Date post: | 14-Jun-2015 |
Category: |
Technology |
Upload: | ceobroadband |
View: | 262 times |
Download: | 1 times |
Meeting Mobile Operator Challenges with DNS
Delivering Security, Efficiency, and Visibility
Doug Miller
[email protected] May 24, 2012
Company Overview We are the WORLD LEADER
in DNS & DHCP solutions
• Our Chairman, Dr. Paul
Mockapetris, invented the DNS
• Team comprised of BIND 8, BIND
9 & ISC-DHCP creators
• 40 Issued and pending patents
Our solutions run the world’s
MOST DEMANDING networks
• A decade of service provider
experience
• Over 140 Fixed and Mobile service
providers
• Serving over 500 million Internet
users worldwide
The first & only DNS/DHCP
INTEGRATED ARCHITECTURE
• DNS/DHCP engines provide
efficiency, lower costs, higher QoS
• Platforms enable agility & faster
application development
• Applications create differentiation
and new revenue sources
2
Our Customer Base Includes:
Putting Mobile into Perspective
3 Source: Chetan Sharma Consulting
Challenges for Mobile Providers
4
• Mobile market growth1
– Mobile Services Revenue exceeded $1 Trillion for the first time in 2011
• Global Mobile Revenues to hit $1.5 Trillion in 2012
– Represents over 2% of Global GDP
– Global Subscriptions to exceed 7 Billion in early 2013
• Data explosion
– No end in sight as mobile devices continue to grow
• Hundreds of thousands of new devices provisioned daily
• 5-year growth CAGR in mobile data traffic of 92%2
– Growth in data far outpacing voice growth
• Mobile Data will be 95% of the global mobile traffic by 20151
• Documented declines in profitability
– Data revenue declining faster than data costs3
• Cost/GB falling by a factor of 3x
• Revenue/GB falling by a factor of 10x
– Must generate new revenue sources & control expenses
1Note: Chetan Sharma Consulting 2Note: Cisco Visual Networking Index, 2012 3Note: Strategy Analytics – Sue Rudd, 2012 Interview
Ericsson Traffic and Market Data
Report (November, 2011)
The Changing Face of Mobile
5
• Connected devices are expanding
– Not just mobile phones
• PCs, laptops, and tablets are becoming more common*
– 175M laptops on the mobile network in 2011
• 22x more traffic than more traffic than smartphones
– Tablets will exceed 10% of global mobile data traffic in 2016
– In 2016, 4G will be 6 percent of connections, but 36 percent
of total traffic
• Home broadband is being replaced with mobile contracts
– Mobile devices aren’t as protected as home networks
• Spectrum consumption is a constant battle
– “We don't have anywhere near [enough] usable spectrum left”
• CNET News – February, 2012
– “Frequency allocations alone are not the only solution. We
need to be as smart as possible in managing our capacity.”
• Philipp Humm, President and CEO of T-Mobile USA – CTIA 2012
*Note: Cisco Visual Networking Index, 2012
eCommerce on Mobile is Increasing
6
Mobile is clearly becoming a new way people shop [eBay has] nearly tripled mobile GMV (gross
merchandise value) year-over-year to nearly $2 billion, with strong holiday shopping momentum
in Q4. In 2011, we expect Mobile GMV to double to $4 billion.
- John Donahoe, President & CEO, eBay CQ4:10 Earnings Call
US Dept. of Commerce (CQ2:10), Morgan Stanley Research
The Point of the Research
7
This applies to legitimate and malicious behavior alike
Profitability of Internet Crime
8
Trend Total market share, % Amount, million USD
Online banking fraud 21.3% $490
Cashing 16.0% $367
Phishing 2.4% $55
Theft of electronic funds 1.3% $30
Total 41.0% $942
Trend Total market share, % Amount, million USD
Spam 24.0% $553
Pharma and counterfeits 6.2% $142
Fake software 5.9% $135
Total 36.1% $830
Trend Total market share, % Amount, million USD
Sale of traffic 6.6% $153
Sale of exploits 1.8% $41
Sale of loaders 1.2% $27
Anonymization 0.4% $9
Total 10.0% $230
Trend Total market share, % Amount, million USD
DDoS attacks 5.6% $130
Other 7.3% $168
Total 12.9% $298
Total 100% $2,300
Spam
Online Fraud
Internal market (C2C)
Other
Source: Group IB
Source: Group IB Source: Microsoft Security Intelligence Report – 2011
Computers Reporting Malware
Malware Distribution on Mobile
9
The Lifecycle of a Bot Network
10
3 – Bot gets
instructions from
Command and Control
(C&C) server
C&C
Botnet
Bot Master
1 – Spam (or “something”)
entices user to badsite.com
2 – User visits site and
is infected via “drive
by download” Malware
and becomes part of
Botnet
4 – Newly infected
machine (bot) joins
Botnet in DDOS attack
on a legitimate Web
site
Innocent
User
Cache Poisoning Threat – Kaminsky
11
• Attacker redirects unsuspecting customers
– Entries in cache are changed by an attacker
– Customer going to www.mybank.com is given incorrect
information
• Does not require phishing or any unsafe behavior
– Attacker directs customers to controlled sites
• Financial and identity theft, malware installation, etc.
• Statistical attack
– Send query so server listening for answer
– Send guesses while target DNS waits for real answer
– Repeat until success
Three-Tiered Integrated Architecture
Subscriber Services Analytics
Interoperability (SDK & APIs)
Network Services and
Security
Un
ifie
d U
ser
Inte
rface &
Man
ag
em
en
t Subscriber
Messaging SIEM
Configuration
Management
Custom
NOMINUM APPS 3rd PARTY CERTIFIED APPS
ISP-DEVELOPED APPS
Custom
Content
Blocking
Outbound
Anti- Spam
Subscriber
Analytics
Anti-Virus
Upsell
Parental
Control
Botnet
Control
Navigation
Assistance
Network
Monitoring
More…
More…
12
Network and User Security Solution
13
• Security is a mobile issue
– Mobile networks are the new
playground for hackers and
thieves
– End user threats are not just a
PC problem
• “Mobile threats are evolving
quickly—sophistication that took
decades to reach on the PC is
taking just a few years on
mobile”
- Lookout Mobile
– New access to content in new
ways has made users careless
• Addressing the security problem
on multiple levels
– Protect DNS network assets
• Server security ensures network
access is available
– Caching data is highly valuable
• End users must be confident
they’re going where they want to
– The network must be clean
• Think about spectrum efficiency
– End users should have options
• Network-based solutions
remove complexity and
confusion
“We believe that the observed attack traffic originating from known mobile networks is likely being
generated by infected PC-type clients connecting to wireless networks through mobile broadband
technologies, and not by infected smartphones or similar mobile connected devices.”
- Akamai - The State of the Internet (2nd Quarter, 2011 Report)
Protecting the Network
14
Service Provider Network
MDR
Vantio DNS
System
botC&C.com
NXDomain
goodsite2.com
Response
goodsite1.com
Response
Nom
inu
m B
ot
Dom
ain
Fee
d
Vis
ibility
an
d
Rep
ortin
g
Protecting the End User
15
• A brief introduction
– Opt-in service for managing mobile
data access
– Broad application categories
supporting multiple services
• Online Security
• Parental Control
• Scheduling
– Network-based DNS service
• No need to download anything to the
end-user mobile device
Nominum Mobile Suite
16
• Anywhere/Anytime information access
– Efficiency: Highest network performance at the lowest TCO
– Differentiation: Pre-built apps to provide new services/revenues
– Agility: Adapt to market changes and innovate quickly
• Real business issues are addressed by a DNS platform
– Core network functionality is only the beginning
– Enhanced applications are built right on top of this existing asset
• Consider the DNS as a critical network element
– DNS must be carrier grade more so now than ever before
– DNS is a critical network element & is more so every day
Wireless Environments Have Unique Needs
Nominum Knows Mobile
Doug Miller [email protected]
www.nominum.com
Twitter: @Nominum
Facebook: http://www.facebook.com/nominum
YouTube: http://www.youtube.com/nominumwebinar
LinkedIn: http://www.linkedin.com/company/nominum