Akamai Korea - Tech Day (2015/03/11) DNS

Brandon Kang
Brandon KangService Platform Architect
Akamai Tech Day - DNS 손연호, Solutions Architect
©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Internet A Critical Service for Web Infrastructure Application Web or productivity Users Customers or employees Internet DNS Connecting users with applications
©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Common DNS Challenges Availability •  Many organizations rely on just two or three DNS servers •  Any DNS outage will result in site downtime Performance •  Closest DNS server may be physically far away •  High latency leads to longer page load times Security •  DNS infrastructure exposed to the Internet •  Popular DDoS attack vector •  Forgery or manipulation of DNS data
©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Every Page Load Begins with DNS DNS lookup Time to first byte Initial connection Content download www.akamai.com 70 ms 60 ms 60 ms 140 ms
©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Web Page Test http://www.webpagetest.org/
©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Web Page Test
©2015 AKAMAI | FASTER FORWARDTM DNS Prefetch https://developers.google.com/speed/pagespeed/service/PreResolveDns
©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Response Times Over Time
©2015 AKAMAI | FASTER FORWARDTM Case Study: DDoS Attack against Media Company 0 20 40 60 80 100 120 •  Q2 14 attack targeted a politically-active newspaper in APJ Phase 1 •  Bandwidth: 88 Gbps •  Requests: 56 Mpps •  Duration: 18 hours Phase 2 •  Bandwidth: 93 Gbps •  Packets: 53 Mpps •  Duration: 30 hours Phase 3 •  Bandwidth: 111 Gbps •  Packets: 53 Mpps •  Duration: 3 hours W Th F S S M T W Th F S S
©2015 AKAMAI | FASTER FORWARDTM DNS Hijacking https://community.akamai.com/community/cloud-security/blog/2014/12/01/x-post-fresh-wave-of-dns-record-hijacking- attacks-reported
©2015 AKAMAI | FASTER FORWARDTM DNS Hijacking
©2015 AKAMAI | FASTER FORWARDTM DNSSEC http://krnic.or.kr/jsp/resources/dns/dnssecInfo/dnssecInfo.jsp http://datatracker.ietf.org/wg/dnsext/documents/
©2015 AKAMAI | FASTER FORWARDTM Protecting against DDoS Over-provision DNS Servers Build-in High Availability Set Rate Limit by Source IP Address Set Rate Limit by Destination IP Address Close your ‘Open’ DNS Recursive Server Use Cloud-Based Anycast Servers
©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. FastDNS - Guaranteed Availability % Availability 0 10 20 30 40 50 60 70 80 90 100 •  DNS infrastructure architected with massive scale and IP Anycast technology •  Name servers distributed across multiple networks and geographies for additional redundancy •  100% uptime service level agreement (SLA)
©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. FastDNS - Improving User Experience with Zone Apex Mapping Response (ms) 0 20 40 60 80 100 120 140 160 180 200 220 Akamai Vendor 1 Vendor 2 •  Incorporates Akamai mapping data into name resolution •  Resolves DNS requests directly to the optimal edge server •  Dramatic improvement to overall user experience
©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Transfer •  Migrate DNS resolution to a cloud- based service •  Transfer DDoS risk and responsibility to Akamai Absorb •  Normal traffic less than 1 percent of total capacity •  No additional fees for DDoS-related traffic Block •  Restrict responses to known good DNS servers •  Rate limit DNS traffic from malicious IP addresses FastDNS - Improved Protection from DDoS Attacks
©2015 AKAMAI | FASTER FORWARDTM FastDNS - DNSSEC with Secure Option (add-on module) Protects against DNS forgery and manipulation Reduces overhead required to maintain DNSSEC compliance Serve Customer provides ZSK and KSK and is responsible for key rotation Sign and Serve Akamai provides ZSK and KSK and leverages Akamai KMI for key rotation End user
Akamai Korea - Tech Day (2015/03/11) DNS
1 of 18

Akamai Korea - Tech Day (2015/03/11) DNS

Download to read offline
Internet

Akamai Korea - Tech Day (2015/03/11) DNS

Brandon Kang
Brandon KangService Platform Architect

Recommended

Akamai Korea - Tech Day (2015/03/11) HTTP/2 by
Akamai Korea - Tech Day (2015/03/11) HTTP/2Akamai Korea - Tech Day (2015/03/11) HTTP/2
Akamai Korea - Tech Day (2015/03/11) HTTP/2Brandon Kang
6.1K views47 slides
Akamai 서비스 트러블 슈팅 및 테스트 방법과 도구 by
Akamai 서비스 트러블 슈팅 및 테스트 방법과 도구Akamai 서비스 트러블 슈팅 및 테스트 방법과 도구
Akamai 서비스 트러블 슈팅 및 테스트 방법과 도구Brandon Kang
1.3K views52 slides
Real world experiences with HTTP/2 (Michael Gooding, Javier Garza from Akamai) by
Real world experiences with HTTP/2 (Michael Gooding, Javier Garza from Akamai)Real world experiences with HTTP/2 (Michael Gooding, Javier Garza from Akamai)
Real world experiences with HTTP/2 (Michael Gooding, Javier Garza from Akamai)💻 Javier Garza
2.7K views67 slides
Content Growth by Kams Yueng by
Content Growth by Kams YuengContent Growth by Kams Yueng
Content Growth by Kams YuengMyNOG
3.8K views36 slides
Hans Nipshagen (Akamai) | TU - Hack & Attacks by
Hans Nipshagen (Akamai) | TU - Hack & AttacksHans Nipshagen (Akamai) | TU - Hack & Attacks
Hans Nipshagen (Akamai) | TU - Hack & AttacksMedia Perspectives
916 views14 slides
Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ... by
Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...
Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...IDATE DigiWorld
6.8K views34 slides

More Related Content

What's hot

Open source Cloud Automation Platform by
Open source Cloud Automation PlatformOpen source Cloud Automation Platform
Open source Cloud Automation PlatformKishore Neelamegam
3.2K views43 slides
Gwava gwava6 by
Gwava gwava6Gwava gwava6
Gwava gwava6GWAVA
670 views19 slides
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance by
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceIncapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceImperva Incapsula
766 views21 slides
Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs) by
Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs)Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs)
Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs)Akamai Developers & Admins
248 views23 slides
Metrics, metrics everywhere (but where the heck do you start?) by
Metrics, metrics everywhere (but where the heck do you start?)Metrics, metrics everywhere (but where the heck do you start?)
Metrics, metrics everywhere (but where the heck do you start?)Tammy Everts
3.6K views121 slides
A Modern Approach to Performance Monitoring by
A Modern Approach to Performance MonitoringA Modern Approach to Performance Monitoring
A Modern Approach to Performance MonitoringCliff Crocker
4.6K views50 slides

What's hot(20)

Open source Cloud Automation Platform by Kishore Neelamegam
Open source Cloud Automation PlatformOpen source Cloud Automation Platform
Open source Cloud Automation Platform
Kishore Neelamegam3.2K views
Gwava gwava6 by GWAVA
Gwava gwava6Gwava gwava6
Gwava gwava6
GWAVA 670 views
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance by Imperva Incapsula
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceIncapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Imperva Incapsula766 views
Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs) by Akamai Developers & Admins
Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs)Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs)
Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs)
Akamai Developers & Admins248 views
Metrics, metrics everywhere (but where the heck do you start?) by Tammy Everts
Metrics, metrics everywhere (but where the heck do you start?)Metrics, metrics everywhere (but where the heck do you start?)
Metrics, metrics everywhere (but where the heck do you start?)
Tammy Everts3.6K views
A Modern Approach to Performance Monitoring by Cliff Crocker
A Modern Approach to Performance MonitoringA Modern Approach to Performance Monitoring
A Modern Approach to Performance Monitoring
Cliff Crocker4.6K views
F5 Networks BIG-IP LTM Virtual Edition by DSorensenCPR
F5 Networks BIG-IP LTM Virtual EditionF5 Networks BIG-IP LTM Virtual Edition
F5 Networks BIG-IP LTM Virtual Edition
DSorensenCPR4.1K views
VMware 2V0-21.20 Practice Test by Armstrongsmith
VMware 2V0-21.20 Practice Test VMware 2V0-21.20 Practice Test
VMware 2V0-21.20 Practice Test
Armstrongsmith84 views
Veeam Availability Suite version 10 by Tanawit Chansuchai
Veeam Availability Suite version 10Veeam Availability Suite version 10
Veeam Availability Suite version 10
Tanawit Chansuchai598 views
Belgrade when its just too slow by Doug Sillars
Belgrade when its just too slowBelgrade when its just too slow
Belgrade when its just too slow
Doug Sillars153 views
IBC Content Everywhere Hub Presentation: HTML5 And Fastest Encoding by Bitmovin Inc
IBC Content Everywhere Hub Presentation: HTML5 And Fastest EncodingIBC Content Everywhere Hub Presentation: HTML5 And Fastest Encoding
IBC Content Everywhere Hub Presentation: HTML5 And Fastest Encoding
Bitmovin Inc1.9K views
Qa fest kiev_when its just too slow by Doug Sillars
Qa fest kiev_when its just too slowQa fest kiev_when its just too slow
Qa fest kiev_when its just too slow
Doug Sillars103 views
Extending Availability to the Cloud by Yoong Seng Lai
Extending Availability to the CloudExtending Availability to the Cloud
Extending Availability to the Cloud
Yoong Seng Lai13.2K views
Cloud Security: Attacking The Metadata Service by Puma Security, LLC
Cloud Security: Attacking The Metadata ServiceCloud Security: Attacking The Metadata Service
Cloud Security: Attacking The Metadata Service
Puma Security, LLC1.1K views
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated Environments by Puma Security, LLC
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated EnvironmentsLessons Learned Deploying Modern Cloud Systems in Highly Regulated Environments
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated Environments
Puma Security, LLC406 views
Hacking Web Performance by Maximiliano Firtman
Hacking Web Performance Hacking Web Performance
Hacking Web Performance
Maximiliano Firtman1.2K views
Best Practices Guide: Introducing Web Application Firewalls by alexmeisel
Best Practices Guide: Introducing Web Application FirewallsBest Practices Guide: Introducing Web Application Firewalls
Best Practices Guide: Introducing Web Application Firewalls
alexmeisel4K views
Metrics, Metrics Everywhere (but where the heck do you start?) by SOASTA
Metrics, Metrics Everywhere (but where the heck do you start?)Metrics, Metrics Everywhere (but where the heck do you start?)
Metrics, Metrics Everywhere (but where the heck do you start?)
SOASTA4.3K views
Drupal CDN integration: easier, more flexible and faster! by Wim Leers
Drupal CDN integration: easier, more flexible and faster!Drupal CDN integration: easier, more flexible and faster!
Drupal CDN integration: easier, more flexible and faster!
Wim Leers5.6K views
Deep Automation and ML-Driven Analytics for Application Services by Avi Networks
Deep Automation and ML-Driven Analytics for Application ServicesDeep Automation and ML-Driven Analytics for Application Services
Deep Automation and ML-Driven Analytics for Application Services
Avi Networks376 views

Viewers also liked

HTTP 발표자료 - 김연수 by
HTTP 발표자료 - 김연수HTTP 발표자료 - 김연수
HTTP 발표자료 - 김연수Yeon Soo Kim
5.4K views24 slides
HTTP/2와 웹 성능 최적화 방안 by
HTTP/2와 웹 성능 최적화 방안HTTP/2와 웹 성능 최적화 방안
HTTP/2와 웹 성능 최적화 방안Brandon Kang
3.9K views35 slides
HTML5 for web app. development by
HTML5 for web app. developmentHTML5 for web app. development
HTML5 for web app. developmentBrandon Kang
1.3K views23 slides
Http 헤더 by
Http 헤더Http 헤더
Http 헤더kidoki
5K views26 slides
Performance Implications of Mobile Design (Perf Audience Edition) by
Performance Implications of Mobile Design (Perf Audience Edition)Performance Implications of Mobile Design (Perf Audience Edition)
Performance Implications of Mobile Design (Perf Audience Edition)Guy Podjarny
7.9K views60 slides
Agile - SCRUM을 통한 개발관리 by
Agile - SCRUM을 통한 개발관리Agile - SCRUM을 통한 개발관리
Agile - SCRUM을 통한 개발관리Brandon Kang
13.4K views78 slides

Viewers also liked(11)

HTTP 발표자료 - 김연수 by Yeon Soo Kim
HTTP 발표자료 - 김연수HTTP 발표자료 - 김연수
HTTP 발표자료 - 김연수
Yeon Soo Kim5.4K views
HTTP/2와 웹 성능 최적화 방안 by Brandon Kang
HTTP/2와 웹 성능 최적화 방안HTTP/2와 웹 성능 최적화 방안
HTTP/2와 웹 성능 최적화 방안
Brandon Kang3.9K views
HTML5 for web app. development by Brandon Kang
HTML5 for web app. developmentHTML5 for web app. development
HTML5 for web app. development
Brandon Kang1.3K views
Http 헤더 by kidoki
Http 헤더Http 헤더
Http 헤더
kidoki5K views
Performance Implications of Mobile Design (Perf Audience Edition) by Guy Podjarny
Performance Implications of Mobile Design (Perf Audience Edition)Performance Implications of Mobile Design (Perf Audience Edition)
Performance Implications of Mobile Design (Perf Audience Edition)
Guy Podjarny7.9K views
Agile - SCRUM을 통한 개발관리 by Brandon Kang
Agile - SCRUM을 통한 개발관리Agile - SCRUM을 통한 개발관리
Agile - SCRUM을 통한 개발관리
Brandon Kang13.4K views
SPDY : 더 빠른 웹을 위한 프로토콜 by Yunsang Choi
SPDY : 더 빠른 웹을 위한 프로토콜SPDY : 더 빠른 웹을 위한 프로토콜
SPDY : 더 빠른 웹을 위한 프로토콜
Yunsang Choi14.5K views
Http by Luavis Kang
HttpHttp
Http
Luavis Kang2.5K views
Mqtt 소개 by Junho Lee
Mqtt 소개Mqtt 소개
Mqtt 소개
Junho Lee4.9K views
더 빠른 웹을 위해: HTTP/2 by EungJun Yi
더 빠른 웹을 위해: HTTP/2더 빠른 웹을 위해: HTTP/2
더 빠른 웹을 위해: HTTP/2
EungJun Yi33.5K views
ARM CoAP Tutorial by zdshelby
ARM CoAP TutorialARM CoAP Tutorial
ARM CoAP Tutorial
zdshelby79.5K views

Similar to Akamai Korea - Tech Day (2015/03/11) DNS

Jeroen Wijdogen (Akamai) | TU - Hacks & Attacks by
Jeroen Wijdogen (Akamai) | TU - Hacks & AttacksJeroen Wijdogen (Akamai) | TU - Hacks & Attacks
Jeroen Wijdogen (Akamai) | TU - Hacks & AttacksMedia Perspectives
772 views34 slides
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t... by
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...PROIDEA
629 views44 slides
Holiday Retail Readiness: Preparing For Peak by
Holiday Retail Readiness: Preparing For PeakHoliday Retail Readiness: Preparing For Peak
Holiday Retail Readiness: Preparing For PeakG3 Communications
1K views48 slides
Tom uk soti_final_without video.4.21.15 by
Tom uk soti_final_without video.4.21.15Tom uk soti_final_without video.4.21.15
Tom uk soti_final_without video.4.21.15Liz Bradley
676 views51 slides
Fast DNS DNS Product Brief - resolution that is fast, reliable and secure by
Fast DNS DNS Product Brief - resolution that is fast, reliable and secureFast DNS DNS Product Brief - resolution that is fast, reliable and secure
Fast DNS DNS Product Brief - resolution that is fast, reliable and secureAkamai Technologies
1.7K views2 slides
The DNS of Things by
The DNS of ThingsThe DNS of Things
The DNS of ThingsPeter Silva
762 views22 slides

Similar to Akamai Korea - Tech Day (2015/03/11) DNS(20)

Jeroen Wijdogen (Akamai) | TU - Hacks & Attacks by Media Perspectives
Jeroen Wijdogen (Akamai) | TU - Hacks & AttacksJeroen Wijdogen (Akamai) | TU - Hacks & Attacks
Jeroen Wijdogen (Akamai) | TU - Hacks & Attacks
Media Perspectives772 views
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t... by PROIDEA
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...
PROIDEA629 views
Holiday Retail Readiness: Preparing For Peak by G3 Communications
Holiday Retail Readiness: Preparing For PeakHoliday Retail Readiness: Preparing For Peak
Holiday Retail Readiness: Preparing For Peak
G3 Communications 1K views
Tom uk soti_final_without video.4.21.15 by Liz Bradley
Tom uk soti_final_without video.4.21.15Tom uk soti_final_without video.4.21.15
Tom uk soti_final_without video.4.21.15
Liz Bradley676 views
Fast DNS DNS Product Brief - resolution that is fast, reliable and secure by Akamai Technologies
Fast DNS DNS Product Brief - resolution that is fast, reliable and secureFast DNS DNS Product Brief - resolution that is fast, reliable and secure
Fast DNS DNS Product Brief - resolution that is fast, reliable and secure
Akamai Technologies1.7K views
The DNS of Things by Peter Silva
The DNS of ThingsThe DNS of Things
The DNS of Things
Peter Silva762 views
How to Reduce Latency with Cloudflare Argo Smart Routing by Cloudflare
How to Reduce Latency with Cloudflare Argo Smart RoutingHow to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart Routing
Cloudflare2.3K views
Kona Site Defender Product Brief - Multi-layered defense to protect websites ... by Akamai Technologies
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...Kona Site Defender Product Brief - Multi-layered defense to protect websites ...
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...
Akamai Technologies1.1K views
Velocity EU 2014: Recycling the Web (why it's slowing your mobile app) by Colin Bendell
Velocity EU 2014: Recycling the Web (why it's slowing your mobile app)Velocity EU 2014: Recycling the Web (why it's slowing your mobile app)
Velocity EU 2014: Recycling the Web (why it's slowing your mobile app)
Colin Bendell1.9K views
Closing the Loop on Web Application Vulnerabilities - John Dilley, Akamai by Akamai Technologies
Closing the Loop on Web Application Vulnerabilities - John Dilley, AkamaiClosing the Loop on Web Application Vulnerabilities - John Dilley, Akamai
Closing the Loop on Web Application Vulnerabilities - John Dilley, Akamai
Akamai Technologies2.8K views
Great Expectations - Dr. Tom Leighton, Akamai by Akamai Technologies
Great Expectations - Dr. Tom Leighton, AkamaiGreat Expectations - Dr. Tom Leighton, Akamai
Great Expectations - Dr. Tom Leighton, Akamai
Akamai Technologies2.1K views
Using a secured, cloud-delivered SD-WAN to transform your business network by Netpluz Asia Pte Ltd
Using a secured, cloud-delivered SD-WAN to transform your business networkUsing a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business network
Netpluz Asia Pte Ltd3.3K views
Atmosphere 2014: Helping the Internet to scale since 1998 - Paweł Kuśmierski by PROIDEA
Atmosphere 2014: Helping the Internet to scale since 1998 - Paweł KuśmierskiAtmosphere 2014: Helping the Internet to scale since 1998 - Paweł Kuśmierski
Atmosphere 2014: Helping the Internet to scale since 1998 - Paweł Kuśmierski
PROIDEA341 views
Don't Get Schooled: Performance and Security Tips from a Leading Education Sa... by Meghan Weinreich
Don't Get Schooled: Performance and Security Tips from a Leading Education Sa...Don't Get Schooled: Performance and Security Tips from a Leading Education Sa...
Don't Get Schooled: Performance and Security Tips from a Leading Education Sa...
Meghan Weinreich294 views
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado by Cristian Garcia G.
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Cristian Garcia G.181 views
Accelerate your digital transformation by Cloudflare
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
Cloudflare325 views
SSL for SaaS Providers by Cloudflare
SSL for SaaS ProvidersSSL for SaaS Providers
SSL for SaaS Providers
Cloudflare7.7K views
Building Resilient Applications with Cloudflare DNS by DevOps.com
Building Resilient Applications with Cloudflare DNSBuilding Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNS
DevOps.com174 views
TL;DR Web Performance Workshop by Gareth Hughes
TL;DR Web Performance WorkshopTL;DR Web Performance Workshop
TL;DR Web Performance Workshop
Gareth Hughes1.5K views
The Network Fabric for Your Digital Transformation by Amazon Web Services
The Network Fabric for Your Digital TransformationThe Network Fabric for Your Digital Transformation
The Network Fabric for Your Digital Transformation
Amazon Web Services421 views

More from Brandon Kang

웹에 빠른 날개를 달아주는 웹 성능 향상 이야기 by
웹에 빠른 날개를 달아주는 웹 성능 향상 이야기웹에 빠른 날개를 달아주는 웹 성능 향상 이야기
웹에 빠른 날개를 달아주는 웹 성능 향상 이야기Brandon Kang
23 views43 slides
Web Performance Optimization with HTTP/3 by
Web Performance Optimization with HTTP/3Web Performance Optimization with HTTP/3
Web Performance Optimization with HTTP/3Brandon Kang
184 views37 slides
How to Replicate PostgreSQL Database by
How to Replicate PostgreSQL DatabaseHow to Replicate PostgreSQL Database
How to Replicate PostgreSQL DatabaseBrandon Kang
181 views13 slides
Scalability strategies for cloud based system architecture by
Scalability strategies for cloud based system architectureScalability strategies for cloud based system architecture
Scalability strategies for cloud based system architectureBrandon Kang
281 views39 slides
HTTP/3 시대의 웹 성능 최적화 기술 이해하기 by
HTTP/3 시대의 웹 성능 최적화 기술 이해하기HTTP/3 시대의 웹 성능 최적화 기술 이해하기
HTTP/3 시대의 웹 성능 최적화 기술 이해하기Brandon Kang
6.1K views39 slides
수요자 중심의 클라우드 운영 및 전략 (CIO Summit 2019) by
수요자 중심의 클라우드 운영 및 전략 (CIO Summit 2019)수요자 중심의 클라우드 운영 및 전략 (CIO Summit 2019)
수요자 중심의 클라우드 운영 및 전략 (CIO Summit 2019)Brandon Kang
254 views37 slides

More from Brandon Kang(10)

웹에 빠른 날개를 달아주는 웹 성능 향상 이야기 by Brandon Kang
웹에 빠른 날개를 달아주는 웹 성능 향상 이야기웹에 빠른 날개를 달아주는 웹 성능 향상 이야기
웹에 빠른 날개를 달아주는 웹 성능 향상 이야기
Brandon Kang23 views
Web Performance Optimization with HTTP/3 by Brandon Kang
Web Performance Optimization with HTTP/3Web Performance Optimization with HTTP/3
Web Performance Optimization with HTTP/3
Brandon Kang184 views
How to Replicate PostgreSQL Database by Brandon Kang
How to Replicate PostgreSQL DatabaseHow to Replicate PostgreSQL Database
How to Replicate PostgreSQL Database
Brandon Kang181 views
Scalability strategies for cloud based system architecture by Brandon Kang
Scalability strategies for cloud based system architectureScalability strategies for cloud based system architecture
Scalability strategies for cloud based system architecture
Brandon Kang281 views
HTTP/3 시대의 웹 성능 최적화 기술 이해하기 by Brandon Kang
HTTP/3 시대의 웹 성능 최적화 기술 이해하기HTTP/3 시대의 웹 성능 최적화 기술 이해하기
HTTP/3 시대의 웹 성능 최적화 기술 이해하기
Brandon Kang6.1K views
수요자 중심의 클라우드 운영 및 전략 (CIO Summit 2019) by Brandon Kang
수요자 중심의 클라우드 운영 및 전략 (CIO Summit 2019)수요자 중심의 클라우드 운영 및 전략 (CIO Summit 2019)
수요자 중심의 클라우드 운영 및 전략 (CIO Summit 2019)
Brandon Kang254 views
How to develop and localize Xbox 360 titles by Brandon Kang
How to develop and localize Xbox 360 titlesHow to develop and localize Xbox 360 titles
How to develop and localize Xbox 360 titles
Brandon Kang281 views
HTTP 프로토콜의 이해와 활용 by Brandon Kang
HTTP 프로토콜의 이해와 활용HTTP 프로토콜의 이해와 활용
HTTP 프로토콜의 이해와 활용
Brandon Kang180 views
XNA2.0 Network Programming by Brandon Kang
XNA2.0 Network ProgrammingXNA2.0 Network Programming
XNA2.0 Network Programming
Brandon Kang1.5K views
XNA Introduction by Brandon Kang
XNA IntroductionXNA Introduction
XNA Introduction
Brandon Kang1K views

Recently uploaded

We see everywhere that many people are talking about technology.docx by
We see everywhere that many people are talking about technology.docxWe see everywhere that many people are talking about technology.docx
We see everywhere that many people are talking about technology.docxssuserc5935b
6 views2 slides
Building trust in our information ecosystem: who do we trust in an emergency by
Building trust in our information ecosystem: who do we trust in an emergencyBuilding trust in our information ecosystem: who do we trust in an emergency
Building trust in our information ecosystem: who do we trust in an emergencyTina Purnat
98 views18 slides
PORTFOLIO 1 (Bret Michael Pepito).pdf by
PORTFOLIO 1 (Bret Michael Pepito).pdfPORTFOLIO 1 (Bret Michael Pepito).pdf
PORTFOLIO 1 (Bret Michael Pepito).pdfbrejess0410
8 views6 slides
How to think like a threat actor for Kubernetes.pptx by
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptxLibbySchulze1
5 views33 slides
Is Entireweb better than Google by
Is Entireweb better than GoogleIs Entireweb better than Google
Is Entireweb better than Googlesebastianthomasbejan
12 views1 slide
information by
informationinformation
informationkhelgishekhar
8 views4 slides

Recently uploaded(12)

We see everywhere that many people are talking about technology.docx by ssuserc5935b
We see everywhere that many people are talking about technology.docxWe see everywhere that many people are talking about technology.docx
We see everywhere that many people are talking about technology.docx
ssuserc5935b6 views
Building trust in our information ecosystem: who do we trust in an emergency by Tina Purnat
Building trust in our information ecosystem: who do we trust in an emergencyBuilding trust in our information ecosystem: who do we trust in an emergency
Building trust in our information ecosystem: who do we trust in an emergency
Tina Purnat98 views
PORTFOLIO 1 (Bret Michael Pepito).pdf by brejess0410
PORTFOLIO 1 (Bret Michael Pepito).pdfPORTFOLIO 1 (Bret Michael Pepito).pdf
PORTFOLIO 1 (Bret Michael Pepito).pdf
brejess04108 views
How to think like a threat actor for Kubernetes.pptx by LibbySchulze1
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptx
LibbySchulze15 views
Is Entireweb better than Google by sebastianthomasbejan
Is Entireweb better than GoogleIs Entireweb better than Google
Is Entireweb better than Google
sebastianthomasbejan12 views
information by khelgishekhar
informationinformation
information
khelgishekhar8 views
Marketing and Community Building in Web3 by Federico Ast
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3
Federico Ast12 views
𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲 by Infosec train
𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲
𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲
Infosec train9 views
WEB 2.O TOOLS: Empowering education.pptx by narmadhamanohar21
WEB 2.O TOOLS: Empowering education.pptxWEB 2.O TOOLS: Empowering education.pptx
WEB 2.O TOOLS: Empowering education.pptx
narmadhamanohar2116 views
UiPath Document Understanding_Day 3.pptx by UiPathCommunity
UiPath Document Understanding_Day 3.pptxUiPath Document Understanding_Day 3.pptx
UiPath Document Understanding_Day 3.pptx
UiPathCommunity103 views
IETF 118: Starlink Protocol Performance by APNIC
IETF 118: Starlink Protocol PerformanceIETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol Performance
APNIC244 views
DU Series - Day 4.pptx by UiPathCommunity
DU Series - Day 4.pptxDU Series - Day 4.pptx
DU Series - Day 4.pptx
UiPathCommunity100 views

Akamai Korea - Tech Day (2015/03/11) DNS

  • 1. Akamai Tech Day - DNS 손연호, Solutions Architect
  • 2. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Internet A Critical Service for Web Infrastructure Application Web or productivity Users Customers or employees Internet DNS Connecting users with applications
  • 3. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Common DNS Challenges Availability •  Many organizations rely on just two or three DNS servers •  Any DNS outage will result in site downtime Performance •  Closest DNS server may be physically far away •  High latency leads to longer page load times Security •  DNS infrastructure exposed to the Internet •  Popular DDoS attack vector •  Forgery or manipulation of DNS data
  • 4. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Every Page Load Begins with DNS DNS lookup Time to first byte Initial connection Content download www.akamai.com 70 ms 60 ms 60 ms 140 ms
  • 5. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Web Page Test http://www.webpagetest.org/
  • 6. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Web Page Test
  • 7. ©2015 AKAMAI | FASTER FORWARDTM DNS Prefetch https://developers.google.com/speed/pagespeed/service/PreResolveDns
  • 8. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Response Times Over Time
  • 9. ©2015 AKAMAI | FASTER FORWARDTM Case Study: DDoS Attack against Media Company 0 20 40 60 80 100 120 •  Q2 14 attack targeted a politically-active newspaper in APJ Phase 1 •  Bandwidth: 88 Gbps •  Requests: 56 Mpps •  Duration: 18 hours Phase 2 •  Bandwidth: 93 Gbps •  Packets: 53 Mpps •  Duration: 30 hours Phase 3 •  Bandwidth: 111 Gbps •  Packets: 53 Mpps •  Duration: 3 hours W Th F S S M T W Th F S S
  • 10. ©2015 AKAMAI | FASTER FORWARDTM DNS Hijacking https://community.akamai.com/community/cloud-security/blog/2014/12/01/x-post-fresh-wave-of-dns-record-hijacking- attacks-reported
  • 11. ©2015 AKAMAI | FASTER FORWARDTM DNS Hijacking
  • 12. ©2015 AKAMAI | FASTER FORWARDTM DNSSEC http://krnic.or.kr/jsp/resources/dns/dnssecInfo/dnssecInfo.jsp http://datatracker.ietf.org/wg/dnsext/documents/
  • 13. ©2015 AKAMAI | FASTER FORWARDTM Protecting against DDoS Over-provision DNS Servers Build-in High Availability Set Rate Limit by Source IP Address Set Rate Limit by Destination IP Address Close your ‘Open’ DNS Recursive Server Use Cloud-Based Anycast Servers
  • 14. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. FastDNS - Guaranteed Availability % Availability 0 10 20 30 40 50 60 70 80 90 100 •  DNS infrastructure architected with massive scale and IP Anycast technology •  Name servers distributed across multiple networks and geographies for additional redundancy •  100% uptime service level agreement (SLA)
  • 15. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. FastDNS - Improving User Experience with Zone Apex Mapping Response (ms) 0 20 40 60 80 100 120 140 160 180 200 220 Akamai Vendor 1 Vendor 2 •  Incorporates Akamai mapping data into name resolution •  Resolves DNS requests directly to the optimal edge server •  Dramatic improvement to overall user experience
  • 16. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Transfer •  Migrate DNS resolution to a cloud- based service •  Transfer DDoS risk and responsibility to Akamai Absorb •  Normal traffic less than 1 percent of total capacity •  No additional fees for DDoS-related traffic Block •  Restrict responses to known good DNS servers •  Rate limit DNS traffic from malicious IP addresses FastDNS - Improved Protection from DDoS Attacks
  • 17. ©2015 AKAMAI | FASTER FORWARDTM FastDNS - DNSSEC with Secure Option (add-on module) Protects against DNS forgery and manipulation Reduces overhead required to maintain DNSSEC compliance Serve Customer provides ZSK and KSK and is responsible for key rotation Sign and Serve Akamai provides ZSK and KSK and leverages Akamai KMI for key rotation End user