STATE OF DNS AVAILABILITY REPORT

Size: px
Start display at page:

Download "STATE OF DNS AVAILABILITY REPORT"

Transcription

1 STATE OF DNS AVAILABILITY REPORT VOLUME 1 ISSUE 1 APRIL 2011 WEB SITES AND OTHER ONLINE SERVICES ARE AMONG THE MOST IMPORTANT OPERATIONAL AND REVENUE GENERATING TOOLS FOR BUSINESSES OF ALL SIZES AND INDUSTRIES. CONSEQUENTLY, THE FOCUS ON NETWORK PERFORMANCE HAS NEVER BEEN HIGHER. YET, ONE OF THE MOST MISSION- CRITICAL ELEMENTS OF A RELIABLE INTERNET INFRASTRUCTURE, THE DOMAIN NAME SYSTEM (DNS), IS OFTEN OVERLOOKED WHEN IT COMES TO PERFORMANCE MONITORING. AS A LEADING AUTHORITY ON NETWORK INTELLIGENCE AND AVAILABILITY, VERISIGN PROVIDES THIS REPORT TO HELP UNDERSTAND AND QUANTIFY THE EXTENT OF DNS AVAILABILITY IN THE INTERNET AND POTENTIAL IMPACTS OF DOWNTIME. 1

2 EXECUTIVE SUMMARY A recent Verisign-commissioned market study i found that 60% of respondents say at least a quarter of their company s revenue is obtained directly through its Web site. This figure was even higher for small and medium businesses, which rely heavily on their Web sites for revenue generation and marketing presence. For a business to run smoothly, its network has to run smoothly, and for its network to run smoothly, its DNS must be available at all times. According to Yankee Group Analyst and Vice President Jennifer Pigg, ii Increasingly, organizations rely on e- commerce as a main or primary revenue stream and are dependent on their external network for mission-critical corporate functions such as customer service, sales and support. They realize they cannot afford to see DNS go down or suffer a security breach. Yet, in this inaugural issue of the Verisign State of DNS Availability Report, we see that in the first quarter of 2011, DNS availability was a problem for even the top-ranked e-commerce sites. Our examination of a global sample of Web sites revealed that when availability problems occur, sites hosting their own DNS (representative of most enterprises today) are much more impacted than those using third-party managed DNS providers, particularly when examining minimum availability. This report examines and quantifies the extent of global DNS availability problems, and illustrates the risks and impacts that such downtime can have on revenue generation, business continuity, and customer loyalty, etc. DNS: SINGLE POINT OF FAILURE A domain name is key to doing just about anything on the Internet: from setting up a Web site, to sending and receiving , to building an online store. Today there are over 200 million registered domain names. iii DNS, which supports these domains, is the engine that makes the Internet simple and accessible for users around the world. DNS ensures the availability of Web sites, , and Web systems by mapping domain names to Internet Protocol (IP) addresses. Every server on the Internet has an IP address, represented as a series of numbers and letters, for example, (IPv4) or 2001:503:A83:0:0:2:30 (IPv6). But, like telephone numbers, these long series of numbers and letters can be difficult to remember. DNS allows people to type names - or brands into a browser, instead of a string of numbers and letters, to reach Web sites and send messages. It effectively serves as the front door for any Web site to let in users and customers for Internet transactions. The entire process generally happens in a few tenths of a second and is transparent to the end user. During a DNS failure, however, visitors typically receive an error message and cannot reach the Web site. This downtime often causes visitors to become frustrated and move on to another site, resulting in erosion of customer loyalty and brand reputation, as well as immediate and residual effects on sales and employee productivity. Additionally, with the growth of Web services, more and more Web sites are dependent on third-party Web service providers for additional functionality and content, for example, social media sites and/or sales portals. If DNS is not functioning on these third-party sites, it can have a detrimental impact to business operations. "Network-facing services have become more critical to almost all businesses, and businesses often forget that their Internet presence is only as available and secure as their DNS infrastructure," said Gartner Analyst Lydia Leong. iv RESEARCH OVERVIEW Methodology ThousandEyes, a network analytics and planning solutions provider, was commissioned to monitor a diverse sample of domain names (the top 1,000 sites ranked by Alexa) for DNS availability. Using a proprietary model, the firm monitored each site once every hour during the last seven days of January, February and March of Extensive testing was conducted on each of the DNS resolvers used for monitoring to ensure they followed the standard in DNS resolution and did not exhibit any known abnormal or unreliable behavior. Of the 1,000 Alexa sites, eight were excluded because they stopped responding during testing, leaving a total of 992 sites for data collection. Of these 992 sites, well-known hosted DNS providers were serving the DNS for 142 sites (14%), while well-known CDN providers were serving the DNS for 47 sites (5%). DNS was considered unavailable only when a response from the resolver was one of the following known DNS error codes: Servfail, Nxdomain, No Mapping, or Truncated. 2

3 Data analysis was conducted by classifying the sample domains into two categories: 1) Those serving their own DNS, and 2) Those using third-party DNS hosting providers. Average, minimum, and maximum availability across all domains in each bucket were then computed. It should be noted that DNS is somewhat hard to test for performance since there are many moving pieces. The results can depend on such things as whether the server has a cached entry, how far an individual is from the DNS server, how far the DNS server is from the other servers, etc. On-going testing and data collection at regular intervals was conducted to help mitigate such issues. Results Though average availability over domains and time for Web sites with internally managed DNS seems fairly close to those with third-party managed DNS, any downtime can have real and lasting impacts to a business s bottom line. Possible impacts of this seemingly minor difference are illustrated in the next section. A glaring disparity is observed when looking at minimum availability, however (Figure 1). For this metric, the sites serving their own DNS are hit much worse than sites using a managed DNS service. To investigate this further, the distribution of the minimum availability for all sites with internally managed DNS (Figure 2) and externally managed were plotted (Figure 3). Figure 1: Minimum DNS Availability Comparison Internally Managed DNS Third-Party- Hosted DNS Figure 2: Minimum DNS Availability of Sites that Host their Own DNS Figure 3: Minimum DNS Availability of Sites Using a Third-Party DNS Provider The above two figures show that DNS availability can drop all the way down to zero for sites that host their own DNS compared to the sites that use third-party DNS providers, which were never below 50%. Minimum Availability (avg. of domains) Maximum Availability (avg. of domains) Availability (avg. of domains & time) Global US Global US This can most likely be attributed to the fact that the third-party DNS providers identified use an anycast resolution service, meaning there is always a server available somewhere to respond to DNS queries. In this instance, the end user is not affected much even if a few physical anycast instances fail or are unreachable. One provider uses a hybrid model of anycast and unicast resolution, which provides the optimal combination of performance and reliability for DNS queries and responses. Most enterprises do not have the resources and expertise to set up such extensive systems for their internally managed DNS, which could be why there is such a large discrepancy. 3

4 WHAT DOES THIS ALL MEAN? With the growth in dependency of online presence for marketing, customer service, revenue generation, and more, any amount of downtime has a real and lasting impact on a company s bottom line. The following example uses data collected for this report to provide an illustration of what a seemingly small amount of downtime can mean for business. Assuming that traffic is uniform over a 24-hour period for all of the Web sites examined in this study, here are a few examples based on the average, minimum, and maximum availability data collected. Example: Mega Online Advertising Mega Online Advertising company received advertising revenue of about $796 million for the first quarter of There are 90 days in the quarter, resulting in average ad revenue of $8.84 million per day, or about $100 per second. A one-hour DNS outage costs about $368,519. A 99.70% uptime, indicated in this study as the sample average DNS availability of internally managed global domains, would result in a loss of about $26,534 per day, or $2,388,033 for the quarter. That is twice as much as the loss would have been with a managed DNS service based on this study s average availability data (99.85%). Based on these results, it would be prudent for Mega Online Advertising to consider identifying a DNS service provider with a track record of high availability to mitigate their risk of downtime. While this example is very simplified and from a made-up company, the numbers employed to calculate the impacts can be attributed to very real companies in the industry represented. Considering that several companies included in the research sample with internally managed DNS had complete outages for various lengths of time during this study, it is easy to see how impacts from revenue loss, customer dissatisfaction, and lost productivity can add up quickly to become catastrophic for companies dependant on their Web and network presence for business operations. At a minimum, they are public relations nightmares waiting to happen that can be avoided with proper planning and support. CONCLUSION Enterprises have three choices when deciding how to manage their DNS requirements: Do everything in-house According to The Yankee Group, the majority of enterprises manage DNS requirements in-house or via their ISP. v Many, in fact, use both, keeping DNS management for their internal network in-house and using their ISP to manage their external Internet-based ecosystem of customers, business partners, Web sites, company portals, and e-commerce sites. This is supported by the data presented in this report, which shows nearly three-quarters of the sample manages their own DNS. Yet, The Yankee Group estimates more than 85% of enterprises that manage DNS in-house do not have dedicated DNS staff, but instead manage DNS on an ad-hoc basis with limited expertise and few defined operational processes. Furthermore, the firm says that since DNS management is not the main function of an ISP, DNS performance is likely to suffer for those who rely on their ISP to manage DNS. The data collected for this report supports this assertion by revealing significant discrepancies between the DNS availability of Web sites for internally versus externally managed DNS. "Trends such as cloud computing, the mobile workforce, and device proliferation are putting added stress on IT infrastructure and DNS management," said Ben Petro, senior vice president of VeriSign's Network Intelligence and Availability group. Consequently, he says most organizations struggle to maintain high availability of these systems. As companies migrate to more cloud-based alternatives for applications, storage, and services, DNS management becomes more complicated and opens the door for new security issues and challenges. Managed DNS service providers have tools and capabilities that help secure the network, improve availability, and enhance performance that, in most cases, enterprises cannot afford to duplicate on their own. Enterprises must balance the degree of control they would like to exert over their DNS system with the cost and availability of DNS resources. Comprehensive DNS management requires careful planning, substantial expertise, and considerable resources. Unfortunately, most companies do not recognize weaknesses in their existing DNS infrastructure until it is too late and they have suffered lost productivity or revenue. Rely on their Internet Service Provider (ISP) Partner with a managed DNS service provider 4

5 VERISIGN MANAGED DNS The answer to effectively managing DNS is using a globally distributed, securely managed cloud service, such as Verisign Managed DNS, to help ensure availability and allow enterprises to save on capital and operational costs associated with DNS infrastructure deployment and management. Verisign Managed DNS uses a unique hybrid model of anycast and unicast resolution to provide the optimal combination of performance and reliability for DNS queries and responses, allowing for easier and more flexible management of DNS environments. Verisign has a long history of leadership with DNS. It has managed the DNS for top-level domains (TLDs), including.com,.net,.gov,.edu,.tv,.cc,.jobs and.name, with the highest uptime record of any registry and resolves an average of 60 billion DNS query every day with 100% accuracy. To meet the exceptional requirements of serving.com and.net, Verisign developed its own proprietary name server called ATLAS (Advanced Transaction Lookup and Signaling System), which handles DNS traffic faster and more efficiently than any commercially available option. To provide redundancy and speed, Verisign operates 17 large resolution sites around the world at important Internet hubs in North America, Europe, and Asia. In addition to these large resolution sites, Verisign also operates dozens of smaller Regional Internet Resolution Sites (RIRS) throughout the world that provide high-speed resolution to traditionally under-served countries. This constellation of name servers is maintained, monitored, and managed by Verisign s team of leading DNS, DDoS mitigation, and security intelligence experts. Each site in the constellation is well connected with high bandwidth and tight security controls. The same infrastructure and expertise that supports the world s largest TLDs has been extended to customers through Verisign s suite of services, including Managed DNS, DDoS protection and idefense security intelligence. For more information about Verisign s suite of services, visit ABOUT VERISIGN Verisign is the trusted provider of Internet infrastructure services for the digital world. Billions of times each day, companies and consumers rely on our Internet infrastructure to communicate and conduct commerce with confidence. i Verisign Whitepaper. Distributed Denial of Service: Finally Getting The Attention It Deserves. May ii Yankee Group. DNS: Risk, Reward and Managed Services. Feb iii Verisign Domain Name Industry Brief, February 2011 iv Verisign Press Release. Verisign Launches Managed DNS to Help Companies Reduce Costly Downtime and Simplify DNS Management. August 11, 2010 v Yankee Group. DNS: Risk, Reward and Managed Services. Feb

6 PROFILE OF DNS ATTACKS DNS was developed many years ago when efficiency was of greater concern than security. As a result, it has become a key target for attackers to hijack Web sites and create a variety of exploits to acquire sensitive information. Organizations with a Web presence are open to DNS attacks and, as such, should know how they work and how to avoid them. DNS Cache Poisoning DNS cache poisoning occurs when a malicious actor "changes" the IP address of a particular record on a recursive DNS server by sending a large amount of bogus answers, masquerading as the authoritative server, while the recursive server is waiting for the reply back from the real authoritative server. This tricks the recursive server into serving up and caching the bogus answer to querying end users. A full deployment of DNS security extensions (DNSSEC) protects against this attack type. More work is needed by registrars, ISPs and enterprises to get DNSSEC to a full deployment, but the recent signing of the.com zone by Verisign is a huge step in solving this DNS vulnerability. DNS Reflective Amplification Attack DNS reflective amplification attacks are essentially distributed denial of service attacks that target DNS servers. A normal DNS request is around 100 bytes, with the answer anywhere from bytes. A large DNS response can be anywhere from 500 bytes up to 4,000 bytes of information. DNS amplification attacks work by spoofing the source address of a large number of DNS queries sent to valid DNS servers. The spoofed address is that of the attack target. The legitimate DNS servers (unknowingly) participate in the attack by sending a high number of large DNS responses to the victim IP. Resource Starvation or Direct Attack The easiest type of attack is to find a large botnet of hijacked PCs and direct a huge flood of recursive DNS queries at the targeted authoritative DNS server. In addition, the attacker will spoof the source IP address of the requesting packet to be that of a popular legitimate recursive DNS server (one that has a lot of end users). The target of the attack cannot simply firewall off those packets, as they will be mixed in with legitimate queries from that recursive server. Data Modification Attack Cache poisoning is not the only way to "modify" DNS data. Several attacks have been successful at redirecting legitimate traffic to "bad" sites by compromising the target company s registrar account and changing its DNS records to point to fraudulent DNS records. DNS data can also be modified directly on the authoritative DNS server answering the DNS queries. There have been some very highly publicized breaches against DNS providers where an attacker was able to log into the DNS provider s management system and modify the DNS data of the target. Protecting Your DNS By applying digital signatures to DNS data to authenticate its origin and verify its integrity as it moves throughout the Internet, DNS security extensions are designed to protect the DNS infrastructure. While this is the first major step for protecting the integrity of the DNS, for DNSSEC to effectively safeguard the global DNS infrastructure, it is vital for ISPs, Web site operators, and registrars to implement DNSSEC across the domains and recursive servers they manage. Verisign actively tracks the progress of DNSSEC implementation across all of the TLDs it manages and provides tools for anyone to among other things check the DNSSEC information on their or any other Web site and whether or not a DNS resolver is configured for DNSSEC validation. The number of DNSSEC-enabled Web sites in the.com,.net, and.edu zones is also available. For more information, visit VeriSign, Inc. All rights reserved. VERISIGN and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners.

Why Managed DNS Services

Why Managed DNS Services Why Managed DNS Services and Why Now? Jennifer M. Pigg, VP of Research, Yankee Group Rohit Kinra, Senior Manager, VeriSign June 23, 2011 Copyright 2011. Yankee Group Research, Inc. All rights reserved.

More information

5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep)

5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep) 5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep) survey says: There are things that go bump in the night, and things that go bump against your DNS security. You probably know

More information

BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE

BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE Your external DNS is a mission critical business resource. Without

More information

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

THE MASTER LIST OF DNS TERMINOLOGY. First Edition THE MASTER LIST OF DNS TERMINOLOGY First Edition DNS can be hard to understand and if you re unfamiliar with the terminology, learning more about DNS can seem as daunting as learning a new language. To

More information

ANATOMY OF A DDoS ATTACK AGAINST THE DNS INFRASTRUCTURE

ANATOMY OF A DDoS ATTACK AGAINST THE DNS INFRASTRUCTURE ANATOMY OF A DDoS ATTACK AGAINST THE DNS INFRASTRUCTURE ANATOMY OF A DDOS ATTACK AGAINST THE DNS INFRASTRUCTURE The Domain Name System (DNS) is part of the functional infrastructure of the Internet and

More information

WHITE PAPER. DNS: Key Considerations Before Deploying Your Solution

WHITE PAPER. DNS: Key Considerations Before Deploying Your Solution WHITE PAPER DNS: Key Considerations Before Deploying Your Solution TABLE OF CONTENTS What is DNS?... 2 Why Does DNS Matter?... 2 Options for building a DNS infrastructure... 3 How to Choose the Right DNS

More information

The F5 Intelligent DNS Scale Reference Architecture.

The F5 Intelligent DNS Scale Reference Architecture. The F5 Intelligent DNS Scale Reference Architecture. End-to-end DNS delivery solutions from F5 maximize the use of organizational resources, while remaining agile and intelligent enough to scale and support

More information

DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008

DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008 DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008 Kim Davies Internet Assigned Numbers Authority Internet Corporation for Assigned Names & Numbers Agenda How do you

More information

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0 THE MASTER LIST OF DNS TERMINOLOGY v 2.0 DNS can be hard to understand and if you re unfamiliar with the terminology, learning more about DNS can seem as daunting as learning a new language. To help people

More information

The Domain Name System (DNS) A Brief Overview and Management Guide

The Domain Name System (DNS) A Brief Overview and Management Guide The Domain Name System (DNS) A Brief Overview and Management Guide Table of Contents Introduction 1 What Exactly Is DNS? 2 Potential Pitfalls of DNS 4 DNS Management and 5 Zone Hosting DNS Management 6

More information

DOMAIN NAME SECURITY EXTENSIONS

DOMAIN NAME SECURITY EXTENSIONS DOMAIN NAME SECURITY EXTENSIONS The aim of this paper is to provide information with regards to the current status of Domain Name System (DNS) and its evolution into Domain Name System Security Extensions

More information

Before the. Committee on Energy and Commerce Subcommittee on Communications and Technology United States House of Representatives

Before the. Committee on Energy and Commerce Subcommittee on Communications and Technology United States House of Representatives Testimony of Fiona M. Alexander Associate Administrator, Office of International Affairs National Telecommunications and Information Administration United States Department of Commerce Before the Committee

More information

Current Counter-measures and Responses by the Domain Name System Community

Current Counter-measures and Responses by the Domain Name System Community Current Counter-measures and Responses by the Domain Name System Community Paul Twomey President and CEO 22 April 2007 APEC-OECD Malware Workshop Manila, The Philippines 1 What I want to do today in 15

More information

Securing DNS Infrastructure Using DNSSEC

Securing DNS Infrastructure Using DNSSEC Securing DNS Infrastructure Using DNSSEC Ram Mohan Executive Vice President, Afilias rmohan@afilias.info February 28, 2009 Agenda Getting Started Finding out what DNS does for you What Can Go Wrong A Survival

More information

KASPERSKY DDoS PROTECTION. Protecting your business against financial and reputational losses with Kaspersky DDoS Protection

KASPERSKY DDoS PROTECTION. Protecting your business against financial and reputational losses with Kaspersky DDoS Protection KASPERSKY DDoS PROTECTION Protecting your business against financial and reputational losses A Distributed Denial of Service (DDoS) attack is one of the most popular weapons in the cybercriminals arsenal.

More information

State of the Cloud DNS Report

State of the Cloud DNS Report transparency for the cloud State of the Cloud DNS Report Basic Edition April 2015 2015 Table of Contents Overview Introduction 3 Anycast vs. Unicast DNS 3 Provider Overview & Current News 4 Provider Marketshare

More information

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges

More information

WHITE PAPER ENSURING APPLICATION AVAILABILITY AND SECURITY IN THE CLOUD

WHITE PAPER ENSURING APPLICATION AVAILABILITY AND SECURITY IN THE CLOUD WHITE PAPER ENSURING APPLICATION AVAILABILITY AND SECURITY IN THE CLOUD CONTENTS EXECUTIVE SUMMARY 3 THE LIFEBLOOD OF MANY BUSINESSES IS UNDER ATTACK 3 IT LEADERS FACE A DIFFICULT BALANCING ACT 3 Companies

More information

THE DOMAIN NAME INDUSTRY BRIEF VOLUME 11 ISSUE 1 APRIL 2014

THE DOMAIN NAME INDUSTRY BRIEF VOLUME 11 ISSUE 1 APRIL 2014 THE DOMAIN NAME INDUSTRY BRIEF VOLUME 11 ISSUE 1 APRIL 2014 THE VERISIGN DOMAIN REPORT AS THE GLOBAL LEADER IN DOMAIN NAMES, VERISIGN REVIEWS THE STATE OF THE DOMAIN NAME INDUSTRY THROUGH A VARIETY OF

More information

Securing Your Business with DNS Servers That Protect Themselves

Securing Your Business with DNS Servers That Protect Themselves Product Summary: The Infoblox Secure DNS Solution mitigates attacks on DNS servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate queries.

More information

The Canadian Internet Registration Authority (CIRA) manages a 100% up time service - the.ca domain name registry for over 2.

The Canadian Internet Registration Authority (CIRA) manages a 100% up time service - the.ca domain name registry for over 2. WHO IS.CA ( CIRA )? The organization responsible for a critical part of the Internet infrastructure; expanding its services to help organizations secure their DNS in Canada The Canadian Internet Registration

More information

State of the Cloud DNS Report

State of the Cloud DNS Report transparency for the cloud State of the Cloud DNS Report Basic Edition August 2015 2015 Table of Contents Overview Introduction 3 Anycast vs. Unicast DNS 3 Provider Overview & Current News 4 Provider Marketshare

More information

DOMAIN NAME SYSTEM (DNS)

DOMAIN NAME SYSTEM (DNS) CPNI viewpoint 01/2008 DOMAIN NAME SYSTEM (DNS) may 2008 Abstract This Viewpoint considers some of the security considerations of the Domain Name System and makes some observations regarding how organisations

More information

Securing Your Business with DNS Servers That Protect Themselves

Securing Your Business with DNS Servers That Protect Themselves Product Summary: The Infoblox DNS security product portfolio mitigates attacks on DNS/DHCP servers by intelligently recognizing various attack types and dropping attack traffic while responding only to

More information

2008 DNS Cache Poisoning Vulnerability Cairo, Egypt November 2008

2008 DNS Cache Poisoning Vulnerability Cairo, Egypt November 2008 2008 DNS Cache Poisoning Vulnerability Cairo, Egypt November 2008 Kim Davies Manager, Root Zone Services Internet Corporation for Assigned Names & Numbers How does the DNS work? A typical DNS query The

More information

FAQ (Frequently Asked Questions)

FAQ (Frequently Asked Questions) FAQ (Frequently Asked Questions) Specific Questions about Afilias Managed DNS What is the Afilias DNS network? How long has Afilias been working within the DNS market? What are the names of the Afilias

More information

WAN Traffic Management with PowerLink Pro100

WAN Traffic Management with PowerLink Pro100 Whitepaper WAN Traffic Management with PowerLink Pro100 Overview In today s Internet marketplace, optimizing online presence is crucial for business success. Wan/ISP link failover and traffic management

More information

Securing Your Business with DNS Servers That Protect Themselves

Securing Your Business with DNS Servers That Protect Themselves Summary: The Infoblox DNS security product portfolio mitigates attacks on DNS/DHCP servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate

More information

F5 Intelligent DNS Scale. Philippe Bogaerts Senior Field Systems Engineer mailto: p.bogaerts@f5.com Mob.: +32 473 654 689

F5 Intelligent DNS Scale. Philippe Bogaerts Senior Field Systems Engineer mailto: p.bogaerts@f5.com Mob.: +32 473 654 689 F5 Intelligent Scale Philippe Bogaerts Senior Field Systems Engineer mailto: p.bogaerts@f5.com Mob.: +32 473 654 689 Intelligent and scalable PROTECTS web properties and brand reputation IMPROVES web application

More information

Lesson 13: DNS Security. Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division

Lesson 13: DNS Security. Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division Lesson 13: DNS Security Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division Introduction to DNS The DNS enables people to use and surf the Internet, allowing the translation

More information

DNS Server Security Survey

DNS Server Security Survey EXECUTIVE BRIEF DNS Server Security Survey Sponsored by: EfficientIP Romain Fouchereau June 2014 INTRODUCTION With most organizations having some business linked to and more importantly relying on an online

More information

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 3 3RD QUARTER 2014

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 3 3RD QUARTER 2014 VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 3 3RD QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS 4 Mitigations by Attack Size 4 Mitigations by Industry 5

More information

THE DOMAIN NAME INDUSTRY BRIEF VOLUME 11 ISSUE 2 AUGUST 2014

THE DOMAIN NAME INDUSTRY BRIEF VOLUME 11 ISSUE 2 AUGUST 2014 THE DOMAIN NAME INDUSTRY BRIEF VOLUME 11 ISSUE AUGUST 1 THE VERISIGN DOMAIN REPORT AS A GLOBAL LEADER IN DOMAIN NAMES AND INTERNET SECURITY, VERISIGN REVIEWS THE STATE OF THE DOMAIN NAME INDUSTRY THROUGH

More information

High-Performance DNS Services in BIG-IP Version 11

High-Performance DNS Services in BIG-IP Version 11 F5 White Paper High-Performance DNS Services in BIG-IP Version 11 To provide high-quality user experiences on the Internet, networks must be designed with optimized, secure, highly available, and high-performance

More information

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service

More information

KASPERSKY DDOS PROTECTION. Discover how Kaspersky Lab defends businesses against DDoS attacks

KASPERSKY DDOS PROTECTION. Discover how Kaspersky Lab defends businesses against DDoS attacks KASPERSKY DDOS PROTECTION Discover how Kaspersky Lab defends businesses against DDoS attacks CYBERCRIMINALS ARE TARGETING BUSINESSES If your business has ever suffered a Distributed Denial of Service (DDoS)

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

How to Evaluate DDoS Mitigation Providers:

How to Evaluate DDoS Mitigation Providers: Akamai White Paper How to Evaluate DDoS Mitigation Providers: Four Critical Criteria How to Evaluate DDoS Mitigation Providers 2 TABLE OF CONTENTS INTRODUCTION 3 CRITERIA #1: THREAT INTELLIGENCE 3 CRITERIA

More information

Protecting Critical Websites and Internet Infrastructure using innovative cloud-based. Managed Services

Protecting Critical Websites and Internet Infrastructure using innovative cloud-based. Managed Services Protecting Critical Websites and Internet Infrastructure using innovative cloud-based Domain Name System Managed Services Businesses demand internet connectivity, security and resilience to achieve success

More information

BUSINESS IMPACT OF POOR WEB PERFORMANCE

BUSINESS IMPACT OF POOR WEB PERFORMANCE WHITE PAPER: WEB PERFORMANCE TESTING Everyone wants more traffic to their web site, right? More web traffic surely means more revenue, more conversions and reduced costs. But what happens if your web site

More information

The Environment Surrounding DNS. 3.1 The Latest DNS Trends. 3. Technology Trends

The Environment Surrounding DNS. 3.1 The Latest DNS Trends. 3. Technology Trends 3. The Environment Surrounding DNS DNS is used in many applications, serving as an important Internet service. Here we discuss name collision issues that have arisen with recent TLD additions, and examine

More information

Cloud Security In Your Contingency Plans

Cloud Security In Your Contingency Plans Cloud Security In Your Contingency Plans Jerry Lock Security Sales Lead, Greater China Contingency Plans Avoid data theft and downtime by extending the security perimeter outside the data-center and protect

More information

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Protect your network: planning for (DDoS), Distributed Denial of Service attacks Protect your network: planning for (DDoS), Distributed Denial of Service attacks Nov 19, 2015 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product

More information

VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK

VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK HANDBOOK VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK CONSIDERATIONS FOR SERVICE ADOPTION Version 1.0 July 2014 VerisignInc.com CONTENTS 1. WHAT IS A DDOS PROTECTION SERVICE? 3 2. HOW CAN VERISIGN

More information

Part 5 DNS Security. SAST01 An Introduction to Information Security 2015-09-21. Martin Hell Department of Electrical and Information Technology

Part 5 DNS Security. SAST01 An Introduction to Information Security 2015-09-21. Martin Hell Department of Electrical and Information Technology SAST01 An Introduction to Information Security Part 5 DNS Security Martin Hell Department of Electrical and Information Technology How DNS works Amplification attacks Cache poisoning attacks DNSSEC 1 2

More information

CDN SERVICE ICSS ROUTE MANAGED DNS DEUTSCHE TELEKOM AG INTERNATIONAL CARRIER SALES AND SOLUTIONS (ICSS)

CDN SERVICE ICSS ROUTE MANAGED DNS DEUTSCHE TELEKOM AG INTERNATIONAL CARRIER SALES AND SOLUTIONS (ICSS) CDN SERVICE ICSS ROUTE MANAGED DNS DEUTSCHE TELEKOM AG INTERNATIONAL CARRIER SALES AND SOLUTIONS (ICSS) CDN FEATURE ICSS ROUTE ICSS ROUTE IS OUR NEW OFFERING TO HELP YOU MANAGE YOUR DOMAIN NAME SYSTEM

More information

The Importance of a Resilient DNS and DHCP Infrastructure

The Importance of a Resilient DNS and DHCP Infrastructure White Paper The Importance of a Resilient DNS and DHCP Infrastructure DNS and DHCP availability and integrity increase in importance with the business dependence on IT systems The Importance of DNS and

More information

DNS Security FAQ for Registrants

DNS Security FAQ for Registrants DNS Security FAQ for Registrants DNSSEC has been developed to provide authentication and integrity to the Domain Name System (DNS). The introduction of DNSSEC to.nz will improve the security posture of

More information

Blocking DNS Messages is Dangerous

Blocking DNS Messages is Dangerous Blocking DNS Messages is Dangerous Florian Maury, Mathieu Feuillet October 5-6, 2013 F Maury, M Feuillet Blocking DNS Messages is Dangerous October 5-6, 2013 1/25 ANSSI Created in 2009, the ANSSI is the

More information

Acquia Cloud Edge Protect Powered by CloudFlare

Acquia Cloud Edge Protect Powered by CloudFlare Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....

More information

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013 the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point

More information

Securing Your Business with DNS Servers That Protect Themselves

Securing Your Business with DNS Servers That Protect Themselves Product Summary: The Infoblox DNS security product portfolio mitigates attacks on DNS servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate

More information

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer 2012 Infrastructure Security Report 8th Annual Edition Kleber Carriello Consulting Engineer Key Findings in the Survey* Advanced Persistent Threats (APT) a top concern for service providers and enterprises

More information

CloudFlare advanced DDoS protection

CloudFlare advanced DDoS protection CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com

More information

1 2014 2013 Infoblox Inc. All Rights Reserved. Talks about DNS: architectures & security

1 2014 2013 Infoblox Inc. All Rights Reserved. Talks about DNS: architectures & security 1 2014 2013 Infoblox Inc. All Rights Reserved. Talks about DNS: architectures & security Agenda Increasing DNS availability using DNS Anycast Opening the internal DNS Enhancing DNS security DNS traffic

More information

www.prolexic.com Stop DDoS Attacks in Minutes

www.prolexic.com Stop DDoS Attacks in Minutes www.prolexic.com Stop DDoS Attacks in Minutes Prolexic gives us the strong insurance policy against DDoS attacks that we were looking for. Mark Johnson, Chief Financial Officer, RealVision You ve seen

More information

Where is Hong Kong in the secure Internet infrastructure development. Warren Kwok, CISSP Internet Society Hong Kong 12 August 2011

Where is Hong Kong in the secure Internet infrastructure development. Warren Kwok, CISSP Internet Society Hong Kong 12 August 2011 The Internet is for Everyone. Become an ISOC Member. Cyber Security Symposium 2011 Where is Hong Kong in the secure Internet infrastructure development Warren Kwok, CISSP Internet Society Hong Kong 12

More information

Security of IPv6 and DNSSEC for penetration testers

Security of IPv6 and DNSSEC for penetration testers Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions

More information

Arbor White Paper Keeping the Lights On

Arbor White Paper Keeping the Lights On Arbor White Paper Keeping the Lights On The Importance of DDoS Defense in Business Continuity Planning About Arbor Networks Arbor Networks, Inc. is a leading provider of network security and management

More information

VIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division

VIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division VIDEO Intypedia013en LESSON 13: DNS SECURITY AUTHOR: Javier Osuna García-Malo de Molina GMV Head of Security and Process Consulting Division Welcome to Intypedia. In this lesson we will study the DNS domain

More information

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Why IPS Devices and Firewalls Fail to Stop DDoS Threats ( WH ITE PAPE R) Why IPS Devices and Firewalls Fail to Stop DDoS Threats HOW TO PROTECT YOUR DATA CENTER S AVAILABILITY Executive Summary As e-commerce continues to proliferate and deliver profitable results,

More information

Arbor White Paper Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Arbor White Paper Why IPS Devices and Firewalls Fail to Stop DDoS Threats Arbor White Paper Why IPS Devices and Firewalls Fail to Stop DDoS Threats How to Protect Your Data Center s Availability About Arbor Networks Arbor Networks, Inc. is a leading provider of network security

More information

The Domain Name Industry Brief

The Domain Name Industry Brief The Domain Name Industry Brief Volume 1 Issue 1 February 2004 >> The VeriSign Domain Name Primer As the leading global domain name registry, VeriSign closely monitors the state of the domain name market

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

Innovating with the Domain Name System: From Web to Cloud to the Internet of Things

Innovating with the Domain Name System: From Web to Cloud to the Internet of Things Innovating with the Domain System: From Web to Cloud to the Internet of Things Dr. Burt Kaliski, Jr. Senior Vice President, Chief Technology Officer WHD.Asia 2014 September 2, 2014 Agenda Ecosystem Innovations

More information

DDoS Attacks Can Take Down Your Online Services

DDoS Attacks Can Take Down Your Online Services DDoS Attacks Can Take Down Your Online Services Dr. Bill Highleyman Managing Editor, Availability Digest Continuity Insights New York 2014 October 8, 2014 editor@availabilitydigest.com Who Am I? Dr. Bill

More information

DNS security: poisoning, attacks and mitigation

DNS security: poisoning, attacks and mitigation DNS security: poisoning, attacks and mitigation The Domain Name Service underpins our use of the Internet, but it has been proven to be flawed and open to attack. Richard Agar and Kenneth Paterson explain

More information

Automated Mitigation of the Largest and Smartest DDoS Attacks

Automated Mitigation of the Largest and Smartest DDoS Attacks Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application

More information

At dincloud, Cloud Security is Job #1

At dincloud, Cloud Security is Job #1 At dincloud, Cloud Security is Job #1 A set of surveys by the international IT services company, the BT Group revealed a major dilemma facing the IT community concerning cloud and cloud deployments. 79

More information

DDoS Attacks in the United Kingdom

DDoS Attacks in the United Kingdom Neustar Insights DDoS Attacks in the United Kingdom 2012 Annual Trends and Impact Survey Contents Survey Findings, 2012 2011 Survey Methodology 3 Frequency of Attacks 3 Introduction In both 2011 and 2012,

More information

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select

More information

DNS Amplification Are YOU Part of the Problem?

DNS Amplification Are YOU Part of the Problem? DNS Amplification Are YOU Part of the Problem? (RIPE66 Dublin, Ireland - May 13, 2013) Merike Kaeo Security Evangelist, Internet Identity merike@internetidentity.com INTRO Statistics on DNS Amplification

More information

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4

More information

JPCERT/CC Internet Threat Monitoring Report [January 1, 2015 - March 31, 2015]

JPCERT/CC Internet Threat Monitoring Report [January 1, 2015 - March 31, 2015] JPCERT-IA-2015-02 Issued: 2015-04-27 JPCERT/CC Internet Threat Monitoring Report [January 1, 2015 - March 31, 2015] 1 Overview JPCERT/CC has placed multiple sensors across the Internet for monitoring to

More information

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS : DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s

More information

Stop DDoS Attacks in Minutes

Stop DDoS Attacks in Minutes PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)

More information

Intelligent Infrastructure for Security

Intelligent Infrastructure for Security Intelligent Infrastructure for Security Co n t e n t s + Executive Summary 3 + The Transformation of Business Communications 3 + The Need for Intelligent Infrastructure 5 + VeriSign Intelligent Infrastructure

More information

Verisign/ICANN Proposal in Response to NTIA Request

Verisign/ICANN Proposal in Response to NTIA Request Verisign/ICANN Proposal in Response to NTIA Request Root Zone Administrator Proposal Related to the IANA Functions Stewardship Transition Introduction On March 14, 2014, NTIA announced its intent to transition

More information

CHAPTER 4 : CASE STUDY WEB APPLICATION DDOS ATTACK GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

CHAPTER 4 : CASE STUDY WEB APPLICATION DDOS ATTACK GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC : CASE STUDY WEB APPLICATION DDOS ATTACK 1 WEB APPLICATION DDOS ATTACK CASE STUDY MORAL Ensuring you have DoS/DDoS protection in place, before you are attacked, can pay off. OVERVIEW XYZ Corp (name changed

More information

DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS

DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS December 2011 November saw DNS Poisoning, aka Pharming, making the headlines on more than one occasion: To name a few, the online threat

More information

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers How to Protect Your from Hackers Web attacks are the greatest threat facing organizations today. In the last year, Web attacks have brought down businesses of all sizes and resulted in massive-scale data

More information

Application DDoS Mitigation

Application DDoS Mitigation Application DDoS Mitigation Revision A 2014, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Volumetric vs. Application Denial of Service Attacks... 3 Volumetric DoS Mitigation...

More information

NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314

NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: December 2002 LETTER NO.: 02-CU-16 TO: All Federally-Insured Credit Unions SUBJ: Protection of Credit Union Internet Addresses

More information

A Guide to Common Cloud Security Concerns. Why You Can Stop Worrying and Start Benefiting from SaaS

A Guide to Common Cloud Security Concerns. Why You Can Stop Worrying and Start Benefiting from SaaS A Guide to Common Cloud Security Concerns Why You Can Stop Worrying and Start Benefiting from SaaS T he headlines read like a spy novel: Russian hackers access the President s email. A cyber attack on

More information

DNSSEC and DNS Proxying

DNSSEC and DNS Proxying DNSSEC and DNS Proxying DNS is hard at scale when you are a huge target 2 CloudFlare DNS is big 3 CloudFlare DNS is fast 4 CloudFlare DNS is always under attack 5 CloudFlare A secure reverse proxy for

More information

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select

More information

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks Enabling Precise Defense against New DDoS Attacks 1 Key Points: DDoS attacks are more prone to targeting the application layer. Traditional attack detection and defensive measures fail to defend against

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 4 4TH QUARTER 2014

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 4 4TH QUARTER 2014 VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 4 4TH QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: 4 Mitigations by Attack Size 4 MITIGATIONS BY INDUSTRY VERTICAL

More information

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper SHARE THIS WHITEPAPER On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper Table of Contents Overview... 3 Current Attacks Landscape: DDoS is Becoming Mainstream... 3 Attackers Launch

More information

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...

More information

The secret life of a DNS query. Igor Sviridov 20120522

The secret life of a DNS query. Igor Sviridov <sia@nest.org> 20120522 The secret life of a DNS query Igor Sviridov 20120522 Preface Nowadays, when we type URL (or is it a search string? ;-) into a browser (or mobile device) many things happen. While most of

More information

The Dynamic DNS Infrastructure

The Dynamic DNS Infrastructure Between the proliferation of mobile devices and the everincreasing amount of content on the web, DNS usage has seen a huge increase in recent years. Meanwhile, DNS continues to be a tempting target for

More information

HOW IS WEB APPLICATION DEVELOPMENT AND DELIVERY CHANGING?

HOW IS WEB APPLICATION DEVELOPMENT AND DELIVERY CHANGING? WHITE PAPER : WEB PERFORMANCE TESTING Why Load Test at all? The reason we load test is to ensure that people using your web site can successfully access the pages and complete whatever kind of transaction

More information

The server will respond to the client with a list of instances. One such attack was analyzed by an information security researcher in January 2015.

The server will respond to the client with a list of instances. One such attack was analyzed by an information security researcher in January 2015. 1 TLP: GREEN 02.11.15 GSI ID: 1086 SECURITY BULLETIN: MS SQL REFLECTION DDOS RISK FACTOR - MEDIUM 1.1 / OVERVIEW / Beginning in October 2014, PLXsert observed the use of a new type of reflection-based

More information

Technical Series. A Prolexic White Paper. Firewalls: Limitations When Applied to DDoS Protection

Technical Series. A Prolexic White Paper. Firewalls: Limitations When Applied to DDoS Protection A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial

More information