DESAYUNO DE TRABAJO AKAMAI

Introducción a Akamai
Greivin Viquez (Senior Solution Engineer)
gviqueza@akamai.com

¿Qué es Akamai?

Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
We make the Internet
fast, reliable, and
secure.
What does Akamai do?

Grow revenue opportunities with fast,
personalized web experiences and manage
complexity from peak demand, mobile devices
and data collection.

Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
We are the leading provider of
cloud services for delivering,
optimizing and securing online
content and business
applications.
240,381+
Servers
133
Countries
1,634+
Networks
3,594+
Locations
PLATFORM STATS (Q1-2019):
OUR HISTORY:
Founded 1998 and rooted in MIT
technology—solving Internet
congestion with math not hardware.
TYPICAL DAILY TRAFFIC:
More than 2 trillion requests served
Delivering over 12 terabits/second
15-30% of all daily web traffic

Arquitectura ¿Cómo Akamai acelera y protege?
Customer DC
www.customer.com Akamai
Edge Server
Akamai
Site Shield
Akamai
Kona Site Defender
Akamai
Edge Server

Layered Security Approach
Network Layer Controls:
Block clients based on IP / Geography. Protection against unwanted
known entities
WAF
Transaction-based Detection. Good protection against Injection-based
Attacks (XSS, SQLi, RFI, etc.) & Insecure web app configuration
Recursive DNS
Mitigation of risk of malware and gaining additional intelligence on DNS
resolution requests originating internally
Client Reputation:
“track record”, behavioral profiling. Good protection against Scraping,
vulnerability scanning, distributed attacks, etc.
Similar to “Reason’s Swiss Cheese Model” - Each security layer
concentrates on different type of protection. The more layers we add,
we reduce the risk that malicious users will find their way in
Bot Manager:
Detection and management of bot related activity including the ability
to categorize bots and treat appropriately
Akamai Platform:
Only supports valid HTTP/HTTPS (80/443) TCP connections

WEB
PERFORMANCE
SOLUTIONS
CLOUD SECURITY
SOLUTIONS
MEDIA DELIVERY
SOLUTIONS
CLOUD
NETWORKING
SOLUTIONS
NETWORK
OPERATOR
SOLUTIONS
The Akamai Solutions
A comprehensive set of solutions
built on the Akamai Intelligent
Platform, and designed to meet the
online business needs of our
customers.
SERVICES & SUPPORT
1. ION
2. DSA
3. GTM / ALB
4. Cloudlets
5. mPulse
6. CloudTest
7. IPA
8. Image Manager
1. WAF: Kona Site Defender (KSD) y WAP
2. Prolexic (protección de DDoS)
3. FastDNS
4. Client Reputation
5. Bot Manager (Standard & Premier)
6. Enterprise Threat Protector (ETP)
7. Enterprise Application Access (EAA)

Akamai Has Proven Value
`
Media &
Entertainment CommerceHigh Tech Government
Financial
Services
Automotive /
Manufacturing
Top 5 Security
Companies
400+ Global
Retailers
All US Cabinet
All US Military
10 of 10 Top
Financial
All Major Auto
Companies
30 of Top 30 M&E
Companies

Akamai enables the
anytime, anywhere experience
Partnering with 1000+ commerce companies worldwide.
Securely enabling more than $350 billion in annual e-commerce transactions.
Trusted by 96 of the top 100 online retailers.

World’s leading travel firms rely on Akamai
HotelAirline Ground Cruise Agency Platform

Financial Services Firms Trust Akamai (NASDAQ: AKAM)
• All top 15 banks of U.S. (Source: The Banker)
• All top 10 asset managers (Source: Towers Watson)
• All top 10 P&C insurance carriers (Source: A.M. Best)
• 7 of the top 10 Life & Health carriers (Source: A.M. Best)
• 5 of the top 10 stock exchanges (Source: WFE)
• 9 of the top 10 FinTech companies (Source: American Banker)
• Top firms in Cards & Payments, Financial Information Services, Brokerage, and
Forex
• Over 100 banks worldwide use Akamai security solutions
Over $1 Trillion in financial transactions annually are
executed on the Akamai Intelligent Platform.

Casos prácticos
Aceleración web

Performance

Slower pages = higher bounce rates & less
engagement
Web Experiences Impact The Business
Slower pages = lower conversion rates
Source: Torbit

Increase Offload With Ion 1/3

Origin
600.344.455 / 9.6 TB
78.214.729 / 2.6 TB
OFF-LOAD
87% / 77%TB

Casos prácticos
Seguridad web

Why do they do it?
• Extortion (DD4BC)
• Get even !

Interesting links (1 of 3):
Best Booter / DDoSer - www.iDDos.net - 60Gb/s - Plans from
$3.99 - Multiple Attack Types - Anonymous
https://www.youtube.com/watch?v=HRZ7d_QL8jY
Best Booter Darkbooter Rated #1 on Top10Booters.com - NO
DOWNLOAD - ONLINE BOOTER - 60/Gbps
https://www.youtube.com/watch?v=PPI-Ef0b1Aw
Darkbooter - HUB Page - Tutorial
https://www.youtube.com/watch?v=d1lv0zG1cVg

Norse IpViking
http://map.norsecorp.com/
World's Biggest Data Breaches
http://www.informationisbeautiful.net/visualizations/worlds-
biggest-data-breaches-hacks/
Digital Attack Map
http://www.digitalattackmap.com/

DDoS-As-A-Service (“Booters”)
https://www.youtube.com/watch?v=MGcUJEx3ycc

Bancho de Chile
Hackeo interno en el Banco de Chile: informático robó 475 millones de pesos usando su PC
https://www.biobiochile.cl/especial/noticias/reportajes/reportajes-reportajes/2018/07/18/hackeo-interno-en-el-banco-de-chile-inform

SAT
http://www.elfinanciero.com.mx/tech/hackers-tumban-el-portal-del-sat.html
https://www.facebook.com/hackersdemexico.net.mx
21/03/2016 a las 15:03 DESDE COSTA RICA

SAT

Banxico
https://www.huffingtonpost.com.mx/2018/05/16/renuncia-directora-pagos-banxico-tras-
Renuncia la directora de pagos de Banxico tras ciberataque, reporta Reforma

Otros casos…!
Chile
España
México
Ecuador
Baltimore

Caso específico
Seguridad web

©2014 AKAMAI | FASTER FORWARDTM35
Case study 1: First Brobot Attack
DDoS campaign day 1 – large financial customer JAN 2012
6:15 am ATTACK BEGINS
The campaign starts as a DNS Flood. On-site mitigation is deployed. Two tier
1 telecom providers are engaged to provide upstream blocking of attack traffic.
7:30 am APPLIANCE FAILURE
On-site mitigation appliance fails. Local mitigation team gives up on appliance.
10:45 am TELECOM FAILURE
Both telecom DDoS service providers are proving to be ineffective against a multi-vectored UDP and
DNS attack. Attack size approximately 8-10 Gbps. Response time is approaching critical levels.
11:30 am CUSTOMER ACTIVATES PROLEXIC
Customer flips the BGP switch and all traffic from 2 out of 3 data centers is routed to Prolexic. The SOC
immediately starts the mitigation process and within 20 min the response times are down to a few seconds.
Three telecom bridges are opened with the customer; an attack line, a trouble shooting line, and a SERT
line to the FBI and Secret Service which includes the customers SERT team.
8:00 pm CUSTOMER PREPARATION
Preparing to route the 3rd
and final data center over to Prolexic.

DDoS campaign day 2 – large financial customer
8:30 am ATTACK VECTOR MORPHS TO DNS
Another major attack was initiated. It was a multi-vectored
attack which included a DNS Flood and a UDP Flood. The
attack peaked out at 13.4 Gbps and 600,000 pps.
10:00 am 100% PROLEXIC MITIGATION
The 3rd
and final data center is routed over to Prolexic.
All back channels to Web, DNS, VPN’s, Custom Apps protected.

9:00 am ATTACK COMPLEXITY INCREASES
Another major attack was initiated. It was a multi-vectored attack which was
comprised of a DNS Flood of 6.3 Gbps and 4.1 Mpps, a UDP Flood of 301
Mbps and 400K pps, a GET Flood, UDP Fragment, and ICMP Flood that
peaked at 7.1 Gbps and 11.3 Mpps.
10:00 am PROLEXIC BOTNET TAKEDOWN WITH FBI
The GET Flood attack finally provided some non spoofed IP addresses. Our
SERT team using information from several sources triangulated several
Command and Control PC’s or CNC’s . These addresses were then turned
over to law enforcement. The FBI proceeded to monitor them to get more
information.
8:00 pm BOTNET TAKEDOWN SUCCESSFUL
Several CNC’s were taken down.

11:00 am ATTACKER UNLEASHES EVERYTHING THEY HAVE
Another attack begins around 11 am. It started out small but by noon it had
morphed into a VERY LARGE and COMPLEX attack. The attack vectors included:
GET Flood, UDP Fragment, DNS Flood, ICMP Flood. This campaign peaked at a
very impressive 54.30 Gbps and 4.90 Mpps..
Note: Prolexic is the only company in the world able to mitigate this size of attack. It should be noted that we
were mitigating another 12 attacks for other clients at the same time as this 54 Gbps attack. That should give
you some idea how big our network is, the effectiveness of our services, and the skill level of our technicians.
Many providers would have been so focused on the huge attack that they would have missed the smaller, more
deadly Layer 7 attack that was also launched.

9:30 am ALL QUIET ON THE BANKING FRONT
No large attacks were recorded on Day 5. The customer directed additional
traffic to Prolexic from some of its smaller, regional data centers.

12:00 pm HOME COUNTRY OF ATTACKER IDENTIFIED
Law enforcement narrows down the country origin of the attacker and starts to zero in.
Attacker unsuccessful in impacting customer over several days.
Many attacker C&C’s taken down.

Note: ATTACKS END
Attacks end on Day 7. Throughout the campaign the
customers perimeter assets remained functional and
responsive despite the best efforts of a very skilled
attacker.
The attack never became public and there was no lack
of continuity in the day-to-day business. If the
company did not have Prolexic in place the outcome of
the campaign would have been dramatically different.
Note: FORENSICS
After several months of detailed forensics, it was evident
the attackers had done extensive analysis of the target
prior to the attack.

Demo !
Seguridad web

Questions?

DESAYUNO DE TRABAJO AKAMAI

More Related Content

DESAYUNO DE TRABAJO AKAMAI