20150318 AkamaiSecurity LDP - Active ICT...
Transcript of 20150318 AkamaiSecurity LDP - Active ICT...
©2014 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.
�Ù§û
©2013 AKAMAI | FASTER FORWARDTM
• äL�Ù: Akamai Technologies Inc. • �Ù�À: äLƕŴžƚƥźſƀkűƣƏƞſŷ • āß: 1998q • y¦C�: 5,000>ı � • Įb�: 5,100Ùı � • ���Ù: ťŭƕŧƤƁůƈơŷƥŹ<=�Ù • �s�À: �Ě�Z1�ª2-1-3 �ªƃƝŸƃŽƢƥ • āß: 2003q • y¦C�: 120ı � • Įb�:ıL�ı350ıÙ �
T�İ�Üı(US Ó�ƄƟ)
0
200
400
600
800
1000
1200
1400
1600
1800
2000
07 08 09 10 11 12 13 14
678 790
860 1000
1160
1370
1570
1960
©2014 AKAMAI | FASTER FORWARDTM
• 1995qƮıƁŦƗƤƊƥƅƥŹƯƞƥ±ľWebťůźŸĦ�ŕăĬÿ´ţMITŐ�D • 1996qƮıMIT }Ê�^ŕ��ıƃƗƤƠŧƃƣ(uÙCEO)ŕžƥƗľij#�!ÇŐÿ´ŐĿşłőijʼnŕŊŚŕ,ÅÔťƟųƞŹƗţĄ�Ò÷
• 1997qƮ MITıƌŷƇŸŲƣƁŸƃ�ċ • 1998qƮıƑƣžƙƥĊĞţzŏAkamai Technologiesı(¦
ťŭƕŧŕ®:
©2014 AKAMAI | FASTER FORWARDTM
X
Customer Origin (Content Server)
End-User
1
10
100
10000
Origin Traffic
1000
WebťůźŸŕ»ħ �³ŕĸşŲƣƁƣƀŖťůźŸľ¯&ijŴŧƃĘĈóœģş
ŴŧƃŬƞŷƣ
ŪƣƄƛƥŵƥ
©2014 AKAMAI | FASTER FORWARDTM
Customer Origin (Content Server)
End-User
1
10
100
10000
Origin Traffic
1000
Akamai Traffic
1
10
100
10000
1000
ťŭƕŧœŜş#�ŮƙſŶƚ!ÇIJƥIJ!ÇĦ�ľÒÈŅŒĹ
ŴŧƃŬƞŷƣ
ŪƣƄƛƥŵƥ
ŲƣƁƣƀŮƙſŶƚ
ŲƣƁƣƀŮƙſŶƚ
ŲƣƁƣƀŮƙſŶƚ
ŲƣƁƣƀŮƙſŶƚ
ŲƣƁƣƀŮƙſŶƚ
©2014 AKAMAI | FASTER FORWARDTM
• Akamai EdgeServerţ�Ì�ŕISP/IXœěí�• ŧƣŽƥƇſƃ%Êîŕ90% �ľij1ƇſƃƢƥůƓſƐŐEdgeServerŘ�ê8ïıı • EdgeServerţĔņŏŧƣŽƥƇſƃŕƃƔơŷƥőÎĔõţp���
ťŭƕŧŕƐƝſƃƎūƥƗ
©2014 AKAMAI | FASTER FORWARDTM
�Ì�ŕıweb ƃƝƎŦſůŕ15-30%ţě� �Ì�Xŕč#�OŲƣƁƣƀƂƞƊƞƥƇſƃƢƥů
• �Ì�ŕƛƥŵƥœÁÇÔœĒ� • İĕŒŨũƏƦťƐƞűƥŶƜŕě� • ��ÒȽŐ��ţƄơſƐ
• �Ì�œŴƥƊƞŻƥŸľ#�
• 27.8Tbps ŕě�aìIJvs Xý©DDoS 300Gbps • İ8Ê�(SLA 100%)
ƐƝſƃƎūƥƗŕý©ő�ī�
170,000+ ŴƥƊƥ
2,700+ NP
102 L
1,320+ ƇſƃƢƥů
900+ Ěmı
2015 Q1ÆM
©2014 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection.
ůƝŨƄźŮƚƞƁŦ
©2014 AKAMAI | FASTER FORWARDTM
2009年7月4日米国政府機関を標的とした DDoS 攻撃アカマイは標的となったサイトを保護
“Between the volume of the requests and their frustrating nature, a Web site with few servers or limited bandwidth can quickly be taken down. Others with greater physical and financial resources can take the punishment. That may explain why high-volume Web sites such as those belonging to the White House, the Pentagon and the New York Stock Exchange were able to withstand such attacks with barely a hiccup, while the Federal Trade Commission's and the Transportation Department's were knocked offline
- Paul Wagenseil, Fox News
Akamaiがアタックを受け付けたおかげで顧客サイトの99.9%の帯域を削減
警報発動
攻撃と断定
攻撃元の情報収集
攻撃を ブロック
その後、検疫ネットへ誘導
Customer Peak Traffic X Times
US Government Customer 1 124 Gbps 598
US Government Customer 2 32 Gbps 369
Financial Customer 1 26 Gbps 110
US Government Customer 3 9 Gbps 39
US Government Customer 4 9 Gbps 19
US Government Customer 5 2 Gbps 9
US Government Customer 6 1.9 Gbps 6
US Government Customer 7 729 Mbps Site Down
12
©2014 AKAMAI | FASTER FORWARDTM
ơƣƄƣŬƞƣƍſůŕò9ù
! ơƣƄƣŬƞƣƍſůƧƋƝƞƣƍſůŕƘŧƣŴŧƃIJwww.london2012.com ļŜŗġĖŴŧƃŕŲƣƁƣƀţAkamaiľě�
! =�œ¨ĵŒ��ƃƝƎŦſůĽŝĢ{ ! Âœ�śŒŀijŬƞƣƍſůŕŧƣŽƥƇſƃ�ÍŖ�*
! 'xŕ�Ġţ@Śij<ĀƩƫƪƨ��œ�ş��ƃƝƎŦſů ! 2010 �ŬƞƣƍſůŕƩƩ� ! ÖĠ�XƞůŪŸƃŖ°Û223,000 �ijIJŋŒřœŰƥŰƟ¥æŐ°Û34,000� ! WAFœŜŞ¥"ńŠŊøÏƃƝƎŦſůŕĺŋ18% Ŗ4ĤŒśŕőŅŏؤ
©2014 AKAMAI | FASTER FORWARDTM
aĥŕ���−Ʃ ! ğ�vƬ�Ġ'ŃšĽŝ��~S
! ƪƫÝĭŕ��ƋŽƥƣ ! SQL Injections, Cross-Site Scripts, LDAP Injections, scripted Bots
! 234Ó��ŕƞůŪŸƃ ! �ƃƝƎŦſůŕĺŋ��Ő94%, oPŐ96%ţAkamaiŐ!Ç
©2014 AKAMAI | FASTER FORWARDTM
aĥŕ���−ƪ ! á�$�ŕ��
! 56��ŕƞůŪŸƃ ! �ƞůŪŸƃ���Ő95.7%, oPŐ97%ţAkamai Ő!Ç
©2014 AKAMAI | FASTER FORWARDTM
2014qƭ�ijį¼ŕ�²�Ú[d • �ÚŴŧƃţCloudŴƥƌŸŐƓŸƃijDNSś=CloudŴƥƌŸœ\Ŕş • DNSに攻撃が集中し、Cloud サービスがDNSサービスを停止→投票サイトも止まる • 煽りを受け、多くのサイトがサービス停止→Akamai DNSにて復旧
©2014 AKAMAI | FASTER FORWARDTM
DNSŘŕDDoS ���
0
20
40
60
80
100
120
• ��gćőŒŌŊDNSƃƝƎŦſůj®
Phase 1 • Bandwidth: 88 Gbps • Requests: 56 Mpps • Duration: 18 hours
Phase 2 • Bandwidth: 93 Gbps • Packets: 53 Mpps • Duration: 30 hours
Phase 3 • Bandwidth: 111 Gbps • Packets: 53 Mpps • Duration: 3 hours
W Th F S S M T W Th F S S
©2014 AKAMAI | FASTER FORWARDTM
��L�ŐśW�ŕÑĎ
2åéŕ���¶œōĹŏąfrĽŝ·�GČ • UDPƞƎƠůŶƜƣţ¹ÊŅ,ƞżƟƊ}âţgćDNSœ?Łş • ƞżƟƊţďř9őŅijXĝŕFĹ<ŢňţgćDNSœ?Łş
©2014 AKAMAI | FASTER FORWARDTM
Customer Origin (Content Server)
End-User
1
10
100
10000
Origin Traffic
1000
Akamai Traffic
1
10
100
10000
1000
WebŘŕ��ŖŪſŷŴƥƊŐ¥Ð
ŴŧƃŬƞŷƣ
ŪƣƄƛƥŵƥ
©2014 AKAMAI | FASTER FORWARDTM
AkamaiőŧƣŽƥƇſƃźŮƚƞƁŦ�R
! �Ìŕ�ûŒ�¦ţÄŌŊ��ŖAkamaiţçË
! Akamai ñ�ţ�ʼnĺőĂřş.) ! ťƈƆƕŸĽŝŕƪJœŢŊşc�nAő��
! �ÌŐśŌőś��ţ7Ł¬ŚŏĹş�¦ ! ��ƃƝƎŦſů�RţƞťƟŽŧƗ6Ħij#¡ ! è¢őŅŏ��àŕ×üţôÞ ! łŠœQŎŀĢ{ơŷſůŕğÒij5�iğ ! Akamai CSI (Cloud Security Intelligence)
! ĶŧƣŽƥƇſƃŕÆÃķıœŏI2�°ŕ-?ţ�ğIJ ! http://www.akamai.com/stateoftheinternet/index.html#nui
©2014 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.
• ƘƥƟijSSL-VPNijVoIPijƎŤŧƟŶŸƁƗ�Ć • ƂƥŽźƣŽ��ţĢ{ • ŪŮŸƋƥƃœŜş#¡ (24x7 SOC)
DNSĢ{ – Fast DNS • �Ì�200ŭ� �Ő#�!Ç • 8Ê� (100% 24x7 SLA)
WebĢ{ – Kona Site Defender • ��àƟƥƟœŜşAPP ��gã • ŮƙſŶƚijƠƥƃŲƣƃơƥƟ • ƋƎūƥƕƣŸ+0ŒŅ
ĩWebĢ{ - Prolexic
Vęð]œgŇş/�ÔŒgã
ĩŨũƏƃƝƎŦſů
ŨũƏƃƝƎŦſů
©2014 AKAMAI | FASTER FORWARDTM
ĩWebĢ{ŕŊŚŕスクラビングセンターőSOC
Cambridge, MA
San Jose, CA
Fort Lauderdale, FL
Ashburn, VA
London, UK
Frankfurt, Germany
Krakow, Poland
Bangalore, India Hong Kong, China
Tokyo, Japan
Sydney, AU
ŸůƝƌƣŰźƣŽƥı(ėÊ�) SOC(źŮƚƞƁŦŬƒƠƥŶƜƣźƣŽƥ) ŸůƝƌƣŰźƣŽƥı(ėÊ`)
©2014 AKAMAI | FASTER FORWARDTM
L��ûh�aì ļb¨ŕ¦Ì źŮƚƞƁŦı3�/ İĕ0úBő�Ê Ń�ÊÇË �ZÕr¨ WebĢ{ • ºVĽŝŕ;Ý��gã
X�EÙ¨ WebĢ{ • ƉſŭƥĦKĽŝŕc�nA
X�ñ-ĐƘƥŭƥ¨ WebĢ{ı+ıƕƇƥŷƄƤŴƥƌŸ • ºVţ�|őŇş;Ý��gã
X�ë<Ĩ«Ƙƥŭƥ¨ Prolexic + WebĢ{ • tĜŒşƉſŭƥĦKĽŝŕ��gã
X�ë<Ĩ«Ƙƥŭƥ¨ WebĢ{ • ºVţ�|őŇş;Ý��gã
X�Ğõ«ġ¨ Prolexic • GlobalQ¾œŜşƂƥŽźƣŽƥœgŇş��gã
X�eĨĝĉs¨ WebĢ{ • XĝŕůơƥƝƥgã
X�ťƋƠƟƘƥŭƥ¨ WebĢ{ • �ơŰŧƣij�R¿¸gã
X�ɦ«£Ƙƥŭƥ¨ WebĢ{ • ºVţ�|őŇş;Ý��gã
X�đēö«HƘƥŭƥ¨ WebĢ{ • ºVţ�|őŇş;Ý��gã
X�Ğõ«ġ¨ WebĢ{ • DDoS��gã
X�Ğõ«ġ¨ WebĢ{ • DDoS��gã