Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Akamai Korea - Tech Day (2015/03/11) DNS

1.145 visualizaciones

Publicado el

Akamai Korea - Tech Day (2015/03/11) DNS

Publicado en: Internet
  • Sé el primero en comentar

Akamai Korea - Tech Day (2015/03/11) DNS

  1. 1. Akamai Tech Day - DNS 손연호, Solutions Architect
  2. 2. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Internet A Critical Service for Web Infrastructure Application Web or productivity Users Customers or employees Internet DNS Connecting users with applications
  3. 3. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Common DNS Challenges Availability •  Many organizations rely on just two or three DNS servers •  Any DNS outage will result in site downtime Performance •  Closest DNS server may be physically far away •  High latency leads to longer page load times Security •  DNS infrastructure exposed to the Internet •  Popular DDoS attack vector •  Forgery or manipulation of DNS data
  4. 4. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Every Page Load Begins with DNS DNS lookup Time to first byte Initial connection Content download www.akamai.com 70 ms 60 ms 60 ms 140 ms
  5. 5. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Web Page Test http://www.webpagetest.org/
  6. 6. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Web Page Test
  7. 7. ©2015 AKAMAI | FASTER FORWARDTM DNS Prefetch https://developers.google.com/speed/pagespeed/service/PreResolveDns
  8. 8. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Response Times Over Time
  9. 9. ©2015 AKAMAI | FASTER FORWARDTM Case Study: DDoS Attack against Media Company 0 20 40 60 80 100 120 •  Q2 14 attack targeted a politically-active newspaper in APJ Phase 1 •  Bandwidth: 88 Gbps •  Requests: 56 Mpps •  Duration: 18 hours Phase 2 •  Bandwidth: 93 Gbps •  Packets: 53 Mpps •  Duration: 30 hours Phase 3 •  Bandwidth: 111 Gbps •  Packets: 53 Mpps •  Duration: 3 hours W Th F S S M T W Th F S S
  10. 10. ©2015 AKAMAI | FASTER FORWARDTM DNS Hijacking https://community.akamai.com/community/cloud-security/blog/2014/12/01/x-post-fresh-wave-of-dns-record-hijacking- attacks-reported
  11. 11. ©2015 AKAMAI | FASTER FORWARDTM DNS Hijacking
  12. 12. ©2015 AKAMAI | FASTER FORWARDTM DNSSEC http://krnic.or.kr/jsp/resources/dns/dnssecInfo/dnssecInfo.jsp http://datatracker.ietf.org/wg/dnsext/documents/
  13. 13. ©2015 AKAMAI | FASTER FORWARDTM Protecting against DDoS Over-provision DNS Servers Build-in High Availability Set Rate Limit by Source IP Address Set Rate Limit by Destination IP Address Close your ‘Open’ DNS Recursive Server Use Cloud-Based Anycast Servers
  14. 14. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. FastDNS - Guaranteed Availability % Availability 0 10 20 30 40 50 60 70 80 90 100 •  DNS infrastructure architected with massive scale and IP Anycast technology •  Name servers distributed across multiple networks and geographies for additional redundancy •  100% uptime service level agreement (SLA)
  15. 15. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. FastDNS - Improving User Experience with Zone Apex Mapping Response (ms) 0 20 40 60 80 100 120 140 160 180 200 220 Akamai Vendor 1 Vendor 2 •  Incorporates Akamai mapping data into name resolution •  Resolves DNS requests directly to the optimal edge server •  Dramatic improvement to overall user experience
  16. 16. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Transfer •  Migrate DNS resolution to a cloud- based service •  Transfer DDoS risk and responsibility to Akamai Absorb •  Normal traffic less than 1 percent of total capacity •  No additional fees for DDoS-related traffic Block •  Restrict responses to known good DNS servers •  Rate limit DNS traffic from malicious IP addresses FastDNS - Improved Protection from DDoS Attacks
  17. 17. ©2015 AKAMAI | FASTER FORWARDTM FastDNS - DNSSEC with Secure Option (add-on module) Protects against DNS forgery and manipulation Reduces overhead required to maintain DNSSEC compliance Serve Customer provides ZSK and KSK and is responsible for key rotation Sign and Serve Akamai provides ZSK and KSK and leverages Akamai KMI for key rotation End user

×