If you've been thinking about moving your applications into the cloud but weren't sure how to best justify the investment, you can probably thank the North Koreans for helping to write your business case.
The distributed denial of service (DDoS) attacks - allegedly instigated by North Korea or its backers - that disrupted service for many federal agencies this month were successful because most of these agencies still publish web content on small, easily-saturated network links. Take a look at the two federal offices that were able to sustain the attack for the duration without loss of service - the websites for the White House and the Defense Department. It's no mystery that the White House site sits on servers hosted by Akamai, a distributed content delivery network that provides geo-centric services for content delivery. This means that a person accessing whitehouse.gov from San Francisco will talk to different servers than someone in Washington. The Akamai content network effectively load balances traffic, and this design was likely a key reason the White House wasn't affected by the attacks.
While the definition of cloud computing is still under development, I consider Akamai to be truly one of the original architects of the cloud computing model (although you won't find their site emblazoned with cloud computing marketing 'hype').
The capability that helped the White House fend off these attacks is closely related to another networking concept -- Anycast networking. Anycast is a concept that allows the same content to be served from different physical and geographic locations. This is at the heart of the denial of service problem. When an attacker directs an army of rogue computers at a target website, the hosts are in different locations, but their collective traffic is aggregated to overwhelm the target. However, if each bot in this group talks to a different server depending on its physical location, then you can reduce the overall effectiveness of the mob. This is an effective divide-and-conquer strategy that can help address the problem of DDoS attacks.
To Continue Reading: Click Here
----------------------------------------------
Source: blogs.govinfosecurity.com
By: Eric M. Fiterman
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment