is building a deep-fiber broadband network to homes and businesses from the ground up. Grande delivers high-speed Internet, local and long-distance telephone and digital cable over its own advanced network to communities in Texas. Grande's bundled service area includes portions of Austin, Corpus Christi, suburban northwest Dallas, Midland, Odessa, San Antonio, San Marcos and Waco. Grande also leverages its telephone and data infrastructure by serving enterprises and communications carriers nationwide with broadband transport services and network services. Grande's voice network terminates traffic worldwide, offering both traditional and IP-based services; its managed modem network provides coverage nationwide; and its private line and metropolitan networks provide optical services in Texas and surrounding states. Grande's 5,000-fiber-mile network incorporates SONET-based technology for protection, diversity and optimal performance. www.grandecom.com

About Allianz Global Investors
Allianz Global Investors, the asset management subsidiary of Allianz SE, has EUR 920bn of assets under management for our clients worldwide. The Allianz Global Investors investment managers — AAAm, NFJ Investment Group, Nicholas-Applegate, Oppenheimer Capital, PIMCO and RCM — offer their own distinctive philosophy and culture, and provide clients with a comprehensive and constantly evolving range of investment styles and products. Our approximately 4,700 employees around the globe, including more than 950 investment professionals, are committed to helping our clients achieve their goals by combining global expertise and local market knowledge with innovative solutions and world-class professional service. (source: Allianz Global Investors as at 31st December 2008 — latest available — unless otherwise stated)

About Neustar

Neustar

NeuStar provides market-leading and innovative services that enable trusted communication across networks, applications, and enterprises around the world. (Learn More)

Related topics: Cyberattack, Cybercrime, DNS, DNS Security, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Video Interviews from ICANN 50 in London

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Sponsored Topics

Afilias

DNS Security

Sponsored by
Afilias
dotMobi

Mobile

Sponsored by
dotMobi
Verisign

Security

Sponsored by
Verisign
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines