Network Security

Securing the IoT world: Are DNS servers and IPv6 up for the challenge?

As the year draws to a close, it's natural to think about the opportunities and challenges we'll face in 2015. Although predictions are never easy, there's one thing we can count on: an insatiable hunger for connectivity that shows no sign of slowing.

While demand for connectivity has been steadily growing, the ‘as-a-service' era ushered in by cloud computing certainly gave it a big push forward.  That push is nothing compared to what will be needed for the Internet of Things (IoT) — a world where objects and machines, as well as computer devices, are connected to each other via smart applications. Gartner predicts that within six years, 30 billion connected “things” will be in use.  

The IoT promises to revolutionize the way we live and work. But for the IoT to have the transformational impact everyone is imagining, the network must be able to securely and efficiently handle all these connections. Clearly, all these connections have the potential to make networks very vulnerable. Plus, considering that for every device that needs connecting, a unique identifier is needed to match it to a specific network address, the management aspects of this can also be daunting. 

So how can enterprises prepare for this new world, starting with the year ahead? Alongside other transformation networking technologies such as software-defined networking and network virtualization, two areas need to be front and center: Domain Name Server (DNS) security and IPv6 deployment and migration.

Securing DNS

DNS infrastructure, with its distributed architecture, is a vital component of internet functionality and availability. DNS has already demonstrated its scalability and flexibility to ensure a human-friendly way to connect with IP address-based devices on the network all over the globe.

In the IoT world, DNS will play an even more central role with the explosion of machine-to-machine connections. The DNS service will establish and maintain the association between an object and its network addresses, from which information about such objects (e.g., status, location) can be extracted. IoT has far-reaching consequences at the DNS security level. Today, DNS is a key target for attacks – a recent IDC survey found that 72 percent of respondents had been the target of a DNS attack in the last 12 months. As the IoT proliferates, businesses will need greater security mechanisms to protect against distributed denial-of-service (DDoS) and cache poisoning. To create a more secure IP network infrastructure, enterprises must address these three key areas:

  • DNSSEC (Domain Name System Security Extensions): DNS was not originally designed to include security. DNSSEC plays a key role in ensuring the integrity and authenticity of DNS data and helps to eradicate the risks of data corruption.
  • DNS RRL (Response Rate Limit): This is an enhancement to the DNS protocol that can look at the pattern of packet requests and responses to identify and decrease the power of DNS amplification attacks.
  • Using a mixture of DNS engines to mitigate the risk of attacks: This approach is highly effective but does require being able to maintain a single view across heterogeneous server environments.

The road to IPv6

The Internet of Things has been made possible thanks to the new version of the

Internet Protocol (IPv6), which extends the addressing space in order to support ‘unlimited' Internet-enabled devices.  While the design of IPv6 enables more secure communications, its complex addressing structure is not seen as human-friendly. It requires software solutions in order to organize, follow and manage IPv6 address block allocations.

Automation is key in an IoT world. Many of the IP management tasks currently being handled manually by network teams will not be sustainable when it comes to IPv6. It will be virtually impossible to manage the volume and velocity of change requests that these new environments will generate. By automating these tasks, valuable resources and expertise can be freed up for more strategic work.

By applying stronger and more advanced security to the network foundation itself through key protocols embedded in the IP protocol – DNS, Dynamic Host Configuration Protocol (DHCP) and Internet Protocol Address Management (IPAM), collectively known as DDI - enterprises can not only improve security but also reduce the effort required within IT departments to administer it.

Any enterprise that doesn't have a rock-solid foundation for its network before the influx of devices is going to need one, quickly. Otherwise, DNS server attacks and IP management tasks might bring down their connected world.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

You can skip this ad in 5 seconds