Is Your Online Security Intelligent? Internet Performance Management

Slides:



Advertisements
Similar presentations
Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about.
Advertisements

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Arbor Multi-Layer Cloud DDoS Protection
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
TCP/IP Basics A review for firewall configuration.
Ch 20 Q and A IS333, Spring 2015 Victor Norman. Universal Service Means every computer can talk “directly” with every other one. A message is not addressed.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
How the Internet Works Acknowledgment and Disclaimer: This presentation is supported in part by the National Science Foundation under Grant Any.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Chapter 4. After completion of this chapter, you should be able to: Explain “what is the Internet? And how we connect to the Internet using an ISP. Explain.
Exploring the Network.
BCNET Conference April 29, 2009 Andree Toonk BGPmon.net Prefix hijacking! Do you know who's routing your network? Andree Toonk
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
ACM 511 Introduction to Computer Networks. Computer Networks.
E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.
The Intranet.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
1 Mean Time to Innocence Your Dashboards are Green – but your end users are still complaining. Now What? Phil Stanhope October 2015.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
Matt Torrisi Customer Success Operations Data Connectors: Is Your Online Security Intelligent?
Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.
ITP 457 Network Security Networking Technologies III IP, Subnets & NAT.
THE NEED FOR NETWORK SECURITY Hunar & Nawzad & Kovan & Abdulla & Aram.
Cloud Computing 10 Cloud Computing 10. Cloud Computing 10 You’ll have heard about the ‘Cloud’ Lots of you will use it! But you need to be clear about.
Re-writing the Playbook for DDoS Mitigation Strategies
Proactive Incident Response
Chapter 1: Explore the Network
DISA Cyclops Program.
Network security Vlasov Illia
Improving Resilience and Performance in Light of Recent Internet Outages Troy Whitney – Manager, Solutions Engineering.
Routers and Redundancy
Cisco Defense Orchestrator
The Intranet.
Port Knocking Benjamin DiYanni.
Comprehensive Security and Compliance at an Affordable Price.
Barracuda Firewall The Next-Generation Firewall for Everyone
1.4 Wired and Wireless Networks
Do you know who your employees are sharing their credentials with
Set up your own Cloud The search for a secure and acceptable means of gaining access to your files stored at the office from a remote location.
ROUTERS AND REDUNDANCY
Day 10- The Need for Addressing
Routers and Redundancy
Forwarding and Routing IP Packets
Network Modeling and Business Intelligence Service
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Introduction to Networking
Introduction to Computers
Stateless Source Address Mapping for ICMPv6 Packets
Introduction to Networking
Who should be responsible for risks to basic Internet infrastructure?
Jon Peppler, Menlo Security Channels
What’s New in Fireware v12.1.1
Today’s Risk. Today’s Solutions. Cyber security and
Cloud Testing Shilpi Chugh.
Network Security: IP Spoofing and Firewall
Strong Security for Your Weak Link:
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
AKAMAI INTELLIGENT PLATFORM™
IS4680 Security Auditing for Compliance
Data Center Colocation Services.
Check Point Connectra NGX R60
Virtual Private Network
Data Center Colocation Services.
Protect Your Ecommerce Site From Hacking and Fraud
Technology Convergence
Everyone is talking about
Presentation transcript:

Is Your Online Security Intelligent? Internet Performance Management Corey Hamilton Product Marketing, Internet Performance Management

Everyone Talks About Internet Security

Cloud and Hosting Security Content Delivery Networks Data Centers & Firewalls

Nobody Talks About Internet Security

Where’s the Security on the Internet? Cloud and Hosting Providers Content Delivery Networks Customers Employees Partners The Internet: Fertile Grounds for an Attack Data Centers

OF INTERCONNECTED NETWORKS THE INTERNET: IT’S A SYSTEM OF INTERCONNECTED NETWORKS @dyn

Where Does Your Data Flow? ● Average Path Across the Internet: Crosses the networks of between 4 - 8 different NSPs and ISPs ● Each network typically includes 3 - 6 hops ● Requests for data cross anywhere from 12 - 48 hops across the Internet

Fertile Grounds for Security Threats ● You Don’t Own It ● You Can’t See Most of It ● Even non-malicious issues can affect your business These problems happen Thousands of times every day

So, Who’s Responsible for This? ● The Network Service Providers? ● The Internet Service Providers? ● Cloud Providers? ● Content Delivery Networks?

“My Hosting Provider/CDN Will Take Care of it” Service Dashboard is Green “We are currently monitoring an external Internet provider issue that is causing interrupted service connectivity to AWS services for some customers. AWS services are not affected and continue to operate normally.” Netflix, Pinterest, and Slack (all AWS Customers) are knocked offline for 40 minutes

X It Wasn’t AWS’ Fault Netflix Customers Netflix Couldn’t See It Pinterest Couldn’t See It Slack Couldn’t See It But...their customers were calling! Other Cloud Providers AWS Virginia Netflix Customers X The Internet Data Centers

Bad News: You Are Responsible for this ● You didn’t cause the problems ● You didn’t ask for it ● But, your customers will blame your company ● Who is/will be responsible for this at your company?

If You Can’t See It, You Can’t Defend It What Kind Of Threats Are Out There?

A Couple Examples Man-in-the-Middle attacks ● DDoS Attacks ● Route Hijacking Man-in-the-Middle attacks ● Safe Harbor Compliance

The First Step in Defense: Visibility Imagine somebody coming to rob your house. What if you could be alerted to this while they were still driving across town, rather than when they’re at your door??

Internet Visibility into DDoS Attacks ● Originate way outside your firewalls ● Detect the flood of traffic before it hits you ● Monitor for these 24x7 ● Global Networks ensure the bandwidth to withstand attacks

Early Mitigation of DDoS Attacks ● Be Alerted to DDoS Attacks occurring across the Internet ● Often seen as Enterprises shift traffic to scrubbing centers ● Redundancy provides options ● Two (or more) scrubbing centers ● Which is more available during an attack ● Shift traffic to scrubbing center that’s best able to keep up

Internet Visibility into Route Hijacking ● Identify Routing Anomalies ● Monitor changes to your prefixes and ASNs ● Visibility into Internet paths leading to your assets ● Identify and mitigate Man-in-the-Middle attacks

Example 1: Internet Initiative Japan (IIJ) ● Internal employee received fake letter to authorize an IP address block to another party ● Address space was transferred to malicious group ● IP address becomes associated with hacking efforts ● Occurred undetected for over a year ● Internet visibility eventually lead to its discovery

Example 2: Atomic Weapons Establishment ● Typically, data is passed from Houston to Great Britain ● Unintentional DNS update reroutes this traffic through Kiev, Ukraine ● Data ultimately arrives at destination in Great Britain ● Continues undetected for 5 days

How Do We Mitigate These Issues? ● Reactive Mitigation Begin monitoring your address space (ASNs, Prefixes) Ensure Redundant Paths (multiple providers or endpoints) Alerts when address space changes or performance to these assets is affected Update DNS to send traffic through desired paths

How Do We Mitigate These Issues? ● Planning Mitigation Leverage Internet Visibility to identify optimal locations for infrastructure Ensure ISP relationships send your data where you want it to go -- and not go Where you store your data dictates how end users will reach it. Internet paths flow through different networks depending on the destination

Current Trends

Safe Harbor Compliance Where does your data travel?

Safe Harbor Compliance A Friendlier Alternative

Where does your data travel? A Performance Nightmare, Increased Risk

Where does your data travel? A Performance Nightmare, Increased Risk -- Part 2

If you were a hacker, where would you focus your efforts? Hackers Changing Their Focus If you were a hacker, where would you focus your efforts?

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.