Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Akamai Korea - Tech Day (2015/03/11) DNS

1,135 views

Published on

Akamai Korea - Tech Day (2015/03/11) DNS

Published in: Internet
  • Be the first to comment

Akamai Korea - Tech Day (2015/03/11) DNS

  1. 1. Akamai Tech Day - DNS 손연호, Solutions Architect
  2. 2. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Internet A Critical Service for Web Infrastructure Application Web or productivity Users Customers or employees Internet DNS Connecting users with applications
  3. 3. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Common DNS Challenges Availability •  Many organizations rely on just two or three DNS servers •  Any DNS outage will result in site downtime Performance •  Closest DNS server may be physically far away •  High latency leads to longer page load times Security •  DNS infrastructure exposed to the Internet •  Popular DDoS attack vector •  Forgery or manipulation of DNS data
  4. 4. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Every Page Load Begins with DNS DNS lookup Time to first byte Initial connection Content download www.akamai.com 70 ms 60 ms 60 ms 140 ms
  5. 5. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Web Page Test http://www.webpagetest.org/
  6. 6. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Web Page Test
  7. 7. ©2015 AKAMAI | FASTER FORWARDTM DNS Prefetch https://developers.google.com/speed/pagespeed/service/PreResolveDns
  8. 8. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Response Times Over Time
  9. 9. ©2015 AKAMAI | FASTER FORWARDTM Case Study: DDoS Attack against Media Company 0 20 40 60 80 100 120 •  Q2 14 attack targeted a politically-active newspaper in APJ Phase 1 •  Bandwidth: 88 Gbps •  Requests: 56 Mpps •  Duration: 18 hours Phase 2 •  Bandwidth: 93 Gbps •  Packets: 53 Mpps •  Duration: 30 hours Phase 3 •  Bandwidth: 111 Gbps •  Packets: 53 Mpps •  Duration: 3 hours W Th F S S M T W Th F S S
  10. 10. ©2015 AKAMAI | FASTER FORWARDTM DNS Hijacking https://community.akamai.com/community/cloud-security/blog/2014/12/01/x-post-fresh-wave-of-dns-record-hijacking- attacks-reported
  11. 11. ©2015 AKAMAI | FASTER FORWARDTM DNS Hijacking
  12. 12. ©2015 AKAMAI | FASTER FORWARDTM DNSSEC http://krnic.or.kr/jsp/resources/dns/dnssecInfo/dnssecInfo.jsp http://datatracker.ietf.org/wg/dnsext/documents/
  13. 13. ©2015 AKAMAI | FASTER FORWARDTM Protecting against DDoS Over-provision DNS Servers Build-in High Availability Set Rate Limit by Source IP Address Set Rate Limit by Destination IP Address Close your ‘Open’ DNS Recursive Server Use Cloud-Based Anycast Servers
  14. 14. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. FastDNS - Guaranteed Availability % Availability 0 10 20 30 40 50 60 70 80 90 100 •  DNS infrastructure architected with massive scale and IP Anycast technology •  Name servers distributed across multiple networks and geographies for additional redundancy •  100% uptime service level agreement (SLA)
  15. 15. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. FastDNS - Improving User Experience with Zone Apex Mapping Response (ms) 0 20 40 60 80 100 120 140 160 180 200 220 Akamai Vendor 1 Vendor 2 •  Incorporates Akamai mapping data into name resolution •  Resolves DNS requests directly to the optimal edge server •  Dramatic improvement to overall user experience
  16. 16. ©2015 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Transfer •  Migrate DNS resolution to a cloud- based service •  Transfer DDoS risk and responsibility to Akamai Absorb •  Normal traffic less than 1 percent of total capacity •  No additional fees for DDoS-related traffic Block •  Restrict responses to known good DNS servers •  Rate limit DNS traffic from malicious IP addresses FastDNS - Improved Protection from DDoS Attacks
  17. 17. ©2015 AKAMAI | FASTER FORWARDTM FastDNS - DNSSEC with Secure Option (add-on module) Protects against DNS forgery and manipulation Reduces overhead required to maintain DNSSEC compliance Serve Customer provides ZSK and KSK and is responsible for key rotation Sign and Serve Akamai provides ZSK and KSK and leverages Akamai KMI for key rotation End user

×