CDN in the Defense-in-Depth Strategy

The Content Delivery Network adds a critical security layer to any Defense-in-Depth strategy. The CDN is just as important as the firewall, or intrusion detection system, when it comes to mitigating certain types of attacks. With the corporate computer network expanding to mobile devices, web applications and websites, the CDN is the best defensive tool in mitigating network and application DDoS attacks. Some CDNs, especially those with a web application firewall (WAF) offering are better equipped in defending client websites against the OWASP top ten attacks, than those CDNs without a similar offering.

Attack on an Incapsula Client

Recently, an Alexa Top 50 video content provider was hijacked for what look like a soon to be DDoS-for-hire service. To make matters worse, there was evidence the hacker created a billing system to keep track of the rented machines. Since there aren’t many video content providers in the Top 50, my guess it’s either youtube of xvideo. The breach demonstrates the creativity and skill set of the hacker. Here is the summary of the breach:

  1. Attacker created a user account
  2. Attacker inserted malicious code (javascript payload) into the profile <img> tag
  3. Attacker added comments on popular video pages along with the malicious <img> tag
  4. Every time a person visited the web page that had the comments, the javascript would activate itself adding an iframe with DDoS tool, that would send a GET request to the target sites, thus creating a DDoS bot army
 CDN in the Defense-in-Depth Strategy

Incapsula found out about the issue and mitigated it when one of their clients were the intended targets receiving over 20M GET request from 22,000 Internet users. Security based CDNs, which I refer to as the CyberSecurity CDN are in the best position to counter this type of attack. Akamai, Incapsula, Yottaa and CloudFlare offer a robust security portfolio to mitigate intelligent application DDoS attacks. Incapsula goes a step further and protects against backdoor intrusions, and login attacks via its two-factor authentication service.

Akamai, with its $1B cash war chest is surely to make a big splash in the coming months, once it acquires a pure-play security company. The most critical piece that CDNs bring to the Defense-in-Depth strategy that other companies don’t, a global network infrastructure of thousands of servers, hundreds of Gbps of bandwidth, and POPs located at the major peering exchanges. A CDN is usually only a couple of hops away from the eyeball networks, and attackers. The CDN is needed complimentary security product to firewalls, IDS, anti-virus software, and all other security tools.