Get In Touch
July 2012 Archives
The primary concern when supporting a large event is that online resources may be built in a hurry and then receive a sudden influx of users. As such, there are time and effort constraints to securing these websites and the infrastructure that carries them. As the security team for the event, typically you do not have a lot of historical Internet traffic to define a "normal" state, so you have to rely on attack trends from other events as well as threat intelligence to detect any new techniques that specifically are targeting your event.
One thing you need to be prepared to defend against is Denial of Service (DoS) attacks, where the attacker disrupts the operation of an online service such as a livestream or website. Highly visible event websites are prime targets and a cleverly-conducted Distributed DoS attack can look very much like a flash mob of legitimate users that are coming to a website
The high visibility for events such as the Olympics can also prompt defacement style attacks. Because the event draws a large volume of website users, hacktivist groups wishing to propagate their messages can alter the event's website to display their message to a broad audience and to generate headlines that create further awareness for their cause.
In a similar vein, most large events have a scheduling site or a storefront where they sell tickets, memorabilia, or other services. These can be prime targets for data exfiltration for anything from email addresses to passwords to credit card information or even VIP contact information. Data breaches can also lead to inappropriate information disclosure. Although not as big a fear for a real-time event such as the Olympics, for events with a predetermined outcome such as awards ceremonies, attackers can access the results before they are officially released. This can lead to significant audience loss and loss of revenue. The loss of revenue could also happen as a result of actual content theft where attackers make a copy of the event content available on their own website or on portable media.
Significant interest in an event may make associated online assets a possible target for distributors of malware. In this situation, attackers would alter the website in a non-obvious, non-visible manner to serve hooks to malicious content that runs on the users' computer and installs other software such as viruses, key loggers, and the Zeus banking trojan.
And unfortunately, the event organizers and their online assets are not always the sole target. Event audiences can also be targets. Vehicles could include phishing, spam, and malware email where attackers seek a wide variety of goals such as stealing information from the user's computer, implanting viruses on the user's computer, and conducting outright scams involving selling counterfeit tickets, VIP passes, and fraudulent "discount tickets" to unsuspecting consumers.
Overall, the trick to keeping online events as safe as possible is to understand your potential adversary based on previous trends and current capabilities and understand how they're most likely to attack, the motivation for the attack, and countermeasures that you can implement. Doing so will help you apply the right defenses to the right assets and have a successful event.
Mike Smith is a Senior Security Evangelist at Akamai
For many, the summer Olympics serve as guide posts in our memories - every time they roll around, we're four years older, but are reminded of unbelievable moments from Olympics of the past: Nadia Comaneci's perfect 10s, the Dream Team and, most recently, Michael Phelps' eight gold medals in 2008.
But we need not look back to ancient Greece - or even the 1970s, for that matter - to appreciate how much our viewing of individual events has evolved over time.
Think back just four years ago: Twitter was in its infancy, Facebook could only be accessed via a browser and the tablet as we know it was a thing of the future. For London 2012, every second of the Olympics experience will be broadcast digitally. Users will be able to watch "whistle to whistle" coverage of their favorite athletes, events and more. That's 2,500 hours worth of swimming, diving, running and jumping available on any device, anywhere, any time.
Since the conclusion of the Beijing games, we've officially entered what we call the age of the "Instant Internet," which comes with it expectation that the content we're looking to consume is completely uncompromised on any device, any app, anywhere. And, with the anticipation that this will be the first billion-viewer Olympics, this expectation will prove to be tested like never before.
--For a behind-the-scenes look at the technology that made the Vancouver Games tick, check out this short video: http://youtu.be/VINct4MyFrQ--
Akamai solutions from Sola Media, Aqua Mobile and Kona Security will be in place to ensure live and on-demand content gets delivered to viewers around the world across all major platforms, including iOS, Android, BlackBerry, Connected TV and Xbox, among others. And these aren't passive viewers, either. As online formats allow users to access streaming video and data simultaneously, user engagement with major sporting events like this one is going through the roof. According to Canadian broadcaster CTV, the average online viewer of the last competition in Vancouver watched 56 minutes of content per day. How much will that increase this year? That remains to be seen, but we are surely in for an exciting ride.
So, tell us, what's your favorite summer Olympics memory and what events are you looking forward to in 2012? What's your viewing strategy for the London games and how does this differ from years past?
We look forward to reading your comments, and please continue to visit this space throughout the month ahead for some additional Olympics-related content.
Troy Snyder is Vice President of Ecosystem/Executive Producer at Akamai
That is what drove us to develop and announce the upcoming SPDY and WebSocket support at the recent 2012 Santa Clara Velocity conference. We have been working with and developing these protocols for a while now and are excited to bring them to our network. It is a fascinating time in the web world and SPDY and WebSocket are central themes in the raging debates around the direction of the basic protocols that make everything tick. Recently this pair of protocols has been cast as somehow competing for a virtual crown in a race to see who will win a standards war. Here at Akamai we see this as far from the case, and believe that looking at them through that sort of lens will distract from the basic fact that they are two tools for two jobs.
SPDY (pronounced speedy), for those who are not familiar with it is a proposal and implementation from Google for a faster version of HTTP. SPDY achieves its performance boost through a number of optimization such as request multiplexing, using fewer connections, and header compression to name a few. Benchmarks generally show that SPDY consistently improved a web page performance by 10-20%. In our millisecond mattering world, that is huge and worth taking notice.
Akamai's initial SPDY implementation will be targeting version 2 of the protocol. End users with SPDY speaking browsers will be able to converse with our secure edge network (ESSL) using this latest and greatest web development starting this fall.
Not Pixie Dust
Recent studies, particularly one from at Akamai, show that SPDY is not some magical engine that will remove all of the bottlenecks a web site might have. Do not take our criticism of SPDY as an indicator that we are not supporters of it. On the contrary, we believe in the direction and want to see it get better and better. Different bottlenecks require different solutions, ranging from better caching and route decisions to addressing third party content and Front-End Optimization. For the cases where HTTP between client-and-edge is holding you back, SPDY will come to the rescue.
At Akamai we aim to offer the complete set of tools to address each bottlenecks, and will help you use the right tool for the right job. We're excited to add SPDY to this suite, and help push the web forward.
As my family's designated grocery shopper, I find myself in the same stores every week: Trader Joe's for most of the stuff we need, Whole Foods for the rest.
I used to go to Shaw's, which is closer to my house, but for reasons I can't even remember, I stopped. And you know what? They never tried to win me back.
There are also two other grocery stores nearby, but I never hear from them.
With corn and watermelon arriving in the produce aisles, grocers have a chance to change my habits. But they won't. So my habits won't change either. I'll keep going to the same stores--as they keep me engaged with mailers and emails that advertise recipes and new products.
Why did this get me thinking about customer engagement? Because in this short little story there are examples of it working well, working poorly, and not working at all.