|
Press Releases
Nominum Protects Against Vulnerabilities Identified In Newly Issued Cyber Alert
Jun 28 2004
REDWOOD CITY, Calif., June 28, 2004 – Nominum, a pioneering provider of IP address infrastructure software, today announced that its Nominum Foundation Dynamic Configuration Server provides the highest level of protection available against the vulnerabilities spelled out in an advisory issued last week by U.S. CERT (United States Computer Emergency Readiness Team, www.us-cert.gov).
Technical Cyber Security Alert TA04-174A identifies two vulnerabilities in ISC Dynamic Host Configuration Protocol (DHCP) that could be exploited to trigger denial of service on internal networks or possibly an attacker to execute arbitrary code on a target computer. ISC DHCP is a widely adopted open source version of a DHCP server, the framework used for passing configuration information, like IP addresses, to other computers on an IP network.
Gaining access to critical servers and executing arbitrary code gives attackers the ability to trigger an unlimited number of different types of commands on target computers. Arbitrary code could execute a command to run a simple directory listing so the attacker can view information about the file system, or a delete command to wipe out files and directories, or a command to reconfigure the entire system in order to open up wider network access.
Many public Internet sites and private IP networks were built using open source versions of DHCP and DNS that were created in the 1980s, well before widespread adoption of the Internet and the advent of malicious hacker attacks. With attacks on the rise, however, they are making business-critical enterprise applications and Websites highly vulnerable.
70% of DNS servers in U.S. are based on open source BIND software developed in the 1980s. BIND tops the FBI’s SANS Institute list as the number-one most commonly exploited vulnerability in UNIX and Linux.
“Too many companies are spending millions on security infrastructure and effectively leaving their doors open at night by relying on software with known vulnerabilities that are fairly simple to exploit,” said Nominum president and CEO Chris Risley. “Because Nominum servers resist these vulnerabilities, we’re seeing a significant increase in sales of our commercial-grade DNS and DHCP servers from both service providers and large enterprises.”
About Nominum Foundation Dynamic Configuration Server
Nominum Foundation Dynamic Configuration Server is a highly scalable DHCP server that adheres to IETF standards while meeting the most stringent requirements for security, network performance and availability. It automatically assigns IP addresses and other network settings as computers attach to an IP network, reducing the effort and cost of managing large, constantly changing networks. Foundation Dynamic Configuration Server also provides on-the-fly reconfiguration and policy-based administration, offering cost-effective management for large, business-critical networks.
About Nominum
Nominum is a pioneering provider of IP address infrastructure software for service providers and enterprises. Nominum’s suite of solutions includes highly scalable, reliable and secure DNS and DHCP servers and an advanced IP address management system. These solutions allow service providers to rapidly deploy new services, and enterprises to create resilient and reliable networks that are responsive to changing business conditions.
Note: Nominum, Nominum Foundation, and the Nominum logo are registered trademarks of Nominum Inc. All other trademarks are the property of their respective holders.
|
|
|
