Akamai Diversity

The Akamai Blog

Hawkins1.pngIn the land behind the firewall, build a fortress in the cloud.

 

Many of our customers conducting business in Europe are concerned about how the new General Data Protection Regulation ("GDPR") impacts the ability to protect their organization's data, network and IT system resources. In particular, many worry that the requirements of GDPR will restrict their abilities to decrypt, analyze or log networking traffic for security purposes. However, enterprises needn't worry, as GDPR actually does permit these types of security controls.

On Cache Poisoning

In March 2017, Akamai released a post, "On Web Cache Deception Attacks".  A presentation at the Black Hat conference by James Kettle from Port Swigger on web cache poisoning has recently raised awareness of cache poisoning.  This is a class of vulnerability with a long history. Cache poisoning can be defended against by properly configuring caching controls on both customer sites and the Akamai platform.  Customers should consult with their Akamai account teams to review the configuration of their sites to ensure a secure configuration.

Linux Kernel IP Vulnerability 2

On the week of July 15th, researcher Juha-Matti Tilli disclosed a vulnerability in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland (NCSC-FI), CERT Coordination Center (CERT/CC), and Akamai. The vulnerability, CVE-2018-5391, is a resource exhaustion attack triggered by a specially crafted stream of IP datagrams that cause expensive processing within the Linux kernel. This vulnerability is similar to the Linux TCP vulnerability announced August, 6th, 2018.

In preparation for the public disclosure of the vulnerability, Akamai prepared and began deploying patches for its network.  Simultaneously, Akamai has been working with external parties to ensure the fix was sufficient to protect its network and customers. Akamai continues to work closely with the vulnerability coordinators at NCSC-FI and CERT/CC to aid the vulnerability disclosure, testing, and notification processes.

Linux Kernel TCP Vulnerability

On the week of July 15th researcher Juha-Matti Tilli disclosed a vulnerability he discovered in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland (NCSC-FI), CERT Coordination Center (CERT/CC), and Akamai. The vulnerability, CVE-2018-5390, is a resource exhaustion attack triggered by a specially crafted stream of TCP segments which creates expensive processing within the Linux kernel.

In preparation for the public disclosure of the vulnerability, Akamai prepared and began deploying patches for its network.  Simultaneously, Akamai has been working with external parties to ensure that the solution works, verifying that the fix was sufficient to protect its network and customers. Akamai continues to work closely with the vulnerability coordinators at NCSC-FI and CERT/CC to aid the vulnerability disclosure, testing and notification processes.

This issue impacts nearly all current Linux systems, while versions of the Linux kernel release 4.9 or later being the most susceptible. Release version 4.8 and older, while still impacted, require more malicious traffic to exhibit the same level of resource exhaustion.

Threat Identity...The First Line of Defense

Last quarter, we discussed zero trust and identity in regard to remote application access. This focus was primarily looking at enterprise users seeking to gain access to applications on a network where there are no boundaries: The internet. In the concept of zero trust, the internet is considered hostile and users are accessing resources from multiple devices and from many different locations. With this in mind, it is critical for organizations to be able to identify:

Experts that support your digital transformation

If your business is like many, your customer's experience is a top priority. In an age of fast paced digital transformation, meeting the needs of a unique global user base while securely delivering quality web based experiences, continues to grow in complexity.

Why would customers choose me?

Competitive Differentiation Guide for Financial Services in Digital India

We are a young nation 1.3 billion strong, of which just about 500 million are active internet users. Not a small number by any means.  We have world's second largest pool of internet users and our online population is larger than the total population of United States of America!

However, what we as a nation along with the whole world, really have our eyes on, are those next billion users coming online. We all are witnessing that future in the making as India's policy makers, telecom operators, regulators and businesses across various industries are collectively and relentlessly working to make it happen. Reliance Jio added 100 million users to India's internet population just in 2017 and we continue to add 10 million users per month accordingly to Google. This incredible scale and pace of India's digital revolution, presents an unprecedented growth opportunity for all business including financial services viz. banking, asset management, credit cards, payments or insurance.

In 2014, a smart refrigerator had been caught red-handed for spawning over 750,000 spam emails after hijacked by a botnet attack. It is the first documented attack worldwide for Internet of Things to have fallen prey to hackers[i]. A more recent case in the US concerns an internet connected thermostat in an aquarium, which hackers successfully controlled to access the high-roller database of gamblers in a casino[ii].

Best security practices for Trusted TLS Intermediary

According to Google over 75% of public websites are accessed over encrypted connections using HTTPS, with the use of HTTP diminishing. As expected, the bad actors are following the crowds, and using HTTPS to hide their activities.