This article can also be found in the Premium Editorial Download "Information Security magazine: Is your data safe from next-generation attackers?."
Download it now to read this article plus other related content.
Price: Starts at $9,995
|BlueCat Networks Adonis 1000|
The Adonis 1000 consolidates DNS and DHCP on one secure, easily administered box, reducing risk and saving precious management resources.
BlueCat Networks' Adonis 1000 appliance bundles DNS and DHCP into an enterprise-class appliance for the centralized secure operation of network addressing. Featuring rock-solid security and terrific management capabilities, this device quickly tames networks' ragtag patchwork of DNS and DHCP services, regardless of enterprise size.
Placing DNS and DHCP services on a single hardened appliance minimizes maintenance and centralizes administration. Instead of having to keep track of new threats associated with the OS, BIND and DHCP, it's all amalgamated into a single system.
A skilled attacker can easily exploit flaws in DNS software and the OS on which it runs through cache poisoning, DoS attacks and buffer overflows. Adonis is highly resistant to these kinds of attacks. It runs on a Debian Linux kernel (with an option for a solid-state flash drive) that is completely hardened, so any application that might pose a security risk, such as ping, telnet or ftp, is stripped off. Only two ports are left open by default: 53 for DNS, and 10042 for the SSL communication between the appliance and the client. An attacker querying Adonis gets no information about the system at all.
BIND, patch, kernel, client and security vulnerability updates all take place through the client, so the appliance is never at risk by communicating with an external server. Native BIND 9.3.1 runs under the hood for DNS, and DHCP is based on ISC 3.0.2.
Flooding a DNS server with spoofed SYN packets can fill up all available TCP ports, thereby preventing communication to the server via TCP. Because Adonis can handle queries well above normal levels, it can mitigate or thwart DoS attacks. It's capable of supporting 23,000 queries per second--most large organizations' servers top out at a couple hundred per second.
Setup and management are a pleasure through the richly featured Adonis Management Console, a cross-platform Java client that runs on Windows, UNIX, Linux, Solaris and Mac. An intuitive wizard walked us through setting up the appliance for both DNS and DHCP, determining first what type of architecture will ultimately be configured, then issuing a domain name and internal address. A single click automatically generates host records, reverse pointers, glue records and ACLs.
This was first published in June 2006