Presentation is loading. Please wait.

Presentation is loading. Please wait.

Is Your Online Security Intelligent?

Published byStewart Hutchinson Modified over 7 years ago

Similar presentations

Presentation on theme: "Is Your Online Security Intelligent?"— Presentation transcript:

1 Is Your Online Security Intelligent?
Data Connectors: Is Your Online Security Intelligent? Matt Torrisi Customer Success Operations Good Afternoon, Hello, How are you all? My name is Matt. I’m your friend (smile). I’m also the head of Customer Success Operations at Dyn Today, I am excited to present to you…. an interesting examination of the Internet. In this short time we have together, it is my goal to illuminate to you, a type of intelligence that you may not know exists… and it just may fit into your business’s Internet performance and security strategy. I know it has for us.

2 DYN Dyn is a cloud-based Internet Performance company. We’re helping companies like you, monitor, control, and optimize your online infrastructure for exceptional end-user experiences. Through a world-class network and unrivaled, objective intelligence into Internet conditions, We are ensuring your traffic gets delivered, faster, safer, and more reliably than ever. @dyn

3 SCENARIOS THAT MATTER TO YOU
THE INTERNET, IN 60 SECONDS… ish INTERNET_HIGH_FIVE @dyn

4 Let’s start with the 10,000 ft view
@dyn

5 Application Security Monitoring
Application Security monitoring through an APM shows the end to end performance of your assets through synthetic probes all over the world. @dyn

6 Network Security Monitoring
Network security monitoring through an NPM shows the moment to moment variables within your own stacks. @dyn

7 Is that the whole picture?
But is that the whole picture? NPM is viewing inside the firewall looking out. APM are synthetic probes looking inward.

8 Is that the whole picture?
Availability Reachability What about reachability? What if your users have a hard time connecting to your content? Regardless of your own assets?

9 Is either scenario unusual?
Traffic between two floors of the same office building in Singapore takes over 350ms round trip, traveling via San Jose, California Scenario 2 Traffic from Western Europe to the US takes around 70ms round trip, traveling via Iceland’s incumbent provider Source: Dyn Research @dyn

10 Is either scenario unusual?
Scenario 1 – TYPICAL NTT won’t peer with Tinet in Singapore; Tinet must drag traffic to San Jose to hand it off to NTT, who drags it home again to Singapore. Scenario 2 – UNUSUAL Iceland’s Siminn hijacked routes of major firms for weeks and passed the traffic along. In general, traffic never flows via Iceland (cost, geo). Source: Dyn Research @dyn

11 Is either scenario unusual?
Latency for traffic from the American Southwest to a major travel website suddenly doubles, traveling through Atlanta on Destination to Denver. Scenario 2 Traffic from Montevideo, Uruguay to AWS Brazil takes around 290 ms round trip, traveling through Miami. 1 2 Source: Dyn Research @dyn

12 Is either scenario unusual?
Scenario 1- TYPICAL While adding a data center in Denver to join Atlanta, the same ISP was used, despite only allowing peering Atlanta. Traffic will still peer there, before being dragged to the new DC in Denver. New Peering provider likely needed. Scenario 2- VERY TYPICAL Despite being only 2000 km from São Paulo, traffic on Telstar will pass through Miami, then Dallas(!?), before reaching Brazil. Welcome to South America. 1 Actually... 2 Source: Dyn Research @dyn

13 Is either scenario unusual?
Latencies to Google’s public DNS servers increase dramatically from S. America Scenario 2 Latencies to a Microsoft network (hosting important domains) decrease momentarily from E. Europe Source: Dyn Research @dyn

14 Is either scenario unusual?
Google departs Brazil for unexplained reasons. DNS queries answered from California. No route hijacking involved. (See our 10/30 blog post) Scenario 2 – UNUSUAL (MALICIOUS!) Microsoft network (more specific of routed prefix) is hijacked, misdirection limited to immediate vicinity. Not Man-in-the-Middle! Traces terminated at the hijacker. (after scenario 1) This is a good example that your company's assets might not be something you control directly. If you use Google Recursive DNS, or Open DNS for that matter, this is a risk you could encounter. (after scenario 2) And this is an example of a phishing attack. The Hijackers got the user to download malicious bots. Oh and the domain matched fine, and the IP matched fine. DNSSEC matched. yeah. Source: Dyn Research @dyn

15 IT’S NOT THE HIGHWAY SYSTEM
THE INTERNET: IT’S NOT THE HIGHWAY SYSTEM can’t go Boston to Charlotte on one continuous strip of road maintained by the US DOT Nor do you typically go to SFO and back just for a cup of coffee. @dyn

16 IT’S NOT YOUR CIRCULATORY SYSTEM
THE INTERNET: IT’S NOT YOUR CIRCULATORY SYSTEM Circulatory systems are perfect, identical, and isolated. Yours looks the same as mine, and if I die, you’ll be fine. In reality the internet is a spaghetti network of interconnected systems. @dyn

17 IT’S NOT A TELEPHONE SWITCHBOARD
THE INTERNET: IT’S NOT A TELEPHONE SWITCHBOARD It’s not a telephone switchboard. These were point to point. I am talking to YOU (point to member of crowd). But that isn’t right, everyone is talking to everyone all at the same time. And while sometimes you go through the operator, there are times you are peered directly. @dyn

18 IT’S A HUMAN MARKETPLACE
THE INTERNET: IT’S A HUMAN MARKETPLACE What the internet is, metaphorically and these days pretty literally is a human marketplace. The core is maintained and in general standardized, but some people were grandfathered in to a bigger booth. All the same, different groups come to share their story, sell their wares, and interact with users in their own way. And users are free to go to as many or as few booths as they want. Maybe exchanging in different currencies, speaking in different languages. @dyn

19 1. Submarine Cables Tie Continents Together
Internet exchange points can form around critical landing sites, if local conditions are right. So what is it physically?

20 2. Fiber Networks to IXPs Connecting landing point and exchange point cities Arbitraging differences in Internet pricing Creating diversity that can survive local cable breaks

21 3. Regional & Local Internet
Internet service providers of all sizes compete to serve consumer interest, interconnecting in small and medium-sized regional hub cities

22 4. The Last Mile Delivery of bits from city-level infrastructure to local offices and consumers And while your APM might say you’re up, and your NPM says things are cool… if someone hits that telephone pole, that town is not getting on your site. That is something we forget sitting at our desk. While we think of it digitally, the internet is physical.

23 SECURITY AFFECTS YOUR BUSINESS
3,000 OUTAGES/DAY ACROSS THE GLOBAL INTERNET WITH EFFECTS THAT CAN LAST FOR HOURS Source: Dyn Research @dyn

24 DNS HIJACKING 500,000 DOMAINS ACROSS 1,500 NETWORKS SERVING 150 CITIES WERE AFFECTED BY ROUTING HIJACKS IN 2014 Source: Dyn Research @dyn

25 Hijacks HIJACKS Hijacks
Raised when a prefix you Originate is announced by a different Origin AS Hijacked Sub-prefix Raised when you are monitoring a prefix and a more specific prefix within that range is announced by a different Origin AS Hijacks Raised when a prefix you Originate is announced by a different Origin AS @dyn

26 ANATOMY OF A HIJACK Normal YouTube announced through a /22 block
/22 Pakistan govt attempted to block an ‘offensive’ video Pakistan Telecom implemented this by announcing a more specific /24 prefix Propagated globally and redirected all YouTube users to Pakistan Telecom /24 Use Case: 2008, YouTube Youtube, announced through a /22. Pakistan govt attempted to block an “offensive” video. Pakistan Telecom implemented this by announcing a more specific prefix. This propagated globally and redirected all users to Pakistan Telecom. Source: Dyn Research @dyn

27 HIJACK PT. II: GOING NUCLEAR
March 2015: Vega (AS 12883) starts announcing British Telecom prefixes. Initially, 14 prefixes, later 167 prefixes including UK’s Atomic Weapons Establishment (AWE) Traceroutes confirm traffic heads into Ukraine through Vega, but still reaches it’s destination at AWE via BT Source: Dyn Research This year: Vega, AS begins announcing British Telecom prefixes. initially, 14 prefixes, later 167 prefixes, which included the UK’s Atomic Weapons Establishment. Traceroutes confirm traffic headed into Ukraine through Vega, but still reaches it’s destination at AWE via BT How is it possible to track the entire globe. How can you obtain this data. We start, with the fundamentals. @dyn

28 WHAT IS BGP? Routing Protocol BGP = Border Gateway Protocol Properties ubiquitous: the de facto internet standard distributed: no centralized coordination trust-based: routers believe what they learn gossipy: share information freely BGP is the defacto standard routing protocol for how organizations speak to each other on the Internet. These routers do not coordinate in a centralized way. This is a trust based protocol. One router talks to another router and says I know this bit of information, that router believes it. Whenever BGP learns something on the internet, it immediately tells all of its neighbors. @dyn

29 BGP IDENTIFIES RELATIONSHIPS
@dyn

30 AS PATH & DATA COLLECTION
Destination “X” Dyn 701 6453 8781 Edge Core @dyn

31 AS PATH & DATA ALERTING Destination “X” Dyn 701 6453 8781 Edge Core Hijack. Intentional or simply a bad implementation. A new box/endpoint/thrupoint on the Internet is now announcing your prefix or the prefix you live in and you are losing reputation, loyalty, revenue, trust. Destination “X” (hijack) @dyn

32 ACTIVE MANAGEMENT INFRASTRUCTURE
Results of an active monitoring of BGP. Real-time global routing table from over 500 sessions 160+ sending traceroutes to over 1.5 million targets daily 6 billion data-points daily Line-of-site to 98% of the entire global Internet “It’s good to see this great data being exposed for operational purposes. — The internet is so critical for for almost every business today.” – Gartner (Jonah Kowall, VP). @dyn

33 DYN INTERNET INTELLIGENCE
@mikelsteadman

34 THROUGH MEASUREMENT, YOU ARE IN CONTROL
@dyn

35 NOTES ON HIJACKS Real Hijacks are rare
False positives occur more often Usually prefixes with different Originating ASes Examples: Salesforce owns ExactTarget Verisign owns multiple ASes Only the Network Operator can really know what they expect. But... Are you sure you know ALL your prefixes and ASNs? @dyn

36 YOUR MOVE 5 Critical Internet Intelligence Questions Where is my audience (geography & key ISP’s)? How do ISP’s bring my brand to market? How do we identify external attacks on our brand (domain)? How do we monitor and analyze the performance of the internet? Who oversees our ability to watch, control, and optimize our traffic? Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. We have a world-class network and unrivaled, objective intelligence into Internet conditions. Ok , so now what? I will be at the booth on the floor a little while longer. But, just incase you we miss each other... I drew up some quick questions that you can take back to your teams, your peers, your leaders… and ask and answer these questions: Where is my audience (geography & key ISP’s)? How do ISP’s bring my brand to market? How do we identify external attacks on our brand (domain)? How do we monitor and analyze the performance of the internet? Who oversees our ability to watch, control, and optimize our traffic? @dyn

37 THE GOOD NEWS The Internet is a service delivery medium, like any other. It can be measured and managed to meet your critical business goals. Dyn delivers the global measurement infrastructure and interactive tools to help your global business succeed and thrive! Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. We have a world-class network and unrivaled, objective intelligence into Internet conditions. @dyn

38 Thank you.

Download ppt "Is Your Online Security Intelligent?"

Similar presentations

The Internet and the Web

The Internet and the Web
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Scripts for Success.

Scripts for Success.
By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.

By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Peering, network sharing, interconnects Eckart Zollner September 2014.

Peering, network sharing, interconnects Eckart Zollner September 2014.
Performance and Security of Internet Applications John Buten Manager, Enterprise Industries

Performance and Security of Internet Applications John Buten Manager, Enterprise Industries
Chapter 4. After completion of this chapter, you should be able to: Explain “what is the Internet? And how we connect to the Internet using an ISP. Explain.

Chapter 4. After completion of this chapter, you should be able to: Explain “what is the Internet? And how we connect to the Internet using an ISP. Explain.
Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.

Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.
Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.

Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.
Where will I collect this information from?  Is Social Networking Safe?  Do you use a social networking site like Facebook or MySpace? Have you ever.

Where will I collect this information from?  Is Social Networking Safe?  Do you use a social networking site like Facebook or MySpace? Have you ever.
An Overview of Peering; Benefits of Peering Andrew Ogilvie Managing Director, Xtraordinary Networks Ltd www.xtrahost.co.uk.

An Overview of Peering; Benefits of Peering Andrew Ogilvie Managing Director, Xtraordinary Networks Ltd
BCNET Conference April 29, 2009 Andree Toonk BGPmon.net Prefix hijacking! Do you know who's routing your network? Andree Toonk

BCNET Conference April 29, 2009 Andree Toonk BGPmon.net Prefix hijacking! Do you know who's routing your network? Andree Toonk
1 Mean Time to Innocence Your Dashboards are Green – but your end users are still complaining. Now What? Phil Stanhope October 2015.

1 Mean Time to Innocence Your Dashboards are Green – but your end users are still complaining. Now What? Phil Stanhope October 2015.
Matt Torrisi Customer Success Operations Data Connectors: Is Your Online Security Intelligent?

Matt Torrisi Customer Success Operations Data Connectors: Is Your Online Security Intelligent?
Securing BGP Bruce Maggs. BGP Primer AT&T 7018 12/8 Sprint 1239 144.223/16 CMU 9 128.2/16 bmm.pc.cs.cmu.edu 128.2.205.42 Autonomous System Number Prefix.

Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.
Inter-domain Routing Outline Border Gateway Protocol.

Inter-domain Routing Outline Border Gateway Protocol.
How LinkedIn used TCP Anycast to make the site faster Ritesh Maheshwari Shawn Zandi.

How LinkedIn used TCP Anycast to make the site faster Ritesh Maheshwari Shawn Zandi.

Similar presentations

Ads by Google