Akamai Light PP Template - PowerPoint PPT Presentation

1 / 34
About This Presentation
Title:

Akamai Light PP Template

Description:

Of the top 50 malicious code samples: 38 contained worms, 30 exposed confidential information, ... DNS Cache Poisoning: malicious hackers feed erroneous ... – PowerPoint PPT presentation

Number of Views:247
Avg rating:3.0/5.0
Slides: 35
Provided by: alumw
Category:
Tags: akamai | light | template

less

Transcript and Presenter's Notes

Title: Akamai Light PP Template


1
The State of Cyber SecurityA Problem of
National Importance
Prof. Tom Leighton Chief Scientist and
Co-Founder, Akamai Technologies Professor of
Applied Mathematics, MIT
2
Agenda
  • The current state of cyber security
  • Specific IP vulnerabilities
  • Virus and worm proliferation
  • Denial of Service (DOS) and Botnet attacks
  • Identity theft through Phishing and Pharming
  • The Presidents IT Advisory Committee (PITAC)
    report,
  • Cyber Security A Crisis of Prioritization
  • Steps that can be taken today to help protect IP
    operations from disruption

3
The Current State of Cyber Security
  • The Nation is now critically reliant on networked
    IT infrastructure, and this infrastructure is
    highly vulnerable to terrorist and criminal
    attacks.
  • Ubiquitous software and interconnectivity
    combined with a lack of adequate security results
    in widespread vulnerability.
  • The problem is getting worseendless patching is
    not the answer to long-term fundamental problems.

4
Virus and Worm Proliferation
  • CERT/CC reported 8,064 new electronic
    vulnerabilities in 2006.
  • Symantec reported 6,784 new Win32 viruses and
    worms in 1H06.
  • Of the top 50 malicious code samples
  • 38 contained worms,
  • 30 exposed confidential information,
  • 11 contained bots.
  • 30 of households remain vulnerable to most
    attacks. (Forrester 2005)

5
Virus and Worm ProliferationSlammer, January 24,
2003
6
Virus and Worm ProliferationBGP Churn During
Slammer
1200 AM
200 AM
400 AM
600 AM
1000 PM
January 25th 2003
January 24th 2003
7
DOS and Botnet Attacks
  • The Honeynet Project tracked more than 100 active
    botnets, consisting of over 1 million zombies
    that can be controlled by malicious attackers
    (March 05).
  • Denial-of-service attacks grew from 119 per day
    during 2H04 to 1,402 per day during 2H05 and 6110
    per day in 1H06. (Symantec)
  • The United States was the target of the most DoS
    attacks, accounting for 54 of the worldwide
    total.

8
Cyber Extortion
  • 17 of 100 companies surveyed in 2004 reported
    being the target of cyber extortion.
    (CMU-Information Week)

9
Identity Theft through Phishing and Pharming
  • There were 28,531 unique phishing sites reported
    to the Anti-Phishing Working Group (APWG) during
    December 06.
  • In 2005, over 2 million Americans fell victim to
    Phishing and Pharming attacks with losses in
    excess of 1 Billion.
  • Fears of on-line identity theft are projected to
    inhibit US e-commerce growth rates by 1-3.
  • In 1/3 of identity theft cases, the victim does
    not know how their identity was stolen.

10
The Recent Surge in Pharming Attacks
  • DNS Cache Poisoning malicious hackers feed
    erroneous information to resolving DNS servers,
    causing users to be directed to a hackers
    website instead of the intended website.
  • At least 1,300 Internet domains were compromised
    in such an attack in March 2005.
  • And now drive-by pharming (home users fail to
    change default password on broadband routers)

11
Other Ways to Hijack Traffic and Identities
  • Confidential data can be stolen from a
    compromised server.
  • DHCP is not authenticated and so it is possible
    to intercept wireless traffic.
  • BGP is not authenticated and so it is possible to
    alter routes, thereby diverting traffic to an
    unintended location.

12
Normal Traffic Flow
Because routing information is not verified, an
attacker can steal traffic destined for someone
else.
End User
MCI
End User
Sprint
Web Server 192.168.1.15/24
End User
CW
End User
End User
13
Hijacked Network
Hacker tells Sprint, Send me all traffic for
192.168.1.15/32.
Hacker
End User
MCI
End User
Sprint
Web Server 192.168.1.15/24
End User
CW
End User
End User
14
How Did We Get Into This State?
  • Internet protocols and software were designed
    based on an assumption of trust, which dates back
    to the days of the ARPANet.
  • The assumption of trust is no longer valid, and
    we have failed to design a more secure
    architecture.

15
The Internet is Not a Single Network
  • The Internet consists of over 12,000 networks
  • No single network controls more than 8 of access
    traffic

16
The PITAC Report
  • PITAC IT leaders in industry and academia were
    appointed by the President to provide independent
    expert advice on maintaining Americas
    preeminence in advanced IT for the 21st century.
  • Cyber Security A Crisis of Prioritization
  • Submitted to President Bush on February 28, 2005
  • http//www.nitrd.gov/pitac/reports
  • Report offers four findings and recommendations
    on how the Federal government can foster the
    development of new architectures and technologies
    to secure the Nations IT infrastructure.

17
PITACs Findings and Recommendations
  • Finding 1 The Federal RD budget provides
    inadequate funding for fundamental research in
    civilian cyber security.
  • Recommendation 1
  • Increase NSF budget for fundamental research in
    civilian cyber security by 90M annually
  • Substantially increase civilian cyber security
    funding in DARPA and DHS
  • Allocate majority of funding to 10 specific
    research areas.

18
PITACs Cyber Security Research Priorities
  • Authentication Technologies
  • Secure Fundamental Protocols
  • Secure Software Engineering and Software
    Assurance
  • Holistic System Security
  • Monitoring and Detection

19
PITACs Cyber Security Research Priorities
  • 6. Mitigation and Recovery Methodologies
  • Cyber Forensics Catching Criminals and
    Deterring Criminal Activities
  • Modeling and Testbeds for New Technologies
  • 9. Metrics, Benchmarks, and Best Practices
  • 10. Non-Technology Issues That Can Compromise
    Cyber Security

20
PITACs Findings and Recommendations
  • Finding 2 The Nations cyber security research
    community is too small to adequately support the
    cyber security research and education programs
    necessary to protect the United States.
  • Recommendation 2 The Federal government should
  • Intensify efforts to promote recruitment and
    retention of cyber security researchers and
    students with a goal of doubling their number by
    the end of the decade
  • Increase and stabilize funding for civilian cyber
    security research.

21
PITACs Findings and Recommendations
  • Finding 3 Current cyber security technology
    transfer efforts are not adequate to successfully
    transition Federal research investments into
    civilian sector best practices and products.
  • Recommendation 3 The Federal government should
  • Strengthen its cyber security private sector
    partnership and support programs like SBIR and
    SBTT to transfer research results into commercial
    products or operational best practices
  • Place greater emphasis on metrics, models,
    datasets, and testbeds to evaluate new products
    and best practices.

22
PITACs Findings and Recommendations
  • Finding 4 The overall Federal cyber security RD
    effort is currently unfocused and inefficient
    because of inadequate coordination and oversight.
  • Recommendation 4 The IWG on Critical Information
    Infrastructure Protection (CIIP) should become
    the focal point for coordinating Federal cyber
    security RD efforts and should be strengthened
    and integrated under the Networking and
    Information Technology Research and Development
    (NITRD) Program.

23
Steps that can be Taken Today to Protect IP
Operations From Disruption
  • Maintaining up-to-date software patches
  • Improving security and consistency of firewalls
  • Monitoring of virus activity
  • Monitoring of BGP data and local name servers to
    detect pharming
  • Use of multifactor authentication
  • Remove public-facing web sites from sensitive
    networks
  • Use of content delivery networks (CDNs)

24
Traffic
10000
1000
100
10
1
Internet
Webserver
25
Traffic
10000
1000
100
10
1
Internet
Webserver
26
Traffic
10000
1000
100
Edge Servers
Edge Servers
10
1
Internet
Webserver
Edge Servers
27
Traffic
10000
1000
100
Edge Servers
Edge Servers
10
1
Internet
Webserver
Edge Servers
28
Example Federal Bureau of Investigation
  • Key Problem Survivability During a Crisis
  • Became Akamaized on 9/11/01 to disseminate
    critical information and to collect terrorist
    tips from citizens
  • Additional Benefits
  • Performance Immediately became one of the
    fastest performing sites as measured by Keynotes
    Government 40 Index
  • Security Has not gone down or been compromised
    due to DoS attacks
  • Richer Content Subsequent releases of Al-Qaeda
    pictures, videos, etc. on site have spiked
    traffic to over 3000 of normal usage

29
Critical non-publicServers
Fire Wall
Government Network
Internet
30
Critical non-publicservers
Fire Wall
Publication Point
Government Network
Edge Servers
Edge Servers
Internet
Edge Servers
31
DoD - Office of the Secretary of Defense
Key Problem 100 Availability Initially
Akamaized to guarantee continuity of operations
  • Additional Benefits
  • Scalability During the Iraq war, traffic levels
    jumped about 5x.
  • Protection from the Unexpected When the Iraqs
    Most Wanted deck of cards were released, traffic
    spiked 40x this would have shut down DTICs
    hosting facility affecting email, FTP content
    uploads and other mission critical apps.

32
The Akamai EdgePlatform
  • The worlds largest on-demand, distributed
    computing platform it delivers all forms of Web
    content and applications for over 2,000 customers
    and 20,000 domains.
  • Including
  • Over 100 of the Global 500
  • 29 of the top 30 ME companies
  • 70 of the top online retailers
  • All of the top five virus companies
  • All of the top Internet portals
  • All branches of U.S. Military
  • Resulting in Daily Traffic of
  • 3 million hits per second
  • 350 Gbps
  • 500,000 concurrent streams

20,000 Servers
900 Networks
3,000 Locations
750 Cities 70 Countries
33
Akamai Benefits
  • Fast
  • Content and Applications are served from
    locations near to end users
  • Reliable
  • No single point of failure
  • Automatic failover
  • Scalable
  • Global capacity on demand
  • Cost effective
  • No overprovisioning
  • No redundant datacenters
  • Simple to manage
  • Greater Security
  • Traffic harder to steal
  • Defense in depth helps protect central
    infrastructure

34
Questions
Write a Comment
User Comments (0)
About PowerShow.com