With a growing number of attacks targeting the Domain Name System (DNS), demand for appliances that manage IP addresses will grow in the coming years, Burton Group predicts.
"DNS is becoming a much larger vector for attack, and concern over this will increase demand for IP address management appliances," said Daniel Golding, an analyst for the Midvale, Utah-based research firm. "Networks of zombie computers are out there waiting for the order to knock out DNS servers, and if your DNS service is knocked out, you're basically unreachable."
He said attacks like the one on Cambridge, Mass.-based Akamai Technologies Inc. -- which distributes the content of major Web sites on its servers across the globe -- have served as a wake-up call. In June, a large-scale distributed denial of service attack against Akamai's domain name service bogged down the Web sites of big-name clients like Yahoo, Google, Microsoft, FedEx, Xerox and Apple.
Golding said he spent six weeks talking to representatives from at least a dozen major IP management vendors for his report on the future of the industry. The report, available to Burton Group clients, concludes the IP address management sector is poised for significant growth and innovation, and that companies offering management appliances stand to do well. Security is a major factor driving the demand, the report said.
"Several major DNS-related attacks occurred in 2004, and all indications are that this trend will continue," the report said. "Although no software package can be made completely resistant to this sort of attack, it is absolutely essential that DNS and DHCP packages are able to withstand loads that are an order of magnitude above normal usage levels. An essential aspect of dealing with these challenges is ensuring that an enterprise's chosen DNS and DHCP solutions can handle the loads caused by these attacks. Dedicated IP address management solutions can't solve all of these issues, but they can certainly start to address them."
DNS is the process by which Internet domain names are located and translated into Internet Protocol (IP) addresses. DHCP is a communications protocol that lets network administrators manage centrally and automate the assignment of IP addresses in an organization's network.
The report described the rising popularity of appliances as "perhaps the most intriguing recent development in IP address management." Of the vendors he talked to, Golden said all touted the "greater innate security of their devices as compared to other solutions." The use of hardened versions of Linux with all nonessential services shut down and a firewall service (such as IPChains or IPFW) running are standard, he said, adding that their appliances are designed to be individually deployed and may work well with other vendors' security products, including other appliances and software-based IP address management systems.
Golding said one reason appliances are growing more popular is that it's harder for people to open them up and introduce security holes. "There's a general belief that it's just easier to secure an appliance," he said.
The report said such companies as Sunnyvale, Calif.-based Infoblox, BlueCat Networks of Canada and MetaInfo of Seattle offer IP address management appliances.
This article originally appeared on our sister site, SearchSecurity.com.