![Page 1: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/1.jpg)
1 Verisign Confidential and Proprietary
Yin and Yang of Secure Internet Infrastructure
Sean Leach, Vice President of Technology
![Page 2: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/2.jpg)
2 Verisign Confidential and Proprietary
• Who am I
• Why is DNS so important?
• Why do I keep hearing about these bank attacks?
• Wait – what was that about “biggest attack in history?”
• What does APT spell?
Agenda
![Page 3: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/3.jpg)
3 Verisign Confidential and Proprietary
Who am I?
• VP Technology, Verisign • Focused on DNS, DDOS and Security
• Been in the infrastructure and security space 14 years
• Fought first DDOS in 2000
![Page 4: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/4.jpg)
4 Verisign Confidential and Proprietary
• Founded in 1995, listed NASDAQ:VRSN 1998
• Two Businesses: • Domain Name Services • Network Intelligence and Availability
• Headquartered in Reston, VA • 2012 Revenues: $874 million • S&P 500 Company • 1,100 Employees • VerisignInc.com
About Verisign
Verisign enables the world to connect online with reliability and confidence, anytime, anywhere.
![Page 5: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/5.jpg)
5 Verisign Confidential and Proprietary
Managing and Protecting the Internet
DNS Resolution Sites
Processes approximately 67 billion DNS queries daily
100 percent uninterrupted
availability
Globally distributed
DDoS mitigation capability
Manages more than 121
million domain names
More than 75 global points of presence
![Page 6: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/6.jpg)
6 Verisign Confidential and Proprietary
What is Internet Infrastructure
![Page 7: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/7.jpg)
7 Verisign Confidential and Proprietary
Why is DNS so important?
![Page 8: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/8.jpg)
8 Verisign Confidential and Proprietary
What is DNS?
• Domain Name System • E.g., human-readable names (e.g., www.example.com) to
machine-usable numbers (i.e., IP addresses; 192.168.100.1)
client resolver
root (.)
tld (.com)
auth server (example.com)
3
5
7
8
1. www.example.com? 4. www.example.com?
www.example.com
9
![Page 9: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/9.jpg)
9 Verisign Confidential and Proprietary
DNS Attack Surface
root Smart Grid &
Internet of Things
Tools, Policy, Government, Law Enforcement, Application, CERT/ISRT, etc..
Consumer
Registrants
Registrars/resellers
registries
authoritative DNS
authoritative DNS
authoritative DNS
Recursive Name Servers
gTLDs
ccTLDs
IP
![Page 10: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/10.jpg)
10 Verisign Confidential and Proprietary
Local DNS Hijacking
![Page 11: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/11.jpg)
11 Verisign Confidential and Proprietary
Domain / Registrar Hijacking
![Page 12: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/12.jpg)
12 Verisign Confidential and Proprietary
Distributed Denial of Service (DDOS)
![Page 13: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/13.jpg)
13 Verisign Confidential and Proprietary
What is a DDoS?
![Page 14: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/14.jpg)
14 Verisign Confidential and Proprietary
What is a DDoS (for realz) ?
botnet
Legitimate Users
Your Site
Network
![Page 15: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/15.jpg)
15 Verisign Confidential and Proprietary
How Easy is it to “DDoS” Someone?
$9 / hour
![Page 16: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/16.jpg)
16 Verisign Confidential and Proprietary
What’s this I heard about attacks against the financial
system?
![Page 17: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/17.jpg)
17 Verisign Confidential and Proprietary
Attacks Against the Financial System
![Page 18: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/18.jpg)
18 Verisign Confidential and Proprietary
Outcomes posted
![Page 19: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/19.jpg)
19 Verisign Confidential and Proprietary
Old/Busted
The cloud works for botnets too
New Hotness
![Page 20: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/20.jpg)
20 Verisign Confidential and Proprietary
Phase 1 Structure
![Page 21: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/21.jpg)
21 Verisign Confidential and Proprietary
Phase 2 Structure
![Page 22: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/22.jpg)
22 Verisign Confidential and Proprietary
Who’s to blame?
![Page 23: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/23.jpg)
23 Verisign Confidential and Proprietary
Can’t we take it down?
![Page 24: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/24.jpg)
24 Verisign Confidential and Proprietary
How Big Can They Get?
2.5 10 17 24 40
49
75
100+
150+
300+
0
50
100
150
200
250
300
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
Ban
dwid
th in
Gbp
s DDoS Attack Size Over Time
![Page 25: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/25.jpg)
25 Verisign Confidential and Proprietary
Cyber-Armageddon?
![Page 26: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/26.jpg)
26 Verisign Confidential and Proprietary
Was it really as bad as it sounded?
![Page 27: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/27.jpg)
27 Verisign Confidential and Proprietary
• Advanced Persistent Threat
• Confused with “Chinese Hacking”
What is an APT?
![Page 28: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/28.jpg)
28 Verisign Confidential and Proprietary
Finally…
“Everybody’s got a plan – until they get hit!” -- Mike Tyson
![Page 29: Yin and Yang of Secure Internet Infrastructure](https://reader035.vdocuments.us/reader035/viewer/2022071603/613d7aaa736caf36b75dd077/html5/thumbnails/29.jpg)
Thank You
© 2012 VeriSign, Inc. All rights reserved. VERISIGN and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners.