Title: Akamai Light PP Template
1The State of Cyber SecurityA Problem of
National Importance
Prof. Tom Leighton Chief Scientist and
Co-Founder, Akamai Technologies Professor of
Applied Mathematics, MIT
2Agenda
- The current state of cyber security
- Specific IP vulnerabilities
- Virus and worm proliferation
- Denial of Service (DOS) and Botnet attacks
- Identity theft through Phishing and Pharming
- The Presidents IT Advisory Committee (PITAC)
report, - Cyber Security A Crisis of Prioritization
- Steps that can be taken today to help protect IP
operations from disruption
3The Current State of Cyber Security
- The Nation is now critically reliant on networked
IT infrastructure, and this infrastructure is
highly vulnerable to terrorist and criminal
attacks. - Ubiquitous software and interconnectivity
combined with a lack of adequate security results
in widespread vulnerability. - The problem is getting worseendless patching is
not the answer to long-term fundamental problems.
4Virus and Worm Proliferation
- CERT/CC reported 8,064 new electronic
vulnerabilities in 2006. - Symantec reported 6,784 new Win32 viruses and
worms in 1H06. - Of the top 50 malicious code samples
- 38 contained worms,
- 30 exposed confidential information,
- 11 contained bots.
- 30 of households remain vulnerable to most
attacks. (Forrester 2005)
5Virus and Worm ProliferationSlammer, January 24,
2003
6Virus and Worm ProliferationBGP Churn During
Slammer
1200 AM
200 AM
400 AM
600 AM
1000 PM
January 25th 2003
January 24th 2003
7DOS and Botnet Attacks
- The Honeynet Project tracked more than 100 active
botnets, consisting of over 1 million zombies
that can be controlled by malicious attackers
(March 05). - Denial-of-service attacks grew from 119 per day
during 2H04 to 1,402 per day during 2H05 and 6110
per day in 1H06. (Symantec) - The United States was the target of the most DoS
attacks, accounting for 54 of the worldwide
total.
8Cyber Extortion
- 17 of 100 companies surveyed in 2004 reported
being the target of cyber extortion.
(CMU-Information Week)
9Identity Theft through Phishing and Pharming
- There were 28,531 unique phishing sites reported
to the Anti-Phishing Working Group (APWG) during
December 06. - In 2005, over 2 million Americans fell victim to
Phishing and Pharming attacks with losses in
excess of 1 Billion. - Fears of on-line identity theft are projected to
inhibit US e-commerce growth rates by 1-3. - In 1/3 of identity theft cases, the victim does
not know how their identity was stolen.
10The Recent Surge in Pharming Attacks
- DNS Cache Poisoning malicious hackers feed
erroneous information to resolving DNS servers,
causing users to be directed to a hackers
website instead of the intended website. - At least 1,300 Internet domains were compromised
in such an attack in March 2005. - And now drive-by pharming (home users fail to
change default password on broadband routers)
11Other Ways to Hijack Traffic and Identities
- Confidential data can be stolen from a
compromised server. - DHCP is not authenticated and so it is possible
to intercept wireless traffic. - BGP is not authenticated and so it is possible to
alter routes, thereby diverting traffic to an
unintended location.
12Normal Traffic Flow
Because routing information is not verified, an
attacker can steal traffic destined for someone
else.
End User
MCI
End User
Sprint
Web Server 192.168.1.15/24
End User
CW
End User
End User
13Hijacked Network
Hacker tells Sprint, Send me all traffic for
192.168.1.15/32.
Hacker
End User
MCI
End User
Sprint
Web Server 192.168.1.15/24
End User
CW
End User
End User
14How Did We Get Into This State?
- Internet protocols and software were designed
based on an assumption of trust, which dates back
to the days of the ARPANet. - The assumption of trust is no longer valid, and
we have failed to design a more secure
architecture.
15The Internet is Not a Single Network
- The Internet consists of over 12,000 networks
- No single network controls more than 8 of access
traffic
16The PITAC Report
- PITAC IT leaders in industry and academia were
appointed by the President to provide independent
expert advice on maintaining Americas
preeminence in advanced IT for the 21st century. - Cyber Security A Crisis of Prioritization
- Submitted to President Bush on February 28, 2005
- http//www.nitrd.gov/pitac/reports
- Report offers four findings and recommendations
on how the Federal government can foster the
development of new architectures and technologies
to secure the Nations IT infrastructure.
17PITACs Findings and Recommendations
- Finding 1 The Federal RD budget provides
inadequate funding for fundamental research in
civilian cyber security.
- Recommendation 1
- Increase NSF budget for fundamental research in
civilian cyber security by 90M annually - Substantially increase civilian cyber security
funding in DARPA and DHS - Allocate majority of funding to 10 specific
research areas.
18PITACs Cyber Security Research Priorities
- Authentication Technologies
- Secure Fundamental Protocols
- Secure Software Engineering and Software
Assurance - Holistic System Security
- Monitoring and Detection
19PITACs Cyber Security Research Priorities
- 6. Mitigation and Recovery Methodologies
- Cyber Forensics Catching Criminals and
Deterring Criminal Activities - Modeling and Testbeds for New Technologies
- 9. Metrics, Benchmarks, and Best Practices
- 10. Non-Technology Issues That Can Compromise
Cyber Security
20PITACs Findings and Recommendations
- Finding 2 The Nations cyber security research
community is too small to adequately support the
cyber security research and education programs
necessary to protect the United States.
- Recommendation 2 The Federal government should
- Intensify efforts to promote recruitment and
retention of cyber security researchers and
students with a goal of doubling their number by
the end of the decade - Increase and stabilize funding for civilian cyber
security research.
21PITACs Findings and Recommendations
- Finding 3 Current cyber security technology
transfer efforts are not adequate to successfully
transition Federal research investments into
civilian sector best practices and products.
- Recommendation 3 The Federal government should
- Strengthen its cyber security private sector
partnership and support programs like SBIR and
SBTT to transfer research results into commercial
products or operational best practices - Place greater emphasis on metrics, models,
datasets, and testbeds to evaluate new products
and best practices.
22PITACs Findings and Recommendations
- Finding 4 The overall Federal cyber security RD
effort is currently unfocused and inefficient
because of inadequate coordination and oversight.
- Recommendation 4 The IWG on Critical Information
Infrastructure Protection (CIIP) should become
the focal point for coordinating Federal cyber
security RD efforts and should be strengthened
and integrated under the Networking and
Information Technology Research and Development
(NITRD) Program.
23Steps that can be Taken Today to Protect IP
Operations From Disruption
- Maintaining up-to-date software patches
- Improving security and consistency of firewalls
- Monitoring of virus activity
- Monitoring of BGP data and local name servers to
detect pharming - Use of multifactor authentication
- Remove public-facing web sites from sensitive
networks - Use of content delivery networks (CDNs)
24Traffic
10000
1000
100
10
1
Internet
Webserver
25Traffic
10000
1000
100
10
1
Internet
Webserver
26Traffic
10000
1000
100
Edge Servers
Edge Servers
10
1
Internet
Webserver
Edge Servers
27Traffic
10000
1000
100
Edge Servers
Edge Servers
10
1
Internet
Webserver
Edge Servers
28Example Federal Bureau of Investigation
- Key Problem Survivability During a Crisis
- Became Akamaized on 9/11/01 to disseminate
critical information and to collect terrorist
tips from citizens - Additional Benefits
- Performance Immediately became one of the
fastest performing sites as measured by Keynotes
Government 40 Index - Security Has not gone down or been compromised
due to DoS attacks - Richer Content Subsequent releases of Al-Qaeda
pictures, videos, etc. on site have spiked
traffic to over 3000 of normal usage
29Critical non-publicServers
Fire Wall
Government Network
Internet
30Critical non-publicservers
Fire Wall
Publication Point
Government Network
Edge Servers
Edge Servers
Internet
Edge Servers
31DoD - Office of the Secretary of Defense
Key Problem 100 Availability Initially
Akamaized to guarantee continuity of operations
- Additional Benefits
- Scalability During the Iraq war, traffic levels
jumped about 5x. - Protection from the Unexpected When the Iraqs
Most Wanted deck of cards were released, traffic
spiked 40x this would have shut down DTICs
hosting facility affecting email, FTP content
uploads and other mission critical apps.
32The Akamai EdgePlatform
- The worlds largest on-demand, distributed
computing platform it delivers all forms of Web
content and applications for over 2,000 customers
and 20,000 domains. - Including
- Over 100 of the Global 500
- 29 of the top 30 ME companies
- 70 of the top online retailers
- All of the top five virus companies
- All of the top Internet portals
- All branches of U.S. Military
- Resulting in Daily Traffic of
- 3 million hits per second
- 350 Gbps
- 500,000 concurrent streams
20,000 Servers
900 Networks
3,000 Locations
750 Cities 70 Countries
33Akamai Benefits
- Fast
- Content and Applications are served from
locations near to end users - Reliable
- No single point of failure
- Automatic failover
- Scalable
- Global capacity on demand
- Cost effective
- No overprovisioning
- No redundant datacenters
- Simple to manage
- Greater Security
- Traffic harder to steal
- Defense in depth helps protect central
infrastructure
34Questions