Defending California Agencies Against DDoS Attacks …governmentvideosolutionsforum.com/pdf/Akamai05-03-12LunchLearn.pdf · 03/05/2012 · Defending California Agencies Against DDoS

Akamai Lunch and Learn: Defending California Agencies Against DDoS Attacks

May 3 , 2012 | Sacramento, CA Thank you for your interest in Akamai’s Lunch and Learn! If you have any questions or would

like additional information, please feel free to contact me:

John Howard

Akamai Government at Carahsoft

703-871-8537 (Direct) | 888-662-2724 (Toll-Free)

[email protected] www.carahsoft.com/akamai

mailto:[email protected]

http://www.carahsoft.com/akamai

©2012 Akamai Akamai Confidential

Avoid data theft and downtime by extending the

security perimeter outside the data-center and protect

from increasing frequency, scale and sophistication of

web attacks.


Akamai — Faster Forward

We remove the complexities of technology so our customers can capture

the opportunity and meet the demands of the hyperconnected world.


Akamai: Quick Facts • Pioneered Web Content Delivery (MIT) • $1Billion+ (NASDAQ 100), 11+ years experience • Content Delivery Network of choice for Public

Sector • 100% Managed Service – “cell phone bill pay

structure” • Delivers 30% of all web traffic • No hardware or software to deploy – only days to

implement • No application or code changes – just a DNS

change to deploy


Accelerating Daily Traffic of:

• 7+ Tbps

• 12+ million hits per second

• 800+ billion deliveries/day

• 30+ petabytes/day

• 10+ million concurrent streams

30% of the world’s Web traffic

Delivering 130,000+ domains

• All 60 top global eCommerce sites • 9 of the top 10 financial institutions • All top 30 M&E companies

• 105,000+ Servers • 1100+ Networks • 900+ Cities • 84 Countries

A global network:

Akamai Intelligent Platform™


Akamai Intelligent Platform™

Cloud Media Mobile

Reduce costs, increase agility

& performance

Reach multiple devices, scale

and monetize

Performance & personalization

Security

Defend without performance

impact

Web Security

Kona Site Defender


Kona SiteDefender

• Comprehensive web site and web application defense – All Akamai’s security capabilities in one solution

• Content acceleration is not required – Ideal for customers who only want security

• Sophisticated attack detection and alerting – Based on traffic, errors, application attack rule alerts

• Real time security event visibility and “drill down”


Kona SiteDefender Components

• Included: – Kona SiteDefender (non-

accelerated) • Web Application Firewall

– Rate Controls – Custom Rules – RTR

• DDoS Fee Protection • Site Shield • Site Failover • Access Control

– Compliance Management • ISO Security Standard (27002)

– NetStorage – Log Delivery Service

• •

• Optional: – Kona SiteDefender (non-

accelerated) • HTTPS Module (Secure Delivery)

– Compliance Management • PCI, BITS, FISMA, HIPAA • On-Site Audit

– eDNS • DNSSEC Serve • DNSSEC Sign & Serve

– Global Traffic Manager – Kona SiteDefender Service

Management Package


Cloud Datacenter

End User

Web Site Without Akamai

1

10

100

10000

Traffic

1000


Cloud Datacenter

End User

Web Site Without Akamai

1

10

100

10000

Traffic

1000

X


Cloud

Datacenter

End User

Web Site With Akamai

1

10

100

10000

Traffic

1000

Origin offloaded to the

Akamai Edge


Web Site with Akamai Site Shield Origin Cloaking

1

10

100

10000

Traffic

1000

Trusted

Connection

Akamai

Site

Shield

End User

Cloud

Datacenter

Defend and cloak

your origin


Web Site with Akamai Web Application Firewall Filters SQL Injections, Cross Site Scripting, Other HTTP attacks

1

10

100

10000

Traffic

1000

Trusted

Connection

Akamai

Site

Shield

End User

Cloud

Datacenter

Extend a layer 7 defense

perimeter to the Akamai Edge!


Rate Controls Use Case: Blocking IPs Causing Origin

Errors 1. Count the number of Forward Responses that return a 5XX error code

2. Block any IP address that exceeds 5 errors per second

Client

Request

Forward

Request

Response

code 5XX

Customer

Origin

Akamai

Edge Server

X Custom

Error page

Automatic Origin Abuse Mitigation!


Site Defender Provides Real Time Visibility

Timeline of

Requests by Hour

Visual Display of

Requests by Geography

Requests

by WAF

Message

Requests

by WAF Tag

Requests by

WAF Rule ID


DDoS Attacks Mitigated by Leading Scrubbing Solution Akamai Handles 100% of These Network Layer Attacks BY DEFAULT!

• Network layer (Layer 3) attacks (~82% total)

• Protection is built into the Akamai Intelligent Platform and is “always on”

UDP Fragments

ICMP Floods

SYN Floods

ACK Floods

RESET Floods

UDP Floods

• No charge for Network Layer attack traffic as it is dropped at our Edge

• Most scalable solution (Tbps NOT Gbps)

• DNS layer attacks (~2% total) • Handled by Akamai eDNS/DNSSEC solution

• Application layer (Layer 7) attacks (~16% total)

• Handled by full featured Akamai WAF solution Deployed in-line

Protects against SQL Injections, Cross-Site Scripting, etc.

Includes Rate Controls and Custom Rules

Putting a web site on the Akamai platform significantly increases it’s security and resiliency


The Akamai Security Difference

• 11 years experience defending the largest attacks seen on the Internet

• 100+ security trained personnel, 30+ CISSPs

• 11 of CISSPs are on the Public Sector Team

• Massive scale: 7+Tb/sec; distributed across 1,100 networks

• Defend at one network hop from request - not at your origin

• Security without sacrificing performance

• Natively in path (No rerouting, no added latency, no single point of failure)

• Broadest range of protections in a single platform

• Transport, Application, DDoS, DNS and Data Protection

• PCI & ISO compliant secure delivery platform


Top Targets Peak Traffic Times Above Normal Traffic

US Government 1 125 Gbps 598x


Financial 1 26 Gbps 110x




US Government 6 1.90 Gbps 6x

US Government 7 0.73 Gbps *

The Largest DDoS Ever Recorded July 4th 2009 US Gov’t Targeted and Protected

Few common attackers between spikes. Only 4,284 IP’s Shared Across all Spikes.

125 Gb/sec Peak Bandwidth 795,000 page views a second 98,000 Unique IP’s in 30

minutes

300,000 total unique IP’s


July 2011

• City targeted by Anonymous for Political Retribution • DDoS attacks took down city websites

• Budget concerns regarding any solution

• Local governments simply do not need size of solutions used by global enterprises

• Contacted Akamai • Identified 9 target sites

• Within one day, had 9 sites on line with Akamai.

• Worked with City to create packaging which fits the needs of local government

• Result • Attacks were blocked

• 100% availability

• Increased performance



DDoS Mitigation Playbook

• Agreed upon Plan of Action • Customer, Akamai CCare, and Akamai’s PS team

• Recommended configuration

• Updated quarterly

• Clearly Defined Escalation Process • Identifies key POC in both a customer’s organization and Akamai.

Names, Emails, and Mobile numbers

• Outlines Prepared Mitigation Actions – In case of this type of attack, take this specific action


ddosing a federal government site is like throwing rocks at an army tank

Those sites were set up with the possibility of masses flooding them to get information after another

disaster like 9/11

By urself with hoic in never gonna happen

IRC Chat During and Attack

Questions? Contact:

John Howard

Akamai Government at Carahsoft

703-871-8537 (Direct) | 888-662-2724 (Toll-Free)

[email protected] www.carahsoft.com/akamai

mailto:[email protected]

http://www.carahsoft.com/akamai

Documents

Defending California Agencies Against DDoS Attacks …governmentvideosolutionsforum.com/pdf/Akamai05-03-12LunchLearn.pdf · 03/05/2012 · Defending California Agencies Against DDoS