SlideShare ist ein Scribd-Unternehmen logo

Edge 2014: Bypass Surgery - Akamai's Heartbleed Response Case Study

Akamai Technologies
Akamai Technologies

Bypass Surgery - Akamai's Heartbleed Response Case Study by Brian Sniffen, Chief Security Architect, Akamai Technologies In April of this year, the inevitable happened and Akamai's network was determined to be vulnerable to the Heartbleed bug. The practice of information security is both about preventing vulnerabilities and mitigating vulnerabilities when they're found. In this case study, Akamai Chief Security Architect Brian Sniffen will walk through Akamai's response to the Heartbleed vulnerability and provide insights into the lessons to be learned for improved security processes and incident response. Akamai Edge is the premier event for Internet innovators, tech professionals and online business pioneers who together are forging a Faster Forward World. At Edge, the architects, experts and implementers of the most innovative global online businesses gather face-to-face for an invaluable three days of sharing, learning and together pushing the limits of the Faster Forward World. Learn more at: http://www.akamai.com/edge

Technologie
1 von 20
Downloaden Sie, um offline zu lesen
Bypass Surgery and Other Tales Brian Sniffen
©2014 AKAMAI | FASTER FORWARDTM Akamai Security Research & Architecture • Crypto engineering expertise • Technical backstop • Product review • Akamai Architecture Group seat • Safety engineering • Incident management
©2014 AKAMAI | FASTER FORWARDTM 2014: The Year of Vulnerabilities “You people in InfoSec have become the Product Managers!” Yes, and we can’t wait to get out of that role. • Heartbleed • INRIA-Prosecco Cookies • Shellshock 2009 2010 2011 2012 2013 2014 1 0 0 1 1 3+ 2008 1
©2014 AKAMAI | FASTER FORWARDTM Akamai Incident Management Principles • Technical Incident Manager (TIM) coordinates all work • Incident Executive communicates upwards, shields TIM • GSS Business Incident Leads manage customer comms • No single-point harm can cause a Severity 1 Incident • A hot meal and 6 hours sleep fix more problems than an all-nighter • If the TIM becomes an SME, get a new TIM
©2014 AKAMAI | FASTER FORWARDTM We tell ourselves who we wish to be: • Akamai says thank you. • Akamai doesn't respond to name calling, but does respond to the useful technical content. • Akamai presents itself as a responsible and respected member of the Internet community. • Akamai will use this incident to improve both its own security and the general security of the Internet. • Akamai can laugh at itself.
©2014 AKAMAI | FASTER FORWARDTM Heartbleed mail From: Brian Sniffen Date: 7 Apr 2014 21:34:08 Subject: Sev 1: Heartbleed Will, I'm contacting you because you're the Ghost SME on call. I'm looking for evidence to refute the statement: "The Heartbleed bug can’t extract long-term customer private keys from a Ghost; we put them only in a wired, mmaped page way lower on the stack."
©2014 AKAMAI | FASTER FORWARDTM Heartbleed Timeline April 1: Notice; QA begins April 4: last Akamai Deployed Systems patched April 7, 1pm: Public Notice April 7, 6pm: What did we leak? April 8, 1am: Working exploit in Akamai lab April 9–12: Hastily publish Akamai Secure Allocator April 13, 11pm: Begin cert rotations & revocations
©2014 AKAMAI | FASTER FORWARDTM “Don’t worry, we restored the old functionality” April 14, 6am: “Why is this message in the old log format?” A “Manual Change” had restored an old version.
©2014 AKAMAI | FASTER FORWARDTM The Akamai Secure Memory Allocator • 1999 code • One author, three redactors • State machine inspired by CLOS “advice” system Turns out it works fine Code Secure Heap mmap’d file Long-term Allocations Heap
70% 90% 95% # of certs ©2014 AKAMAI | FASTER FORWARDTM Cert Revocation Progress 21 Apr 28 Apr 5 May 12 May 19 May 26 May 2 Jun 9 Jun 16 Jun 23 Jun 30 Jun
©2014 AKAMAI | FASTER FORWARDTM Learning from Heartbleed Nobody’s paying for OpenSSL! Practice in mass, fast, patching Practice in releasing helpful patches Simplicity promotes safety.
©2014 AKAMAI | FASTER FORWARDTM Shellshock Timeline Sep 23, 12pm: Notice from Florian Weimer, Debian Security Sep 23, 9pm: Manual change: replace bash wish dash; Patches started Sep 24, 5am: WAF rule in place SSH command= systems made safe Sep 24, 12pm: Public Notice Sep 25: “Kobrin Patch” to remove dangerous feature Sep 28: bash mostly replaced with dash on deployed network
©2014 AKAMAI | FASTER FORWARDTM Bash patches Pre-release: • Embargoed patch: 195 lines, 7 files (1/6 CVEs) • Kobrin patch: 2 lines, 1 file (6/6 CVEs) Post-release: • NetBSD patch: 3 lines, 2 files (6/6 CVEs) • Fixed patch: 164 lines, 11 files (6/6 CVEs) • Apple patch: unpublished (exposure unclear)
©2014 AKAMAI | FASTER FORWARDTM SSH command= limits ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFnHfYyS5onAN72oFpaopm+/yKbRy/ TCwpt7Tmw3lk0P bts@tereva.evenmere.org-2014-03-19 command="/a/bin/akamai_run suspend" ssh-ed25519 AAAAB3NzaC1yc2EAAAADAQABAAABAQDKVmNk8leXjKkWZUHQjJIT zrX+n1aa1xfBwK9Yp42q bsniffen@akamai.com-example-2014-10-01 V=“() { :;}; /bin/bash” ssh example.com :
©2014 AKAMAI | FASTER FORWARDTM Akamai Shellshock exposures Client ssh Authgate Server 1 Server 2 Perforce Server 3 https ssh Web Kerberos CGI
©2014 AKAMAI | FASTER FORWARDTM Solaris 10 “We don’t have any Solaris 10 admins”
©2014 AKAMAI | FASTER FORWARDTM Who’s looking? 13000 IPs probing per day
©2014 AKAMAI | FASTER FORWARDTM Learnings from Shellshock Nobody’s paying for Bash. And it was written in the 1980s! Simplicity promotes safety.
©2014 AKAMAI | FASTER FORWARDTM The New Normal • Two or three internet-wide patching incidents per year • Enterprise-wide compliance takes months • Trust less code. • Trust code less. • Treat upstream code like you wrote it? • Homework: set up 24/7 contacts and Security contacts

Empfohlen

Chicago Tech Day Jan 2015: Foundry - HTTP2
Chicago Tech Day Jan 2015: Foundry - HTTP2Chicago Tech Day Jan 2015: Foundry - HTTP2
Chicago Tech Day Jan 2015: Foundry - HTTP2Akamai Technologies
 
Resolution for a Faster Site
Resolution for a Faster SiteResolution for a Faster Site
Resolution for a Faster SiteIdo Safruti
 
Edge 2014: Million Browser Botnet - Live Demonstration
Edge 2014: Million Browser Botnet - Live DemonstrationEdge 2014: Million Browser Botnet - Live Demonstration
Edge 2014: Million Browser Botnet - Live DemonstrationAkamai Technologies
 
Edge 2014: A Modern Approach to Performance Monitoring
Edge 2014: A Modern Approach to Performance MonitoringEdge 2014: A Modern Approach to Performance Monitoring
Edge 2014: A Modern Approach to Performance MonitoringAkamai Technologies
 
Chicago Tech Day Jan 2015: Hidden Features
Chicago Tech Day Jan 2015: Hidden FeaturesChicago Tech Day Jan 2015: Hidden Features
Chicago Tech Day Jan 2015: Hidden FeaturesAkamai Technologies
 
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEAEdge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEAAkamai Technologies
 
Edge 2014: Increasing Control with Property Manager with eBay
Edge 2014: Increasing Control with Property Manager with eBayEdge 2014: Increasing Control with Property Manager with eBay
Edge 2014: Increasing Control with Property Manager with eBayAkamai Technologies
 
CIRCUIT 2015 - Akamai: Caching and Beyond
CIRCUIT 2015 - Akamai: Caching and BeyondCIRCUIT 2015 - Akamai: Caching and Beyond
CIRCUIT 2015 - Akamai: Caching and BeyondICF CIRCUIT
 

Empfohlen

Chicago Tech Day Jan 2015: Foundry - HTTP2
Chicago Tech Day Jan 2015: Foundry - HTTP2Chicago Tech Day Jan 2015: Foundry - HTTP2
Chicago Tech Day Jan 2015: Foundry - HTTP2Akamai Technologies
 
Resolution for a Faster Site
Resolution for a Faster SiteResolution for a Faster Site
Resolution for a Faster SiteIdo Safruti
 
Edge 2014: Million Browser Botnet - Live Demonstration
Edge 2014: Million Browser Botnet - Live DemonstrationEdge 2014: Million Browser Botnet - Live Demonstration
Edge 2014: Million Browser Botnet - Live DemonstrationAkamai Technologies
 
Edge 2014: A Modern Approach to Performance Monitoring
Edge 2014: A Modern Approach to Performance MonitoringEdge 2014: A Modern Approach to Performance Monitoring
Edge 2014: A Modern Approach to Performance MonitoringAkamai Technologies
 
Chicago Tech Day Jan 2015: Hidden Features
Chicago Tech Day Jan 2015: Hidden FeaturesChicago Tech Day Jan 2015: Hidden Features
Chicago Tech Day Jan 2015: Hidden FeaturesAkamai Technologies
 
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEAEdge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEAAkamai Technologies
 
Edge 2014: Increasing Control with Property Manager with eBay
Edge 2014: Increasing Control with Property Manager with eBayEdge 2014: Increasing Control with Property Manager with eBay
Edge 2014: Increasing Control with Property Manager with eBayAkamai Technologies
 
CIRCUIT 2015 - Akamai: Caching and Beyond
CIRCUIT 2015 - Akamai: Caching and BeyondCIRCUIT 2015 - Akamai: Caching and Beyond
CIRCUIT 2015 - Akamai: Caching and BeyondICF CIRCUIT
 
Edge 2016 your hero images need you
Edge 2016 your hero images need youEdge 2016 your hero images need you
Edge 2016 your hero images need youakamaidevrel
 
Edge 2016 service workers and other front end techniques
Edge 2016 service workers and other front end techniquesEdge 2016 service workers and other front end techniques
Edge 2016 service workers and other front end techniquesakamaidevrel
 
Edge 2016 solving everyday problems with next generation mapping
Edge 2016 solving everyday problems with next generation mappingEdge 2016 solving everyday problems with next generation mapping
Edge 2016 solving everyday problems with next generation mappingakamaidevrel
 
UI5 with Akamai - Introduction to the Content Delivery Network
UI5 with Akamai - Introduction to the Content Delivery NetworkUI5 with Akamai - Introduction to the Content Delivery Network
UI5 with Akamai - Introduction to the Content Delivery NetworkGokul Anand E, PMP®
 
EDNS0 Client-Subnet for DNS based CDNs by Matt Jansen
EDNS0 Client-Subnet for DNS based CDNs by Matt JansenEDNS0 Client-Subnet for DNS based CDNs by Matt Jansen
EDNS0 Client-Subnet for DNS based CDNs by Matt JansenMyNOG
 
Hans Nipshagen (Akamai) | TU - Hack & Attacks
Hans Nipshagen (Akamai) | TU - Hack & AttacksHans Nipshagen (Akamai) | TU - Hack & Attacks
Hans Nipshagen (Akamai) | TU - Hack & AttacksMedia Perspectives
 
Web Application Optimization Techniques
Web Application Optimization TechniquesWeb Application Optimization Techniques
Web Application Optimization Techniquestakinbo
 
Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...
Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...
Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...IDATE DigiWorld
 
Akamai connector for varnish
Akamai connector for varnishAkamai connector for varnish
Akamai connector for varnishVarnish Software
 
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...PROIDEA
 
App-solute Testing: Making App Testing with Akamai Easy
App-solute Testing: Making App Testing with Akamai EasyApp-solute Testing: Making App Testing with Akamai Easy
App-solute Testing: Making App Testing with Akamai EasyAkamai Developers & Admins
 
Advanced Application Monitoring and Management in Microsoft Azure with KEMP360
Advanced Application Monitoring and Management in Microsoft Azure with KEMP360Advanced Application Monitoring and Management in Microsoft Azure with KEMP360
Advanced Application Monitoring and Management in Microsoft Azure with KEMP360Kemp
 
40 - IDNOG03 - Bob Lau (Akamai) - BGP and Traffic Engineering
40 - IDNOG03 - Bob Lau (Akamai) - BGP and Traffic Engineering40 - IDNOG03 - Bob Lau (Akamai) - BGP and Traffic Engineering
40 - IDNOG03 - Bob Lau (Akamai) - BGP and Traffic EngineeringIndonesia Network Operators Group
 
Clone your Network with OpenNebula
Clone your Network with OpenNebulaClone your Network with OpenNebula
Clone your Network with OpenNebulaNETWAYS
 
Measuring what matters
Measuring what mattersMeasuring what matters
Measuring what mattersCliff Crocker
 
Manage Your Akamai-as-Code with Terraform
Manage Your Akamai-as-Code with TerraformManage Your Akamai-as-Code with Terraform
Manage Your Akamai-as-Code with TerraformAkamai Developers & Admins
 
Measuring What Matters - Fluent Conf 2018
Measuring What Matters - Fluent Conf 2018Measuring What Matters - Fluent Conf 2018
Measuring What Matters - Fluent Conf 2018Cliff Crocker
 
Akamai-as-Code with The Washington Post
Akamai-as-Code with The Washington PostAkamai-as-Code with The Washington Post
Akamai-as-Code with The Washington PostAkamai Developers & Admins
 
Set up a Development Environment in 5 Minutes
Set up a Development Environment in 5 MinutesSet up a Development Environment in 5 Minutes
Set up a Development Environment in 5 MinutesAkamai Developers & Admins
 
Scaling WooCommerce on WP Engine
Scaling WooCommerce on WP EngineScaling WooCommerce on WP Engine
Scaling WooCommerce on WP EngineEdmund Turbin
 
OpenNebulaConf 2013 - Keynote: Clone your Network with OpenNebula by Thomas H...
OpenNebulaConf 2013 - Keynote: Clone your Network with OpenNebula by Thomas H...OpenNebulaConf 2013 - Keynote: Clone your Network with OpenNebula by Thomas H...
OpenNebulaConf 2013 - Keynote: Clone your Network with OpenNebula by Thomas H...OpenNebula Project
 
Cloud Delivery: The Path from Simple to Sophisticated
Cloud Delivery: The Path from Simple to SophisticatedCloud Delivery: The Path from Simple to Sophisticated
Cloud Delivery: The Path from Simple to SophisticatedAkamai Developers & Admins
 

Weitere ähnliche Inhalte

Was ist angesagt?

Edge 2016 your hero images need you
Edge 2016 your hero images need youEdge 2016 your hero images need you
Edge 2016 your hero images need youakamaidevrel
 
Edge 2016 service workers and other front end techniques
Edge 2016 service workers and other front end techniquesEdge 2016 service workers and other front end techniques
Edge 2016 service workers and other front end techniquesakamaidevrel
 
Edge 2016 solving everyday problems with next generation mapping
Edge 2016 solving everyday problems with next generation mappingEdge 2016 solving everyday problems with next generation mapping
Edge 2016 solving everyday problems with next generation mappingakamaidevrel
 
UI5 with Akamai - Introduction to the Content Delivery Network
UI5 with Akamai - Introduction to the Content Delivery NetworkUI5 with Akamai - Introduction to the Content Delivery Network
UI5 with Akamai - Introduction to the Content Delivery NetworkGokul Anand E, PMP®
 
EDNS0 Client-Subnet for DNS based CDNs by Matt Jansen
EDNS0 Client-Subnet for DNS based CDNs by Matt JansenEDNS0 Client-Subnet for DNS based CDNs by Matt Jansen
EDNS0 Client-Subnet for DNS based CDNs by Matt JansenMyNOG
 
Hans Nipshagen (Akamai) | TU - Hack & Attacks
Hans Nipshagen (Akamai) | TU - Hack & AttacksHans Nipshagen (Akamai) | TU - Hack & Attacks
Hans Nipshagen (Akamai) | TU - Hack & AttacksMedia Perspectives
 
Web Application Optimization Techniques
Web Application Optimization TechniquesWeb Application Optimization Techniques
Web Application Optimization Techniquestakinbo
 
Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...
Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...
Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...IDATE DigiWorld
 
Akamai connector for varnish
Akamai connector for varnishAkamai connector for varnish
Akamai connector for varnishVarnish Software
 
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...PROIDEA
 
App-solute Testing: Making App Testing with Akamai Easy
App-solute Testing: Making App Testing with Akamai EasyApp-solute Testing: Making App Testing with Akamai Easy
App-solute Testing: Making App Testing with Akamai EasyAkamai Developers & Admins
 
Advanced Application Monitoring and Management in Microsoft Azure with KEMP360
Advanced Application Monitoring and Management in Microsoft Azure with KEMP360Advanced Application Monitoring and Management in Microsoft Azure with KEMP360
Advanced Application Monitoring and Management in Microsoft Azure with KEMP360Kemp
 
40 - IDNOG03 - Bob Lau (Akamai) - BGP and Traffic Engineering
40 - IDNOG03 - Bob Lau (Akamai) - BGP and Traffic Engineering40 - IDNOG03 - Bob Lau (Akamai) - BGP and Traffic Engineering
40 - IDNOG03 - Bob Lau (Akamai) - BGP and Traffic EngineeringIndonesia Network Operators Group
 
Clone your Network with OpenNebula
Clone your Network with OpenNebulaClone your Network with OpenNebula
Clone your Network with OpenNebulaNETWAYS
 
Measuring what matters
Measuring what mattersMeasuring what matters
Measuring what mattersCliff Crocker
 
Measuring What Matters - Fluent Conf 2018
Measuring What Matters - Fluent Conf 2018Measuring What Matters - Fluent Conf 2018
Measuring What Matters - Fluent Conf 2018Cliff Crocker
 
Scaling WooCommerce on WP Engine
Scaling WooCommerce on WP EngineScaling WooCommerce on WP Engine
Scaling WooCommerce on WP EngineEdmund Turbin
 

Was ist angesagt? (20)

Edge 2016 your hero images need you
Edge 2016 your hero images need youEdge 2016 your hero images need you
Edge 2016 your hero images need you
 
Edge 2016 service workers and other front end techniques
Edge 2016 service workers and other front end techniquesEdge 2016 service workers and other front end techniques
Edge 2016 service workers and other front end techniques
 
Edge 2016 solving everyday problems with next generation mapping
Edge 2016 solving everyday problems with next generation mappingEdge 2016 solving everyday problems with next generation mapping
Edge 2016 solving everyday problems with next generation mapping
 
UI5 with Akamai - Introduction to the Content Delivery Network
UI5 with Akamai - Introduction to the Content Delivery NetworkUI5 with Akamai - Introduction to the Content Delivery Network
UI5 with Akamai - Introduction to the Content Delivery Network
 
EDNS0 Client-Subnet for DNS based CDNs by Matt Jansen
EDNS0 Client-Subnet for DNS based CDNs by Matt JansenEDNS0 Client-Subnet for DNS based CDNs by Matt Jansen
EDNS0 Client-Subnet for DNS based CDNs by Matt Jansen
 
Hans Nipshagen (Akamai) | TU - Hack & Attacks
Hans Nipshagen (Akamai) | TU - Hack & AttacksHans Nipshagen (Akamai) | TU - Hack & Attacks
Hans Nipshagen (Akamai) | TU - Hack & Attacks
 
Web Application Optimization Techniques
Web Application Optimization TechniquesWeb Application Optimization Techniques
Web Application Optimization Techniques
 
Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...
Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...
Future of CDN - Next 10 Years - Ahmet Ozalp, Akamai Technologies - DigiWorld ...
 
Akamai connector for varnish
Akamai connector for varnishAkamai connector for varnish
Akamai connector for varnish
 
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...
PLNOG 13: James Kretchmar: How Akamai scales to serve the largest events on t...
 
App-solute Testing: Making App Testing with Akamai Easy
App-solute Testing: Making App Testing with Akamai EasyApp-solute Testing: Making App Testing with Akamai Easy
App-solute Testing: Making App Testing with Akamai Easy
 
Advanced Application Monitoring and Management in Microsoft Azure with KEMP360
Advanced Application Monitoring and Management in Microsoft Azure with KEMP360Advanced Application Monitoring and Management in Microsoft Azure with KEMP360
Advanced Application Monitoring and Management in Microsoft Azure with KEMP360
 
40 - IDNOG03 - Bob Lau (Akamai) - BGP and Traffic Engineering
40 - IDNOG03 - Bob Lau (Akamai) - BGP and Traffic Engineering40 - IDNOG03 - Bob Lau (Akamai) - BGP and Traffic Engineering
40 - IDNOG03 - Bob Lau (Akamai) - BGP and Traffic Engineering
 
Clone your Network with OpenNebula
Clone your Network with OpenNebulaClone your Network with OpenNebula
Clone your Network with OpenNebula
 
Measuring what matters
Measuring what mattersMeasuring what matters
Measuring what matters
 
Manage Your Akamai-as-Code with Terraform
Manage Your Akamai-as-Code with TerraformManage Your Akamai-as-Code with Terraform
Manage Your Akamai-as-Code with Terraform
 
Measuring What Matters - Fluent Conf 2018
Measuring What Matters - Fluent Conf 2018Measuring What Matters - Fluent Conf 2018
Measuring What Matters - Fluent Conf 2018
 
Akamai-as-Code with The Washington Post
Akamai-as-Code with The Washington PostAkamai-as-Code with The Washington Post
Akamai-as-Code with The Washington Post
 
Set up a Development Environment in 5 Minutes
Set up a Development Environment in 5 MinutesSet up a Development Environment in 5 Minutes
Set up a Development Environment in 5 Minutes
 
Scaling WooCommerce on WP Engine
Scaling WooCommerce on WP EngineScaling WooCommerce on WP Engine
Scaling WooCommerce on WP Engine
 

Ähnlich wie Edge 2014: Bypass Surgery - Akamai's Heartbleed Response Case Study

OpenNebulaConf 2013 - Keynote: Clone your Network with OpenNebula by Thomas H...
OpenNebulaConf 2013 - Keynote: Clone your Network with OpenNebula by Thomas H...OpenNebulaConf 2013 - Keynote: Clone your Network with OpenNebula by Thomas H...
OpenNebulaConf 2013 - Keynote: Clone your Network with OpenNebula by Thomas H...OpenNebula Project
 
Cloud Delivery: The Path from Simple to Sophisticated
Cloud Delivery: The Path from Simple to SophisticatedCloud Delivery: The Path from Simple to Sophisticated
Cloud Delivery: The Path from Simple to SophisticatedAkamai Developers & Admins
 
AWS Certified Solutions Architect Slides v.pdf
AWS Certified Solutions Architect Slides v.pdfAWS Certified Solutions Architect Slides v.pdf
AWS Certified Solutions Architect Slides v.pdfCarrie Tran
 
Asynchronous Services – A promising future for OSGi - T Ward
Asynchronous Services – A promising future for OSGi - T WardAsynchronous Services – A promising future for OSGi - T Ward
Asynchronous Services – A promising future for OSGi - T Wardmfrancis
 
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMwareInfrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMwareOpenStack
 
OpenNebulaConf 2016 - VTastic: Akamai Innovations for Distributed System Test...
OpenNebulaConf 2016 - VTastic: Akamai Innovations for Distributed System Test...OpenNebulaConf 2016 - VTastic: Akamai Innovations for Distributed System Test...
OpenNebulaConf 2016 - VTastic: Akamai Innovations for Distributed System Test...OpenNebula Project
 
Installing Hadoop / Spark from scratch
Installing Hadoop / Spark from scratchInstalling Hadoop / Spark from scratch
Installing Hadoop / Spark from scratchAndrey Vykhodtsev
 
Five Reasons Why You Should Be Thinking About FME Cloud If You Are Deploying ...
Five Reasons Why You Should Be Thinking About FME Cloud If You Are Deploying ...Five Reasons Why You Should Be Thinking About FME Cloud If You Are Deploying ...
Five Reasons Why You Should Be Thinking About FME Cloud If You Are Deploying ...Safe Software
 
Ceph Day San Jose - From Zero to Ceph in One Minute
Ceph Day San Jose - From Zero to Ceph in One Minute Ceph Day San Jose - From Zero to Ceph in One Minute
Ceph Day San Jose - From Zero to Ceph in One Minute Ceph Community
 
PLNOG15: Exascale future of today - Rob Bird
PLNOG15: Exascale future of today - Rob BirdPLNOG15: Exascale future of today - Rob Bird
PLNOG15: Exascale future of today - Rob BirdPROIDEA
 
OpenNebulaconf2017US: Vtastic:Akamai innovations for distributed system testi...
OpenNebulaconf2017US: Vtastic:Akamai innovations for distributed system testi...OpenNebulaconf2017US: Vtastic:Akamai innovations for distributed system testi...
OpenNebulaconf2017US: Vtastic:Akamai innovations for distributed system testi...OpenNebula Project
 
Scylla Summit 2018: Meshify - A Case Study, or Petshop Seamonsters
Scylla Summit 2018: Meshify - A Case Study, or Petshop SeamonstersScylla Summit 2018: Meshify - A Case Study, or Petshop Seamonsters
Scylla Summit 2018: Meshify - A Case Study, or Petshop SeamonstersScyllaDB
 
Webinar: OpenStack Best Practices for Production
Webinar: OpenStack Best Practices for ProductionWebinar: OpenStack Best Practices for Production
Webinar: OpenStack Best Practices for ProductionPlatform9
 
OpenStack Atlanta Summit - IBM, SoftLayer, and OpenStack: Present and Future
OpenStack Atlanta Summit - IBM, SoftLayer, and OpenStack: Present and FutureOpenStack Atlanta Summit - IBM, SoftLayer, and OpenStack: Present and Future
OpenStack Atlanta Summit - IBM, SoftLayer, and OpenStack: Present and FutureMichael Fork
 
CHAI by Wanclouds for OpenStack Operations
CHAI by Wanclouds for OpenStack OperationsCHAI by Wanclouds for OpenStack Operations
CHAI by Wanclouds for OpenStack OperationsZayad Bin Tariq Malik
 
ActiveMQ Performance Tuning
ActiveMQ Performance TuningActiveMQ Performance Tuning
ActiveMQ Performance TuningChristian Posta
 
How we lose etu hadoop competition
How we lose etu hadoop competitionHow we lose etu hadoop competition
How we lose etu hadoop competitionEvans Ye
 
Cloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutionsCloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutionsYevgeniy Brikman
 
Improving Apache Spark for Dynamic Allocation and Spot Instances
Improving Apache Spark for Dynamic Allocation and Spot InstancesImproving Apache Spark for Dynamic Allocation and Spot Instances
Improving Apache Spark for Dynamic Allocation and Spot InstancesDatabricks
 

Ähnlich wie Edge 2014: Bypass Surgery - Akamai's Heartbleed Response Case Study (20)

OpenNebulaConf 2013 - Keynote: Clone your Network with OpenNebula by Thomas H...
OpenNebulaConf 2013 - Keynote: Clone your Network with OpenNebula by Thomas H...OpenNebulaConf 2013 - Keynote: Clone your Network with OpenNebula by Thomas H...
OpenNebulaConf 2013 - Keynote: Clone your Network with OpenNebula by Thomas H...
 
Cloud Delivery: The Path from Simple to Sophisticated
Cloud Delivery: The Path from Simple to SophisticatedCloud Delivery: The Path from Simple to Sophisticated
Cloud Delivery: The Path from Simple to Sophisticated
 
AWS Certified Solutions Architect Slides v.pdf
AWS Certified Solutions Architect Slides v.pdfAWS Certified Solutions Architect Slides v.pdf
AWS Certified Solutions Architect Slides v.pdf
 
Asynchronous Services – A promising future for OSGi - T Ward
Asynchronous Services – A promising future for OSGi - T WardAsynchronous Services – A promising future for OSGi - T Ward
Asynchronous Services – A promising future for OSGi - T Ward
 
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMwareInfrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
 
OpenNebulaConf 2016 - VTastic: Akamai Innovations for Distributed System Test...
OpenNebulaConf 2016 - VTastic: Akamai Innovations for Distributed System Test...OpenNebulaConf 2016 - VTastic: Akamai Innovations for Distributed System Test...
OpenNebulaConf 2016 - VTastic: Akamai Innovations for Distributed System Test...
 
Installing Hadoop / Spark from scratch
Installing Hadoop / Spark from scratchInstalling Hadoop / Spark from scratch
Installing Hadoop / Spark from scratch
 
Five Reasons Why You Should Be Thinking About FME Cloud If You Are Deploying ...
Five Reasons Why You Should Be Thinking About FME Cloud If You Are Deploying ...Five Reasons Why You Should Be Thinking About FME Cloud If You Are Deploying ...
Five Reasons Why You Should Be Thinking About FME Cloud If You Are Deploying ...
 
AEM OpenCloud
AEM OpenCloudAEM OpenCloud
AEM OpenCloud
 
Ceph Day San Jose - From Zero to Ceph in One Minute
Ceph Day San Jose - From Zero to Ceph in One Minute Ceph Day San Jose - From Zero to Ceph in One Minute
Ceph Day San Jose - From Zero to Ceph in One Minute
 
PLNOG15: Exascale future of today - Rob Bird
PLNOG15: Exascale future of today - Rob BirdPLNOG15: Exascale future of today - Rob Bird
PLNOG15: Exascale future of today - Rob Bird
 
OpenNebulaconf2017US: Vtastic:Akamai innovations for distributed system testi...
OpenNebulaconf2017US: Vtastic:Akamai innovations for distributed system testi...OpenNebulaconf2017US: Vtastic:Akamai innovations for distributed system testi...
OpenNebulaconf2017US: Vtastic:Akamai innovations for distributed system testi...
 
Scylla Summit 2018: Meshify - A Case Study, or Petshop Seamonsters
Scylla Summit 2018: Meshify - A Case Study, or Petshop SeamonstersScylla Summit 2018: Meshify - A Case Study, or Petshop Seamonsters
Scylla Summit 2018: Meshify - A Case Study, or Petshop Seamonsters
 
Webinar: OpenStack Best Practices for Production
Webinar: OpenStack Best Practices for ProductionWebinar: OpenStack Best Practices for Production
Webinar: OpenStack Best Practices for Production
 
OpenStack Atlanta Summit - IBM, SoftLayer, and OpenStack: Present and Future
OpenStack Atlanta Summit - IBM, SoftLayer, and OpenStack: Present and FutureOpenStack Atlanta Summit - IBM, SoftLayer, and OpenStack: Present and Future
OpenStack Atlanta Summit - IBM, SoftLayer, and OpenStack: Present and Future
 
CHAI by Wanclouds for OpenStack Operations
CHAI by Wanclouds for OpenStack OperationsCHAI by Wanclouds for OpenStack Operations
CHAI by Wanclouds for OpenStack Operations
 
ActiveMQ Performance Tuning
ActiveMQ Performance TuningActiveMQ Performance Tuning
ActiveMQ Performance Tuning
 
How we lose etu hadoop competition
How we lose etu hadoop competitionHow we lose etu hadoop competition
How we lose etu hadoop competition
 
Cloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutionsCloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutions
 
Improving Apache Spark for Dynamic Allocation and Spot Instances
Improving Apache Spark for Dynamic Allocation and Spot InstancesImproving Apache Spark for Dynamic Allocation and Spot Instances
Improving Apache Spark for Dynamic Allocation and Spot Instances
 

Mehr von Akamai Technologies

Akamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Technologies
 
Replacing recovery with resilience
Replacing recovery with resilienceReplacing recovery with resilience
Replacing recovery with resilienceAkamai Technologies
 
Competitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven DifferentiationCompetitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven DifferentiationAkamai Technologies
 
3 Reasons You Need Proactive Protection Against Malware
3 Reasons You Need Proactive Protection Against Malware3 Reasons You Need Proactive Protection Against Malware
3 Reasons You Need Proactive Protection Against MalwareAkamai Technologies
 
3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access ModelAkamai Technologies
 
새로운 원격 접속 모델이 필요한 3가지 이유
새로운 원격 접속 모델이 필요한 3가지 이유새로운 원격 접속 모델이 필요한 3가지 이유
새로운 원격 접속 모델이 필요한 3가지 이유Akamai Technologies
 
更新遠端存取模式的 3 大理由
更新遠端存取模式的 3 大理由更新遠端存取模式的 3 大理由
更新遠端存取模式的 3 大理由Akamai Technologies
 
应该采用全新远程访问模式的 3 大原因
应该采用全新远程访问模式的 3 大原因应该采用全新远程访问模式的 3 大原因
应该采用全新远程访问模式的 3 大原因Akamai Technologies
 
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと きAkamai Technologies
 
3 razões chegou a hora de um novo modelo de acesso remoto
3 razões chegou a hora de um novo modelo de acesso remoto3 razões chegou a hora de um novo modelo de acesso remoto
3 razões chegou a hora de um novo modelo de acesso remotoAkamai Technologies
 
3 motivi per cui è necessario un nuovo modello di accesso remoto
3 motivi per cui è necessario un nuovo modello di accesso remoto3 motivi per cui è necessario un nuovo modello di accesso remoto
3 motivi per cui è necessario un nuovo modello di accesso remotoAkamai Technologies
 
3 raisons de changer votre modèle d'accès à distance
3 raisons de changer votre modèle d'accès à distance3 raisons de changer votre modèle d'accès à distance
3 raisons de changer votre modèle d'accès à distanceAkamai Technologies
 
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...Akamai Technologies
 
3 Gründe für eine neue Art des Remotezugriffs
3 Gründe für eine neue Art des Remotezugriffs3 Gründe für eine neue Art des Remotezugriffs
3 Gründe für eine neue Art des RemotezugriffsAkamai Technologies
 
Customer Technology Day Chicago 2015
Customer Technology Day Chicago 2015Customer Technology Day Chicago 2015
Customer Technology Day Chicago 2015Akamai Technologies
 
Edge 2014: MPEG DASH – Tomorrow's Format Today
Edge 2014: MPEG DASH – Tomorrow's Format TodayEdge 2014: MPEG DASH – Tomorrow's Format Today
Edge 2014: MPEG DASH – Tomorrow's Format TodayAkamai Technologies
 
Key Reasons Customers Choose Akamai
Key Reasons Customers Choose Akamai Key Reasons Customers Choose Akamai
Key Reasons Customers Choose Akamai Akamai Technologies
 
Site Shield Product Brief - Origin defense by cloaking web infrastructure and...
Site Shield Product Brief - Origin defense by cloaking web infrastructure and...Site Shield Product Brief - Origin defense by cloaking web infrastructure and...
Site Shield Product Brief - Origin defense by cloaking web infrastructure and...Akamai Technologies
 
Prolexic Routed Product Brief - DDoS defense for protecting network and data ...
Prolexic Routed Product Brief - DDoS defense for protecting network and data ...Prolexic Routed Product Brief - DDoS defense for protecting network and data ...
Prolexic Routed Product Brief - DDoS defense for protecting network and data ...Akamai Technologies
 

Mehr von Akamai Technologies (20)

Akamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Intelligent Edge Security
Akamai Intelligent Edge Security
 
Replacing recovery with resilience
Replacing recovery with resilienceReplacing recovery with resilience
Replacing recovery with resilience
 
Competitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven DifferentiationCompetitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven Differentiation
 
3 Reasons You Need Proactive Protection Against Malware
3 Reasons You Need Proactive Protection Against Malware3 Reasons You Need Proactive Protection Against Malware
3 Reasons You Need Proactive Protection Against Malware
 
3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model
 
새로운 원격 접속 모델이 필요한 3가지 이유
새로운 원격 접속 모델이 필요한 3가지 이유새로운 원격 접속 모델이 필요한 3가지 이유
새로운 원격 접속 모델이 필요한 3가지 이유
 
更新遠端存取模式的 3 大理由
更新遠端存取模式的 3 大理由更新遠端存取模式的 3 大理由
更新遠端存取模式的 3 大理由
 
应该采用全新远程访问模式的 3 大原因
应该采用全新远程访问模式的 3 大原因应该采用全新远程访问模式的 3 大原因
应该采用全新远程访问模式的 3 大原因
 
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き
 
3 razões chegou a hora de um novo modelo de acesso remoto
3 razões chegou a hora de um novo modelo de acesso remoto3 razões chegou a hora de um novo modelo de acesso remoto
3 razões chegou a hora de um novo modelo de acesso remoto
 
3 motivi per cui è necessario un nuovo modello di accesso remoto
3 motivi per cui è necessario un nuovo modello di accesso remoto3 motivi per cui è necessario un nuovo modello di accesso remoto
3 motivi per cui è necessario un nuovo modello di accesso remoto
 
3 raisons de changer votre modèle d'accès à distance
3 raisons de changer votre modèle d'accès à distance3 raisons de changer votre modèle d'accès à distance
3 raisons de changer votre modèle d'accès à distance
 
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...
 
3 Gründe für eine neue Art des Remotezugriffs
3 Gründe für eine neue Art des Remotezugriffs3 Gründe für eine neue Art des Remotezugriffs
3 Gründe für eine neue Art des Remotezugriffs
 
Chicago Tech Day Jan 2015: RWD
Chicago Tech Day Jan 2015: RWDChicago Tech Day Jan 2015: RWD
Chicago Tech Day Jan 2015: RWD
 
Customer Technology Day Chicago 2015
Customer Technology Day Chicago 2015Customer Technology Day Chicago 2015
Customer Technology Day Chicago 2015
 
Edge 2014: MPEG DASH – Tomorrow's Format Today
Edge 2014: MPEG DASH – Tomorrow's Format TodayEdge 2014: MPEG DASH – Tomorrow's Format Today
Edge 2014: MPEG DASH – Tomorrow's Format Today
 
Key Reasons Customers Choose Akamai
Key Reasons Customers Choose Akamai Key Reasons Customers Choose Akamai
Key Reasons Customers Choose Akamai
 
Site Shield Product Brief - Origin defense by cloaking web infrastructure and...
Site Shield Product Brief - Origin defense by cloaking web infrastructure and...Site Shield Product Brief - Origin defense by cloaking web infrastructure and...
Site Shield Product Brief - Origin defense by cloaking web infrastructure and...
 
Prolexic Routed Product Brief - DDoS defense for protecting network and data ...
Prolexic Routed Product Brief - DDoS defense for protecting network and data ...Prolexic Routed Product Brief - DDoS defense for protecting network and data ...
Prolexic Routed Product Brief - DDoS defense for protecting network and data ...
 

Kürzlich hochgeladen

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Kürzlich hochgeladen (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

Edge 2014: Bypass Surgery - Akamai's Heartbleed Response Case Study

  • 1.
  • 2. Bypass Surgery and Other Tales Brian Sniffen
  • 3. ©2014 AKAMAI | FASTER FORWARDTM Akamai Security Research & Architecture • Crypto engineering expertise • Technical backstop • Product review • Akamai Architecture Group seat • Safety engineering • Incident management
  • 4. ©2014 AKAMAI | FASTER FORWARDTM 2014: The Year of Vulnerabilities “You people in InfoSec have become the Product Managers!” Yes, and we can’t wait to get out of that role. • Heartbleed • INRIA-Prosecco Cookies • Shellshock 2009 2010 2011 2012 2013 2014 1 0 0 1 1 3+ 2008 1
  • 5. ©2014 AKAMAI | FASTER FORWARDTM Akamai Incident Management Principles • Technical Incident Manager (TIM) coordinates all work • Incident Executive communicates upwards, shields TIM • GSS Business Incident Leads manage customer comms • No single-point harm can cause a Severity 1 Incident • A hot meal and 6 hours sleep fix more problems than an all-nighter • If the TIM becomes an SME, get a new TIM
  • 6. ©2014 AKAMAI | FASTER FORWARDTM We tell ourselves who we wish to be: • Akamai says thank you. • Akamai doesn't respond to name calling, but does respond to the useful technical content. • Akamai presents itself as a responsible and respected member of the Internet community. • Akamai will use this incident to improve both its own security and the general security of the Internet. • Akamai can laugh at itself.
  • 7. ©2014 AKAMAI | FASTER FORWARDTM Heartbleed mail From: Brian Sniffen Date: 7 Apr 2014 21:34:08 Subject: Sev 1: Heartbleed Will, I'm contacting you because you're the Ghost SME on call. I'm looking for evidence to refute the statement: "The Heartbleed bug can’t extract long-term customer private keys from a Ghost; we put them only in a wired, mmaped page way lower on the stack."
  • 8. ©2014 AKAMAI | FASTER FORWARDTM Heartbleed Timeline April 1: Notice; QA begins April 4: last Akamai Deployed Systems patched April 7, 1pm: Public Notice April 7, 6pm: What did we leak? April 8, 1am: Working exploit in Akamai lab April 9–12: Hastily publish Akamai Secure Allocator April 13, 11pm: Begin cert rotations & revocations
  • 9. ©2014 AKAMAI | FASTER FORWARDTM “Don’t worry, we restored the old functionality” April 14, 6am: “Why is this message in the old log format?” A “Manual Change” had restored an old version.
  • 10. ©2014 AKAMAI | FASTER FORWARDTM The Akamai Secure Memory Allocator • 1999 code • One author, three redactors • State machine inspired by CLOS “advice” system Turns out it works fine Code Secure Heap mmap’d file Long-term Allocations Heap
  • 11. 70% 90% 95% # of certs ©2014 AKAMAI | FASTER FORWARDTM Cert Revocation Progress 21 Apr 28 Apr 5 May 12 May 19 May 26 May 2 Jun 9 Jun 16 Jun 23 Jun 30 Jun
  • 12. ©2014 AKAMAI | FASTER FORWARDTM Learning from Heartbleed Nobody’s paying for OpenSSL! Practice in mass, fast, patching Practice in releasing helpful patches Simplicity promotes safety.
  • 13. ©2014 AKAMAI | FASTER FORWARDTM Shellshock Timeline Sep 23, 12pm: Notice from Florian Weimer, Debian Security Sep 23, 9pm: Manual change: replace bash wish dash; Patches started Sep 24, 5am: WAF rule in place SSH command= systems made safe Sep 24, 12pm: Public Notice Sep 25: “Kobrin Patch” to remove dangerous feature Sep 28: bash mostly replaced with dash on deployed network
  • 14. ©2014 AKAMAI | FASTER FORWARDTM Bash patches Pre-release: • Embargoed patch: 195 lines, 7 files (1/6 CVEs) • Kobrin patch: 2 lines, 1 file (6/6 CVEs) Post-release: • NetBSD patch: 3 lines, 2 files (6/6 CVEs) • Fixed patch: 164 lines, 11 files (6/6 CVEs) • Apple patch: unpublished (exposure unclear)
  • 15. ©2014 AKAMAI | FASTER FORWARDTM SSH command= limits ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFnHfYyS5onAN72oFpaopm+/yKbRy/ TCwpt7Tmw3lk0P bts@tereva.evenmere.org-2014-03-19 command="/a/bin/akamai_run suspend" ssh-ed25519 AAAAB3NzaC1yc2EAAAADAQABAAABAQDKVmNk8leXjKkWZUHQjJIT zrX+n1aa1xfBwK9Yp42q bsniffen@akamai.com-example-2014-10-01 V=“() { :;}; /bin/bash” ssh example.com :
  • 16. ©2014 AKAMAI | FASTER FORWARDTM Akamai Shellshock exposures Client ssh Authgate Server 1 Server 2 Perforce Server 3 https ssh Web Kerberos CGI
  • 17. ©2014 AKAMAI | FASTER FORWARDTM Solaris 10 “We don’t have any Solaris 10 admins”
  • 18. ©2014 AKAMAI | FASTER FORWARDTM Who’s looking? 13000 IPs probing per day
  • 19. ©2014 AKAMAI | FASTER FORWARDTM Learnings from Shellshock Nobody’s paying for Bash. And it was written in the 1980s! Simplicity promotes safety.
  • 20. ©2014 AKAMAI | FASTER FORWARDTM The New Normal • Two or three internet-wide patching incidents per year • Enterprise-wide compliance takes months • Trust less code. • Trust code less. • Treat upstream code like you wrote it? • Homework: set up 24/7 contacts and Security contacts