Diversity at the Hardware, Operating System and Application Layers Protects Against Attacks on Conventional DNS Implementations


DENVER – June 28, 2012 – Secure64 Software Corporation offers a suite of secure DNS products that enable companies to increase the “genetic diversity” of their DNS infrastructure and greatly improve their resistance to dangerous DNS threats. DNS threats have garnered numerous headlines in recent years, including more than a dozen major vulnerabilities in the widely-deployed BIND DNS software that is also used in most commercial DNS appliances. Each of these vulnerabilities forces IT departments around the world to scramble in an effort to implement emergency patches before the vulnerabilities can be exploited. Because Secure64 products do not share any code with BIND and run on a different operating system and microprocessor than traditional DNS solutions, they offer much-needed diversity across every layer of DNS infrastructure—hardware, operating system and application layers—mitigating the risk that any one threat will take down a company’s DNS infrastructure.

“Any software product can have vulnerabilities, but BIND is an especially attractive target because it is so widely deployed. When a company’s DNS infrastructure is entirely dependent on one technology, that’s an obvious risk. That is why genetic diversity is so important for DNS infrastructure,” said Dr. Bill Worley, CTO of Secure64 and a former Chief Scientist at Hewlett-Packard. “Companies that exclusively use BIND-based commercial DNS products are forced to spend unplanned time upgrading software on their DNS infrastructure or risk exposing their DNS service to attack and disruption. This endless cycle of patching increases both risk and operational costs. Secure64’s products provide genetic diversity at the hardware, operating system and application layers, which makes them immune to BIND, Unix and x86-specific security vulnerabilities. That protects our customers against vulnerabilities that affect other DNS variants.”

Over 80 percent of the world’s DNS servers rely on the same DNS code base (BIND), creating the potential for a global Internet meltdown in the event of a sophisticated attack or virus. Secure64 provides organizations with a simple path to genetic diversity across every layer of their DNS infrastructure by running on a different architecture than all other DNS servers. Below is an outline of features that enable Secure64 solutions to increase the genetic diversity and security of an organization’s DNS infrastructure:

Secure64 DNS Product Security Advantages
Layer Security Feature Advantage
Hardware Unique stack architecture Attackers cannot cause remote code execution
Hardware Authenticated boot process No path for rootkit injection or execution
OS Software authentication Eliminates paths for malware infection on disk
OS Executing software cannot be read or modified Eliminates the possibility of malware infection at runtime
OS Built-in denial-of-service protection Deflects high volume denial-of-service attacks without impacting application availabilty
OS FIPS 140-2 level 2 certified cryptographic module Protects private keys used to secure critical Internet communications
OS Proprietary code base Source code is not accessible to attackers
Application Non-BIND based DNS Is not vulnerable to BIND-specific security vulnerabilities

 

About Secure64 Software Corporation
Headquartered in Greenwood Village, Colorado, Secure64 is a software developer providing the most secure DNS products available to its customers in the government and communications industry. Secure64’s patented technology provides mission-critical security and reliability with high throughput and low latency. It has been shown to be immune to compromise from rootkits and malware and resistant to denial of service and other network attacks. The company offers a suite of trusted and secure DNS software appliances for caching, signing and authoritative use. Secure64’s products are sold and serviced worldwide through Hewlett-Packard and their reseller network and directly by Secure64. For more information, visit http://www.secure64.com.
Read about how a major US wireless customer uses Secure64 – click here