29
1 Verisign Confidential and Proprietary Yin and Yang of Secure Internet Infrastructure Sean Leach, Vice President of Technology
1 Verisign Confidential and Proprietary
Yin and Yang of Secure Internet Infrastructure
Sean Leach, Vice President of Technology
2 Verisign Confidential and Proprietary
• Who am I
• Why is DNS so important?
• Why do I keep hearing about these bank attacks?
• Wait – what was that about “biggest attack in history?”
• What does APT spell?
Agenda
3 Verisign Confidential and Proprietary
Who am I?
• VP Technology, Verisign • Focused on DNS, DDOS and Security
• Been in the infrastructure and security space 14 years
• Fought first DDOS in 2000
4 Verisign Confidential and Proprietary
• Founded in 1995, listed NASDAQ:VRSN 1998
• Two Businesses: • Domain Name Services • Network Intelligence and Availability
• Headquartered in Reston, VA • 2012 Revenues: $874 million • S&P 500 Company • 1,100 Employees • VerisignInc.com
About Verisign
Verisign enables the world to connect online with reliability and confidence, anytime, anywhere.
5 Verisign Confidential and Proprietary
Managing and Protecting the Internet
DNS Resolution Sites
Processes approximately 67 billion DNS queries daily
100 percent uninterrupted
availability
Globally distributed
DDoS mitigation capability
Manages more than 121
million domain names
More than 75 global points of presence
6 Verisign Confidential and Proprietary
What is Internet Infrastructure
7 Verisign Confidential and Proprietary
Why is DNS so important?
8 Verisign Confidential and Proprietary
What is DNS?
• Domain Name System • E.g., human-readable names (e.g., www.example.com) to
machine-usable numbers (i.e., IP addresses; 192.168.100.1)
client resolver
root (.)
tld (.com)
auth server (example.com)
3
5
7
8
1. www.example.com? 4. www.example.com?
www.example.com
9
9 Verisign Confidential and Proprietary
DNS Attack Surface
root Smart Grid &
Internet of Things
Tools, Policy, Government, Law Enforcement, Application, CERT/ISRT, etc..
Consumer
Registrants
Registrars/resellers
registries
authoritative DNS
authoritative DNS
authoritative DNS
Recursive Name Servers
gTLDs
ccTLDs
IP
10 Verisign Confidential and Proprietary
Local DNS Hijacking
11 Verisign Confidential and Proprietary
Domain / Registrar Hijacking
12 Verisign Confidential and Proprietary
Distributed Denial of Service (DDOS)
13 Verisign Confidential and Proprietary
What is a DDoS?
14 Verisign Confidential and Proprietary
What is a DDoS (for realz) ?
botnet
Legitimate Users
Your Site
Network
15 Verisign Confidential and Proprietary
How Easy is it to “DDoS” Someone?
$9 / hour
16 Verisign Confidential and Proprietary
What’s this I heard about attacks against the financial
system?
17 Verisign Confidential and Proprietary
Attacks Against the Financial System
18 Verisign Confidential and Proprietary
Outcomes posted
19 Verisign Confidential and Proprietary
Old/Busted
The cloud works for botnets too
New Hotness
20 Verisign Confidential and Proprietary
Phase 1 Structure
21 Verisign Confidential and Proprietary
Phase 2 Structure
22 Verisign Confidential and Proprietary
Who’s to blame?
23 Verisign Confidential and Proprietary
Can’t we take it down?
24 Verisign Confidential and Proprietary
How Big Can They Get?
2.5 10 17 24 40
49
75
100+
150+
300+
0
50
100
150
200
250
300
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
Ban
dwid
th in
Gbp
s DDoS Attack Size Over Time
25 Verisign Confidential and Proprietary
Cyber-Armageddon?
26 Verisign Confidential and Proprietary
Was it really as bad as it sounded?
27 Verisign Confidential and Proprietary
• Advanced Persistent Threat
• Confused with “Chinese Hacking”
What is an APT?
28 Verisign Confidential and Proprietary
Finally…
“Everybody’s got a plan – until they get hit!” -- Mike Tyson
Thank You
© 2012 VeriSign, Inc. All rights reserved. VERISIGN and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners.
