DESAYUNO DE TRABAJO AKAMAI

2. Introducción a Akamai Greivin Viquez (Senior Solution Engineer) gviqueza@akamai.com

4. ©2014 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. We make the Internet fast, reliable, and secure. What does Akamai do?

6. ©2014 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. We are the leading provider of cloud services for delivering, optimizing and securing online content and business applications. 240,381+ Servers 133 Countries 1,634+ Networks 3,594+ Locations PLATFORM STATS (Q1-2019): OUR HISTORY: Founded 1998 and rooted in MIT technology—solving Internet congestion with math not hardware. TYPICAL DAILY TRAFFIC: More than 2 trillion requests served Delivering over 12 terabits/second 15-30% of all daily web traffic

7. ©2014 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Arquitectura ¿Cómo Akamai acelera y protege? Customer DC www.customer.com Akamai Edge Server Akamai Site Shield Akamai Kona Site Defender Akamai Edge Server

8. ©2014 AKAMAI | FASTER FORWARDTM Layered Security Approach Network Layer Controls: Block clients based on IP / Geography. Protection against unwanted known entities WAF Transaction-based Detection. Good protection against Injection-based Attacks (XSS, SQLi, RFI, etc.) & Insecure web app configuration Recursive DNS Mitigation of risk of malware and gaining additional intelligence on DNS resolution requests originating internally Client Reputation: “track record”, behavioral profiling. Good protection against Scraping, vulnerability scanning, distributed attacks, etc. Similar to “Reason’s Swiss Cheese Model” - Each security layer concentrates on different type of protection. The more layers we add, we reduce the risk that malicious users will find their way in Bot Manager: Detection and management of bot related activity including the ability to categorize bots and treat appropriately Akamai Platform: Only supports valid HTTP/HTTPS (80/443) TCP connections

9. ©2014 AKAMAI | FASTER FORWARDTM WEB PERFORMANCE SOLUTIONS CLOUD SECURITY SOLUTIONS MEDIA DELIVERY SOLUTIONS CLOUD NETWORKING SOLUTIONS NETWORK OPERATOR SOLUTIONS The Akamai Solutions A comprehensive set of solutions built on the Akamai Intelligent Platform, and designed to meet the online business needs of our customers. SERVICES & SUPPORT ©2014 AKAMAI | FASTER FORWARDTM 1. ION 2. DSA 3. GTM / ALB 4. Cloudlets 5. mPulse 6. CloudTest 7. IPA 8. Image Manager 1. WAF: Kona Site Defender (KSD) y WAP 2. Prolexic (protección de DDoS) 3. FastDNS 4. Client Reputation 5. Bot Manager (Standard & Premier) 6. Enterprise Threat Protector (ETP) 7. Enterprise Application Access (EAA)

10. ©2014 AKAMAI | FASTER FORWARDTM Akamai Has Proven Value ` Media & Entertainment CommerceHigh Tech Government Financial Services Automotive / Manufacturing Top 5 Security Companies 400+ Global Retailers All US Cabinet All US Military 10 of 10 Top Financial All Major Auto Companies 30 of Top 30 M&E Companies

11. ©2014 AKAMAI | FASTER FORWARDTM Akamai enables the anytime, anywhere experience Partnering with 1000+ commerce companies worldwide. Securely enabling more than $350 billion in annual e-commerce transactions. Trusted by 96 of the top 100 online retailers.

12. ©2014 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. World’s leading travel firms rely on Akamai HotelAirline Ground Cruise Agency Platform

13. ©2014 AKAMAI | FASTER FORWARDTM Financial Services Firms Trust Akamai (NASDAQ: AKAM) • All top 15 banks of U.S. (Source: The Banker) • All top 10 asset managers (Source: Towers Watson) • All top 10 P&C insurance carriers (Source: A.M. Best) • 7 of the top 10 Life & Health carriers (Source: A.M. Best) • 5 of the top 10 stock exchanges (Source: WFE) • 9 of the top 10 FinTech companies (Source: American Banker) • Top firms in Cards & Payments, Financial Information Services, Brokerage, and Forex • Over 100 banks worldwide use Akamai security solutions Over $1 Trillion in financial transactions annually are executed on the Akamai Intelligent Platform.

23. ©2014 AKAMAI | FASTER FORWARDTM Interesting links (1 of 3): Best Booter / DDoSer - www.iDDos.net - 60Gb/s - Plans from $3.99 - Multiple Attack Types - Anonymous https://www.youtube.com/watch?v=HRZ7d_QL8jY Best Booter Darkbooter Rated #1 on Top10Booters.com - NO DOWNLOAD - ONLINE BOOTER - 60/Gbps https://www.youtube.com/watch?v=PPI-Ef0b1Aw Darkbooter - HUB Page - Tutorial https://www.youtube.com/watch?v=d1lv0zG1cVg

24. ©2014 AKAMAI | FASTER FORWARDTM Interesting links (2 of 3): Norse IpViking http://map.norsecorp.com/ World's Biggest Data Breaches http://www.informationisbeautiful.net/visualizations/worlds- biggest-data-breaches-hacks/ Digital Attack Map http://www.digitalattackmap.com/

27. ©2014 AKAMAI | FASTER FORWARDTM Bancho de Chile Hackeo interno en el Banco de Chile: informático robó 475 millones de pesos usando su PC https://www.biobiochile.cl/especial/noticias/reportajes/reportajes-reportajes/2018/07/18/hackeo-interno-en-el-banco-de-chile-inform

28. ©2014 AKAMAI | FASTER FORWARDTM SAT http://www.elfinanciero.com.mx/tech/hackers-tumban-el-portal-del-sat.html https://www.facebook.com/hackersdemexico.net.mx 21/03/2016 a las 15:03 DESDE COSTA RICA

32. ©2014 AKAMAI | FASTER FORWARDTM Banxico https://www.huffingtonpost.com.mx/2018/05/16/renuncia-directora-pagos-banxico-tras- Renuncia la directora de pagos de Banxico tras ciberataque, reporta Reforma

35. ©2014 AKAMAI | FASTER FORWARDTM35 Case study 1: First Brobot Attack DDoS campaign day 1 – large financial customer JAN 2012 6:15 am ATTACK BEGINS The campaign starts as a DNS Flood. On-site mitigation is deployed. Two tier 1 telecom providers are engaged to provide upstream blocking of attack traffic. 7:30 am APPLIANCE FAILURE On-site mitigation appliance fails. Local mitigation team gives up on appliance. 10:45 am TELECOM FAILURE Both telecom DDoS service providers are proving to be ineffective against a multi-vectored UDP and DNS attack. Attack size approximately 8-10 Gbps. Response time is approaching critical levels. 11:30 am CUSTOMER ACTIVATES PROLEXIC Customer flips the BGP switch and all traffic from 2 out of 3 data centers is routed to Prolexic. The SOC immediately starts the mitigation process and within 20 min the response times are down to a few seconds. Three telecom bridges are opened with the customer; an attack line, a trouble shooting line, and a SERT line to the FBI and Secret Service which includes the customers SERT team. 8:00 pm CUSTOMER PREPARATION Preparing to route the 3rd and final data center over to Prolexic.

36. ©2014 AKAMAI | FASTER FORWARDTM36 DDoS campaign day 2 – large financial customer 8:30 am ATTACK VECTOR MORPHS TO DNS Another major attack was initiated. It was a multi-vectored attack which included a DNS Flood and a UDP Flood. The attack peaked out at 13.4 Gbps and 600,000 pps. 10:00 am 100% PROLEXIC MITIGATION The 3rd and final data center is routed over to Prolexic. All back channels to Web, DNS, VPN’s, Custom Apps protected.

37. ©2014 AKAMAI | FASTER FORWARDTM37 DDoS campaign day 3 – large financial customer 9:00 am ATTACK COMPLEXITY INCREASES Another major attack was initiated. It was a multi-vectored attack which was comprised of a DNS Flood of 6.3 Gbps and 4.1 Mpps, a UDP Flood of 301 Mbps and 400K pps, a GET Flood, UDP Fragment, and ICMP Flood that peaked at 7.1 Gbps and 11.3 Mpps. 10:00 am PROLEXIC BOTNET TAKEDOWN WITH FBI The GET Flood attack finally provided some non spoofed IP addresses. Our SERT team using information from several sources triangulated several Command and Control PC’s or CNC’s . These addresses were then turned over to law enforcement. The FBI proceeded to monitor them to get more information. 8:00 pm BOTNET TAKEDOWN SUCCESSFUL Several CNC’s were taken down.

38. ©2014 AKAMAI | FASTER FORWARDTM38 DDoS campaign day 4 – large financial customer 11:00 am ATTACKER UNLEASHES EVERYTHING THEY HAVE Another attack begins around 11 am. It started out small but by noon it had morphed into a VERY LARGE and COMPLEX attack. The attack vectors included: GET Flood, UDP Fragment, DNS Flood, ICMP Flood. This campaign peaked at a very impressive 54.30 Gbps and 4.90 Mpps.. Note: Prolexic is the only company in the world able to mitigate this size of attack. It should be noted that we were mitigating another 12 attacks for other clients at the same time as this 54 Gbps attack. That should give you some idea how big our network is, the effectiveness of our services, and the skill level of our technicians. Many providers would have been so focused on the huge attack that they would have missed the smaller, more deadly Layer 7 attack that was also launched.

39. ©2014 AKAMAI | FASTER FORWARDTM39 DDoS campaign day 5 – large financial customer 9:30 am ALL QUIET ON THE BANKING FRONT No large attacks were recorded on Day 5. The customer directed additional traffic to Prolexic from some of its smaller, regional data centers.

40. ©2014 AKAMAI | FASTER FORWARDTM40 DDoS campaign day 6 – large financial customer 12:00 pm HOME COUNTRY OF ATTACKER IDENTIFIED Law enforcement narrows down the country origin of the attacker and starts to zero in. Attacker unsuccessful in impacting customer over several days. Many attacker C&C’s taken down.

41. ©2014 AKAMAI | FASTER FORWARDTM41 DDoS campaign day 7 – large financial customer Note: ATTACKS END Attacks end on Day 7. Throughout the campaign the customers perimeter assets remained functional and responsive despite the best efforts of a very skilled attacker. The attack never became public and there was no lack of continuity in the day-to-day business. If the company did not have Prolexic in place the outcome of the campaign would have been dramatically different. Note: FORENSICS After several months of detailed forensics, it was evident the attackers had done extensive analysis of the target prior to the attack.

DESAYUNO DE TRABAJO AKAMAI

Vous êtes en train de lire un aperçu.

Consultez-les par la suite

DESAYUNO DE TRABAJO AKAMAI

Plus De Contenu Connexe

Diaporamas pour vous (16)

Similaire à DESAYUNO DE TRABAJO AKAMAI (20)

Plus par Cristian Garcia G. (20)

Plus récents (20)