Designed for Deep Packet Inspection

DNS Firewall
Algodyne from TCPWave

At TCPWave, information security is a number one priority. A unique TCPWave innovation combining software and threat intelligence, enabling more flexible and scalable solutions for access control, telemetry, and enforcement-based networking for modern data centers evolving into a hybrid cloud, is now available to the TCPWave customers. TCPWave Algodyne is a superior architecture that delivers an efficient packet-matching algorithm and takes advantage of the flexibility and programmability available in today's advanced merchant silicon. Botnets, Ransomware, DDoS, and phishing attacks are prevented by the intelligence embedded in the TCPWave Algodyne Engine.

Using the Algodyne logic, TCPWave has extended the definition of a DNS firewall as follows:

  1. A deep packet DNS inspection engine integrated with a powerful stateful firewall.
  2. A secure gateway to protect the caches from cache poisoning (The TCPWave DNS Shield).
  3. ThreatSTOP's Response Policy Zone that filters DNS requests using a reputation feed.
A Modern Firewall with intelligent packet filtering.

TCPWave DNS Firewall  is used to inspect, modify, forward, redirect, and/or drop IPv4/IPv6 packets.  The functionality of this firewall is not limited just to DNS. The code for filtering IPv4 packets is already built into the TCPWave kernel and is organized into a collection of firewall rules each with a specific purpose. With BGP/OSPF peers to the routers, the TCPWave DNS cache appliance acts as a stateful firewall and it eliminates the necessity to purchase a dedicated firewall between the business units of an enterprise or to protect the enterprise from the public Internet. The firewall rules on each DNS appliance, defined and managed from the TCPWave IPAM,  are traversed in order of their definition on the remote TCPWave DNS appliances that runs DNS and BGP. Each rule consists of a predicate of potential matches and a corresponding action which is executed if the predicate is true; i.e. the conditions are matched. TCPWave IPAM  is also an  Information Security Administrator’s utility which allows you to work with these TCPWave firewall rules. The TCPWave IPAM provides a powerful graphical user interface and firewall templates that allow the network administrators to have a granular control of the traffic that is passing through the TCPWave DNS Firewall.  The administrators can define and push policies to the TCPWave DNS Firewall to permit outbound SMTP traffic on port 25/tcp from the mail relay servers and block mail relays from all other sources.

Prevent DNS cache poisoning.

The future enterprise-class business to business trusts for performing DNS lookups is here. TCPWave DNS Shield delivers the security, scalability, and manageability necessary to protect a private DNS deployments – where B2B partner’s DNS entries need not be entered manually into the private roots. Fetching the DNS records in a secure fashion from the third party by removing answers that can potentially poison or taint your caches is what DNS Shield brings to the enterprises.  Each TCPWave DNS Firewall is automatically configured by the TCPWave IPAM. TCPWave’s DNS Shield is an intelligent appliance and is typically placed between the organization’s cache servers and the third party DNS servers. Each organization’s internal DNS root is auto configured by the TCPWave IPAM with a delegation to the TCPWave DNS Shield to perform third party’s DNS lookups. The TCPWave DNS Shield takes the request from the cache and would perform a recursive lookup on the third party’s DNS infrastructure. When the third party’s DNS server responds, the DNS Shield strips out unwanted data that can potentially taint the organization’s caching layer. The SDN feature of the TCPWave IPAM automates the B2B DNS configurations, thereby eliminating the possibility of any human error.

Stop Communicating With Bad Actors

Every connection with the Internet, good and bad, starts with a DNS query. Your users rely on DNS to make connections to mission critical applications, websites, and resources on your network. Malware needs DNS to communicate back to their command and control servers to corrupt or steal your data, or complete whatever sinister mission for which the malware was created. How secure is your DNS server? By turning your TCPWave managed DNS server into a ThreatSTOP DNS Firewall, you will ensure that your users can safely connect with the Internet, while preventing threat actors from using them as an attack vector to ransom or exfiltrate your data or turn your network into a botnet for criminal use.  ThreatSTOP delivers continuous updates containing IP addresses and domains used by threat actors to intercept dangerous and unwanted traffic heading out of your network so the traffic can be blocked, monitored, or redirected to safe locations such as a walled-garden. TCPWave IPAM is integrated with ThreatSTOP. Using the TCPWave IPAM GUI, CLIs and RESTAPIs, customers can manage, monitor and report the clients that are infected with malware, ransomware etc. Contact us to learn more.