What do we mean by network infrastructure protection? It means protecting all those critical elements in a network that includes servers, storage, DNS/DHCP services, the DMZ etc. from experiencing downtime. It also refers to the extended infrastructure like virtual resources/workloads, endpoints connected to the network and users on the network. The downtime can be caused by Distributed Denial of Service (DDoS) attacks or another form of attacks. Network infrastructure protection also means being able to easily identify vulnerabilities in network devices that could be exploited to lock down devices. These are usually non-compliant devices that may be running old software or firmware. Today’s networks are complex and diverse and gaining visibility across physical, virtual, and cloud components is critical to know what’s on the network and where it is located.
Challenges in Protecting Network Infrastructure
Visibility is critical to protecting network infrastructure because you can’t protect what you can’t see. It is important to know when new devices join the network so that it can be checked for vulnerabilities. You can’t have rogue devices lurking in the network since they could be non-compliant. Having a comprehensive view of the network is critical which is not always easy.
You need a way to automatically create an inventory of all elements and track them in a complex and diverse network. You may have physical, virtual or cloud components in your network and you need visibility across all of that.
Vulnerabilities arise from the fact that today’s networks are increasingly complex and geographically spread out. You may have a private cloud setup and also have a hybrid cloud environment leveraging AWS or Microsoft Azure. Some parts of your network may still have aging physical infrastructure which could be running old software or firmware. All these complexities make it hard to identify risks and non-compliant devices. Insecure network devices could be easily hacked or locked down affecting the availability of your infrastructure and services.
DDoS attacks can significantly impact network, service and application availability. DNS based attacks on the network are still commonplace. According to one survey, 8I% of application layer attacks used DNS. The impact of these attacks can be serious. If I have an outage, I’m losing money. People can’t get access to critical applications. I’m losing productivity. The fact that we live in the digital economy means that not having network access impacts revenue and profitability. It is not the attack and the associated downtime that might result in significant cost to the organization, but it is the recovery process that is often complex and labor intensive.
Network Infrastructure Protection Best Practices
Best Practice #1 – Discover What’s On Your Network
The first thing you need is to be able to discover what’s out there in your network and your extended infrastructure, make sure that everything is within your policy and then protect that infrastructure. Visibility becomes an important aspect because you can’t troubleshoot or protect what you can’t discover.
Best Practice #2 – Get Your Devices Policy Compliant
Second, you have got to have policies around routers and other devices as they get spun up on the network. You would want to know that they are there and that they’re policy compliant. You would want to discover non-compliant devices because they could be hiding vulnerabilities and fix them right away.
Best Practice #3 – Ensure Critical Network Services are Running
Third, you need to make sure your critical network services like DNS are up and running even when your network is hit with volumetric and exploit based DNS attacks. Attack protection is also about making sure that your DNS infrastructure is hardened, standardized on a platform that provides central control, automation, protection, and reporting.
Best Practice #4 – Share Data with SIEM
Finally, you should be able to share events about what’s happening on the network with your ecosystem, such as network access control, SIEM, vulnerability scanners, etc. When a new device joins the network, you can automatically send an alert over to the vulnerability scanner and scan that device to ensure compliance. When the external DNS server is experiencing DNS DDoS attacks you can send information on these attacks to your SIEM for further analysis.
How can Infoblox Help?
Infoblox, the leading DNS, DHCP and IPAM (DDI) vendor, offers an elegant and comprehensive Infrastructure Protection Solution that adheres to best practices. With Infoblox Infrastructure Protection you can gain complete infrastructure visibility, discover and remediate vulnerabilities in your network devices, provide DNS protection and share threat intelligence with your ecosystem.