Akamai Light PP Template

1
The State of Cyber SecurityA Problem of
National Importance
Prof. Tom Leighton Chief Scientist and
Co-Founder, Akamai Technologies Professor of
Applied Mathematics, MIT
2
Agenda

• The current state of cyber security
• Specific IP vulnerabilities
• Virus and worm proliferation
• Denial of Service (DOS) and Botnet attacks
• Identity theft through Phishing and Pharming
• The Presidents IT Advisory Committee (PITAC)
  report,
• Cyber Security A Crisis of Prioritization
• Steps that can be taken today to help protect IP
  operations from disruption

3
The Current State of Cyber Security

• The Nation is now critically reliant on networked
  IT infrastructure, and this infrastructure is
  highly vulnerable to terrorist and criminal
  attacks.
• Ubiquitous software and interconnectivity
  combined with a lack of adequate security results
  in widespread vulnerability.
• The problem is getting worseendless patching is
  not the answer to long-term fundamental problems.

4
Virus and Worm Proliferation

• CERT/CC reported 8,064 new electronic
  vulnerabilities in 2006.
• Symantec reported 6,784 new Win32 viruses and
  worms in 1H06.
• Of the top 50 malicious code samples
• 38 contained worms,
• 30 exposed confidential information,
• 11 contained bots.
• 30 of households remain vulnerable to most
  attacks. (Forrester 2005)

5
Virus and Worm ProliferationSlammer, January 24,
2003
6
Virus and Worm ProliferationBGP Churn During
Slammer
1200 AM
200 AM
400 AM
600 AM
1000 PM
January 25th 2003
January 24th 2003
7
DOS and Botnet Attacks

• The Honeynet Project tracked more than 100 active
  botnets, consisting of over 1 million zombies
  that can be controlled by malicious attackers
  (March 05).
• Denial-of-service attacks grew from 119 per day
  during 2H04 to 1,402 per day during 2H05 and 6110
  per day in 1H06. (Symantec)
• The United States was the target of the most DoS
  attacks, accounting for 54 of the worldwide
  total.

8
Cyber Extortion

• 17 of 100 companies surveyed in 2004 reported
  being the target of cyber extortion.
  (CMU-Information Week)

9
Identity Theft through Phishing and Pharming

• There were 28,531 unique phishing sites reported
  to the Anti-Phishing Working Group (APWG) during
  December 06.
• In 2005, over 2 million Americans fell victim to
  Phishing and Pharming attacks with losses in
  excess of 1 Billion.
• Fears of on-line identity theft are projected to
  inhibit US e-commerce growth rates by 1-3.
• In 1/3 of identity theft cases, the victim does
  not know how their identity was stolen.

10
The Recent Surge in Pharming Attacks

• DNS Cache Poisoning malicious hackers feed
  erroneous information to resolving DNS servers,
  causing users to be directed to a hackers
  website instead of the intended website.
• At least 1,300 Internet domains were compromised
  in such an attack in March 2005.
• And now drive-by pharming (home users fail to
  change default password on broadband routers)

11
Other Ways to Hijack Traffic and Identities

• Confidential data can be stolen from a
  compromised server.
• DHCP is not authenticated and so it is possible
  to intercept wireless traffic.
• BGP is not authenticated and so it is possible to
  alter routes, thereby diverting traffic to an
  unintended location.

12
Normal Traffic Flow
Because routing information is not verified, an
attacker can steal traffic destined for someone
else.
End User
MCI
End User
Sprint
Web Server 192.168.1.15/24
End User
CW
End User
End User
13
Hijacked Network
Hacker tells Sprint, Send me all traffic for
192.168.1.15/32.
Hacker
End User
MCI
End User
Sprint
Web Server 192.168.1.15/24
End User
CW
End User
End User
14
How Did We Get Into This State?

• Internet protocols and software were designed
  based on an assumption of trust, which dates back
  to the days of the ARPANet.
• The assumption of trust is no longer valid, and
  we have failed to design a more secure
  architecture.

15
The Internet is Not a Single Network

• The Internet consists of over 12,000 networks
• No single network controls more than 8 of access
  traffic

16
The PITAC Report

• PITAC IT leaders in industry and academia were
  appointed by the President to provide independent
  expert advice on maintaining Americas
  preeminence in advanced IT for the 21st century.
• Cyber Security A Crisis of Prioritization
• Submitted to President Bush on February 28, 2005
• http//www.nitrd.gov/pitac/reports
• Report offers four findings and recommendations
  on how the Federal government can foster the
  development of new architectures and technologies
  to secure the Nations IT infrastructure.

17
PITACs Findings and Recommendations

• Finding 1 The Federal RD budget provides
  inadequate funding for fundamental research in
  civilian cyber security.

• Recommendation 1
• Increase NSF budget for fundamental research in
  civilian cyber security by 90M annually
• Substantially increase civilian cyber security
  funding in DARPA and DHS
• Allocate majority of funding to 10 specific
  research areas.

18
PITACs Cyber Security Research Priorities

• Authentication Technologies
• Secure Fundamental Protocols
• Secure Software Engineering and Software
  Assurance
• Holistic System Security
• Monitoring and Detection

19
PITACs Cyber Security Research Priorities

• 6. Mitigation and Recovery Methodologies
• Cyber Forensics Catching Criminals and
  Deterring Criminal Activities
• Modeling and Testbeds for New Technologies
• 9. Metrics, Benchmarks, and Best Practices
• 10. Non-Technology Issues That Can Compromise
  Cyber Security

20
PITACs Findings and Recommendations

• Finding 2 The Nations cyber security research
  community is too small to adequately support the
  cyber security research and education programs
  necessary to protect the United States.

• Recommendation 2 The Federal government should
• Intensify efforts to promote recruitment and
  retention of cyber security researchers and
  students with a goal of doubling their number by
  the end of the decade
• Increase and stabilize funding for civilian cyber
  security research.

21
PITACs Findings and Recommendations

• Finding 3 Current cyber security technology
  transfer efforts are not adequate to successfully
  transition Federal research investments into
  civilian sector best practices and products.

• Recommendation 3 The Federal government should
• Strengthen its cyber security private sector
  partnership and support programs like SBIR and
  SBTT to transfer research results into commercial
  products or operational best practices
• Place greater emphasis on metrics, models,
  datasets, and testbeds to evaluate new products
  and best practices.

22
PITACs Findings and Recommendations

• Finding 4 The overall Federal cyber security RD
  effort is currently unfocused and inefficient
  because of inadequate coordination and oversight.

• Recommendation 4 The IWG on Critical Information
  Infrastructure Protection (CIIP) should become
  the focal point for coordinating Federal cyber
  security RD efforts and should be strengthened
  and integrated under the Networking and
  Information Technology Research and Development
  (NITRD) Program.

23
Steps that can be Taken Today to Protect IP
Operations From Disruption

• Maintaining up-to-date software patches
• Improving security and consistency of firewalls
• Monitoring of virus activity
• Monitoring of BGP data and local name servers to
  detect pharming
• Use of multifactor authentication
• Remove public-facing web sites from sensitive
  networks
• Use of content delivery networks (CDNs)

24
Traffic
10000
1000
100
10
1
Internet
Webserver
25
Traffic
10000
1000
100
10
1
Internet
Webserver
26
Traffic
10000
1000
100
Edge Servers
Edge Servers
10
1
Internet
Webserver
Edge Servers
27
Traffic
10000
1000
100
Edge Servers
Edge Servers
10
1
Internet
Webserver
Edge Servers
28
Example Federal Bureau of Investigation

• Key Problem Survivability During a Crisis
• Became Akamaized on 9/11/01 to disseminate
  critical information and to collect terrorist
  tips from citizens
• Additional Benefits
• Performance Immediately became one of the
  fastest performing sites as measured by Keynotes
  Government 40 Index
• Security Has not gone down or been compromised
  due to DoS attacks
• Richer Content Subsequent releases of Al-Qaeda
  pictures, videos, etc. on site have spiked
  traffic to over 3000 of normal usage

29
Critical non-publicServers
Fire Wall
Government Network
Internet
30
Critical non-publicservers
Fire Wall
Publication Point
Government Network
Edge Servers
Edge Servers
Internet
Edge Servers
31
DoD - Office of the Secretary of Defense
Key Problem 100 Availability Initially
Akamaized to guarantee continuity of operations

• Additional Benefits
• Scalability During the Iraq war, traffic levels
  jumped about 5x.
• Protection from the Unexpected When the Iraqs
  Most Wanted deck of cards were released, traffic
  spiked 40x this would have shut down DTICs
  hosting facility affecting email, FTP content
  uploads and other mission critical apps.

32
The Akamai EdgePlatform

• The worlds largest on-demand, distributed
  computing platform it delivers all forms of Web
  content and applications for over 2,000 customers
  and 20,000 domains.
• Including
• Over 100 of the Global 500
• 29 of the top 30 ME companies
• 70 of the top online retailers
• All of the top five virus companies
• All of the top Internet portals
• All branches of U.S. Military
• Resulting in Daily Traffic of
• 3 million hits per second
• 350 Gbps
• 500,000 concurrent streams

20,000 Servers
900 Networks
3,000 Locations
750 Cities 70 Countries
33
Akamai Benefits

• Fast
• Content and Applications are served from
  locations near to end users
• Reliable
• No single point of failure
• Automatic failover
• Scalable
• Global capacity on demand
• Cost effective
• No overprovisioning
• No redundant datacenters
• Simple to manage
• Greater Security
• Traffic harder to steal
• Defense in depth helps protect central
  infrastructure

34
Questions