Fordham Notes: Internet Content Delivery Exec Details Security Techniques for Web

Thursday, August 8, 2013

Internet Content Delivery Exec Details Security Techniques for Web

When you visit your local bank’s website, the chances are very good that what you are seeing is not hosted on the bank’s computer servers. 

Rather, what you’re seeing is most likely stored on one of a thousand different servers around the world that are maintained by Cambridge, Mass.-based Akamai Technologies.

Only when you try to say, transfer funds from one account to another, will you be directed to the banks’ server. But even then, you are only interacting with it via a proxy server that is also maintained by Akamai, which maintains 127,000 servers in 81 countries around the world. 

That, said Bruce Maggs, Ph.D., is an example of how the company’s perimeter cloud computing design helps ward off distributed denial of service (D.D.O.S.) attacks. 

Maggs, the Pelham Wilder Professor of Computer Science at Duke University and Vice President of Research at Akamai Technologies, described Akamai’s role in protecting computer systems at the 2013 International Conference on Cyber Security (ICCS), hosted by Fordham and the Federal Bureau of Investigation.

He used his talk on Tuesday, "The Big Target: Content Delivery networks Under Cyber Attack," to walk through case studies of four phases of “Operation Ababil,” a series of cyber attacks against American financial institutions that started in September 2012. 

The goal of having such a decentralized design is to make it harder for D.D.O.S. attacks, which subject target servers to a torrent of data requests, to take down the entire system, while legitimate queries are redirected to unaffected servers. Maggs noted that for this reason, Akamai is entrusted to host the websites for the FBI and the White House.

It’s important to have systems such as these in place, because he pointed out that the number of major D.D.O.S. attacks, (those over 100 gigabits) is rising, with a record 768 incidents last year. 

“You can cause multi server disruptions for a small number of users, but you would really need a tremendous number of attackers to take out a fraction of our servers at once,” he noted. 

“In fact, it’s our belief that if anyone had enough fire power to bring a large number of servers down through denial of service attacks, at that point, they would have melted down the whole internet anyway, and there would be bigger problems than breaking down Akamai.”

—Patrick Verel

No comments: