We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJamil Foxwell
Modified about 1 year ago
Protecting Commercial and Government Web Sites: The Role of Content Delivery Networks Bruce Maggs VP for Research, Akamai Technologies
©2013 AKAMAI | FASTER FORWARD TM Attacks on Akamai Customers Attacks are originating from all geographies and are moving between geographies during the attack
©2013 AKAMAI | FASTER FORWARD TM Origin Server End User Origin Traffic 1000 Akamai Traffic The Akamai Platform Provides a Perimeter Defense
©2013 AKAMAI | FASTER FORWARD TM Defeating HTTP flooding attacks – Rate Controls 1.Count the number of Forward Requests 2.Block any IP address with excessive forward requests Client Request Forward Request Forward Response Customer Origin Akamai Edge Server X Custom Error page
©2013 AKAMAI | FASTER FORWARD TM Filtering Out Malformed Requests SQL injection attacks Cache busting attacks
©2013 AKAMAI | FASTER FORWARD TM Relational databases Relational databases store tables consisting of rows and columns. (image from
©2013 AKAMAI | FASTER FORWARD TM Structured Query Language (SQL) Example Query: SELECT * FROM Employees WHERE LName = ’PARKER’; IdNum LName FName JobCode Salary Phone 1354 PARKER MARY FA /
©2013 AKAMAI | FASTER FORWARD TM Example SQL Injection Suppose a program creates the following SQL query, where userName is a variable holding input provided by an end-user, e.g., through a form on a Web page. SELECT * FROM Employees WHERE LName = ’” + userName + ”’;” But instead of entering a name like PARKER the user enters ’ or ’1’=’1 Then the query becomes SELECT * FROM Employees WHERE LName = ’’ or ’1’=’1’; This query returns all rows in the Employees table!
©2013 AKAMAI | FASTER FORWARD TM A More Destructive Injection Same code as before: SELECT * FROM Employees WHERE LName = ’” + userName + ”’;” But now suppose the user enters a’; DROP TABLE Employees Then the query becomes SELECT * FROM Employees WHERE LName = ’a’; DROP TABLE Employees; This query might delete the Employees table! (Not all databases allow two queries in the same string.)
©2013 AKAMAI | FASTER FORWARD TM bobby-tables.com: A guide to preventing SQL injection (from the comic strip xkcd)
©2013 AKAMAI | FASTER FORWARD TM Filtering SQL Injection Attacks The CDN filters suspicious-looking inputs, not because the content provider can’t filter them correctly, but because the content provider should not expend resources processing bad inputs.
©2013 AKAMAI | FASTER FORWARD TM Cache Busting Idea: The attacker sends multiple requests for the same large object, but with different query strings attached, e.g., If the CDN cache treats every distinct URL as a unique object, it will have to fetch a new copy of the object from the content provider each time it receives a request with a new query string. Even worse, as Triukose, Al-Qudah, and Rabinovich observe, the CDN might pull the entire object from the content provider at high speed even if the attacker is downloading the object slowly or not at all – thus using the CDN to leverage the client’s attack.
©2013 AKAMAI | FASTER FORWARD TM Query String Filtering Solution: At the content provider’s request, the CDN can ignore the query string when identifying the object, i.e., only fetch and cache one copy of the object. (Available for many years.) The CDN can also filter out multiple requests by the same client for a single object with different query strings. The CDN can limit the rate it which it fetches an object from the content provider to the rate at which the client is downloading the object.
©2013 AKAMAI | FASTER FORWARD TM Operation Ababil Phase 1 Sep 12 – Early Nov 2012 DNS packets with “AAAAA” payload Limited Layer 7 attacks Early-mid Oct 2012 announced names of banks where attacks succeeded (Did not announce bank names if attacks were unsuccessful) Began use of HTTP dynamic content to circumvent static caching defenses Phase 2 Dec 12, 2012 – Jan 29 Incorporate random query strings and values Addition of random query strings against PDFs Additions to bot army Burst probes to bypass rate-limiting controls Addition of valid argument names, random values Phase 3 Multiple probes Multiple targets Increased focus on Layer 7 attacks Target banks where attacks work Fraudsters take advantage Late Feb 2013 – Now “none of the U.S banks will be safe from our attacks” A layer 7 attack is also known as an application layer attack.
©2013 AKAMAI | FASTER FORWARD TM DNS Traffic Handled by Akamai 1.8 M 1.6 M 1.4 M 1.2 M 1.0 M 0.8 M 0.6 M 0.4 M 0.2 M 0.0 Total eDNS Tues 12:00Wed 00:00Wed12:00 s Phase 1 Attack – Sept Attack Traffic: 23 Gbps ( 10,000X normal) Duration: 4.5 Hours High volume of non-standard packets sent to UDP port 53 Packets did not include a valid DNS header Packets consisted of large blocks of repeating “A”s The packets were abnormally large Simultaneously, a SYN-Flood was directed against TCP port 53
©2013 AKAMAI | FASTER FORWARD TM Phase 2 Attacks - January 2 nd, 2013 Bank #1 Bank #2 Bank #3 Bank #4 Bank #5 QCF targeted PDF files Akamai Dynamic Caching Rules offloaded 100% of the traffic No Origin Impact
©2013 AKAMAI | FASTER FORWARD TM Phase 2 Attacks - January 2 nd, 2013 Bank #1 Bank #2 Bank #3 Bank #4 Bank #5 QCF targeted marketing web pages Rate controls automatically activated Attack was deflected, far from bank’s datacenter No Origin Impact
©2013 AKAMAI | FASTER FORWARD TM Phase 2 Attacks - January 2 nd, 2013 Bank #1 Bank #2 Bank #3 Bank #4 Bank #5 QCF targeted SSL Akamai offloaded 99% of the traffic No Origin Impact
©2013 AKAMAI | FASTER FORWARD TM Phase 2 Attacks - January 2 nd, 2013 Bank #1 Bank #2 Bank #3 Bank #4 Bank #5 12:03 PM 9:00 AM Error/Outage—site not responding Gomez agents in 12 cities measuring hourly NOT on Akamai
©2013 AKAMAI | FASTER FORWARD TM Phase 2 Attacks - January 2 nd, 2013 Bank #1 Bank #2 Bank #3 Bank #4 Bank #5 Gomez agents in 12 cities measuring hourly NOT on Akamai 12:44 PM 6:21 PM Error/Outage—site not responding
©2013 AKAMAI | FASTER FORWARD TM Phase 3 Attack Example Attack started at March 5, 2013 morning Peak Attack Traffic > 126 thousand requests per second 70x normal Edge Bandwidth (29Gbps) Origin Traffic stayed at normal levels ~2000 Agents participated in the 20 minute assault 80% of the agents were new IP addresses that had not participated in earlier campaigns
©2013 AKAMAI | FASTER FORWARD TM Attack Tactics - Pre-attack Reconnaissance Attackers test the site with short burst high speed probes Short bursts of attack requests on non-cacheable content every 10 minutes Peak of 18 million requests per second If the site falters, they announce that they will attack that bank and return later with a full scale attack If the site is resilient they move on
Version 4.1 CCNA Discovery 2– Chapter 7. Contents 7.1: ISP Services : TCP / IP Protocols 7.2: 7.3: DNS 7.3: 7.4: Application Layer Protocols 7.4.
A load testing solution for web applications This presentation should be viewed as a Slide Show. Choose “Slide Show” from the PowerPoint menu and click.
CSC Proprietary 2/11/2014 3:44:12 AM 008_P2_CSC_white 1 Active Server Pages (ASP)
Malware, Viruses, Worms Nick Feamster CS 6262 Spring 2009.
The Web and Content Distribution Networks Nick Feamster CS 6250 Fall 2011 (some notes from David Andersen and Christian Kauffman)
Business Objects Web Intelligence Business Objects Web Intelligence.
Security Threats and Protection Mechanisms. Learning Objectives Internet security issues (intellectual property rights, client, communication channels,
Professor Yashar Ganjali Department of Computer Science University of Toronto
Scalability and efficiency: Introducing a new mechanism to the internet must not jeopardize its efficiency. Enhancing IP for mobility must not generate.
Chapter 11: The Internet. 2 Objectives Discuss the responsibilities of the Internet Protocol (IP) and how IP can be used to create a connection between.
Briefing on Recent Attacks and Attack Trends Dennis Usle Security Solutions Architect May 2013 Radware Confidential Jan 2012.
Peer-to-peer and agent-based computing BitTorrent.
Chapter 17: Recovery System Failure Classification Storage Structure Recovery and Atomicity Log-Based Recovery Shadow Paging Recovery With Concurrent Transactions.
Intelligent People. Uncommon Ideas. 1 Building a Scalable Architecture for Web Apps - Part I (Lessons Directi) By Bhavin Turakhia CEO, Directi.
©Silberschatz, Korth and Sudarshan8.1Database System Concepts, 5 th Ed, slide version 5.0, August Chapter 8: Application Design and Development.
Wireless Markup Language - Vedantis. Copyright © [Vedantis Inc.]. All rights reserved Wireless Markup Language o Introduction Internet today has made.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 9 Applications Copyright © 2010, Elsevier Inc. All rights Reserved.
PHP II Interacting with Database Data. The whole idea of a database-driven website is to enable the content of the site to reside in a database, and to.
PCTI Limited - A Unique Name For Quality Education CS-75 INTRANET ADMINISTRATION By: Vinay Aggarwal.
PrevNext | Slide 1 Welcome to MEGS The Michigan Electronic Grants System Comprehensive School Reform Application Last.
The world wide web Chapter 4. Learning outcomes Explain in general terms how web documents are transferred across the Internet and What processes are.
Network Security Protecting An Organizations Network.
Denial of Service (DoS) By Vijay C Uyyuru, Prateek Arora, & Terry Griffin.
PrevNext | Slide 1 Last Updated: 4/14/2003 SPECIAL EDUCATION MEGS Update for School Year The Michigan Electronic.
PHP I. PHP, or PHP Hypertext Preprocessor is a server-side scripting language. Originally created in 1994 by Rasmus Lerdorf, to track users at his web.
Enabling Secure Internet Access with ISA Server. Enabling Secure Access to Internet Resources What Is Secure Access to Internet Resources? –Users can.
Peer-to-Peer and Social Networks An overview of Gnutella.
Window Media Encoder Scorpio I Nyoman Nicharee Srirochanakul.
Compiled by : S. Agarwal Lecturer & Systems Incharge St. Xaviers Computer Centre St. Xaviers College, Kolkata. INTERNET PROTOCOLS.
© 2016 SlidePlayer.com Inc. All rights reserved.