Website Security – Interesting 65Gbps DDos Case Study

The web can be a scary place with all sorts of website and internet security issues that may arise when you’re running a public facing site. Issues like cross site scripting, SQL injection, email harvesting, comment spam, DDos attacks and others, occur on a daily basis.

There are many different ways to combat these problems with varying levels of success. The is a huge industry of web security software and tools out there. The industry is changing rapidly due to changes in infrastructure because of cloud computing. The one approach that does not work well (and never has) is the set it and forget approach that many people use when they create a new site. Since website security is an on-going challenge, it’s best to use professional level services and stay up to date with everything. Unfortunately, some of these services can be quite pricey.

We take website security and performance very seriously and offer a range of services in these areas. We use multiple services and techniques to protect all of the public (and private) sites we create. One of the methods is a security service called CloudFlare which we will describe below and walk through a case study they published over the weekend.  Here is a quick overview of the service: CloudFlare is a quickly growing, venture capital backed web security and performance start-up.

CloudFlare presently serves over 65 BILLION (yes Billion, not Million) pageviews a month across their network of sites they support.

Here is some perspective on their size from a VentureBeat article: “We do more traffic than Amazon, Wikipedia, Twitter, Zynga, AOL, Apple, Bing, eBay, PayPal and Instagram combined,” chief executive Matthew Prince told VentureBeat. “We’re about half of a Facebook, and this month we’ll surpass Yahoo in terms of pageviews and unique visitors.”

They have a great list of features:

  • Managed Security-As-A-Service
  • Completely configurable web firewall
  • Collaborative security and threat identification – Hacker identification
  • Visitor reputation security checks
  • Block list, trust list
  • Advanced security – cross site scripting, SQL injection, comment spam, excessive bot crawling, email harvesters, denial of service
  • 20+ data centers across globe
  • First-level cache to reduce server load and bandwidth
  • Site-level optimizations to improve performance

Over the weekend they had some interesting events happen in their European data centers and wrote a couple blog posts about it. Linked here and summarized below:

What Constitutes a Big DDoS?

A 65Gbps DDoS is a big attack, easily in the top 5% of the biggest attacks we see. The graph below shows the volume of the attack hitting our EU data centers (the green line represents inbound traffic). When an attack is 65Gbps that means every second 65 Gigabits of data is sent to our network. That’s the equivalent data volume of watching 3,400 HD TV channels all at the same time. It’s a ton of data. Most network connections are measured in 100Mbps, 1Gbps or 10Gbps so attacks like this would quickly saturate even a large Internet connection.

 

To launch a 65Gbps attack, you’d need a botnet with at least 65,000 compromised machines each capable of sending 1Mbps of upstream data. Given that many of these compromised computers are in the developing world where connections are slower, and many of the machines that make up part of a botnet may not be online at any given time, the actual size of the botnet necessary to launch that attack would likely need to be at least 10x that size.

 

In terms of stopping these attacks, CloudFlare uses a number of techniques. It starts with our network architecture. We use Anycast which means the response from a resolver, while targeting one particular IP address, will hit whatever data center is closest. This inherently dilutes the impact of an attack, distributing its effects across all 23 of our data centers. Given the hundreds of gigs of capacity we have across our network, even a big attack rarely saturates a connection.

 

At each of our facilities we take additional steps to protect ourselves. We know, for example, that we haven’t sent any DNS inquiries out from our network. We can therefore safely filter the responses from DNS resolvers. We can therefore drop the response packets at our routers or, in some cases, even upstream at one of our bandwidth providers. The result is that these types of attacks are relatively easily mitigated.

 

What was fun to watch was that while the customer under attack was being targeted by 65Gbps of traffic, not a single packet from that attack made it to their network or affected their operations. In fact, CloudFlare stopped the entire attack without the customer even knowing there was a problem. From the network graph you can see after about 30 minutes the attacker gave up. We think that’s pretty cool and, as we continue to expand our network, we’ll get even more resilient to attacks like this one.

Link to original post: http://blog.cloudflare.com/65gbps-ddos-no-problem

The big takeaway for us is that we’re in a better spot by using CloudFlare. There are very few security software tools or services out there that would be able to handle this sort of attack, mitigate it and then describe it in such a short period of time.

[gravityform id=”4″ name=”Subscribe to our Blog” description=”false” ajax=”false”]

Amazon EC2 Cloud Computing Cost Savings

This post is a long one and is part of an on-going series of some of the benefits we’ve identified in our experience in using Cloud Computing technologies, most notably Amazon Web Services (AWS) and different VMware products.

Overview

“The cloud”, specifically Amazon Web Services, has dramatically changed the landscape of High Performance Computing and Big Data Processing in recent years. Many things are computationally possible that would not have been a few short years ago. An organization can cost-effectively setup, launch and use a seemingly limitless amount of computing resources in minutes.

Most of the news media today is focused around using Hadoop on “Big Data”. SLTI has experience with this technology, but what happens if your task data set doesn’t fit nicely into this framework?? The writeup below is how we handled one such challenge.

Business Problem

The problem SLTI was trying to solve fits into the Business Intelligence/Data Mining area in the financial industry. The problem tested different inputs for an algorithm that is the basis for a quantitative equity trading system.
The algorithm had complex mathematical calculations and processing requirements across a large and diverse data set. The problem required testing a wide range of input parameters across four dimensions. The algorithm was tested across sixty-two different data sets. A summary of the size of the problem is shown to the right – We basically have to analyze 9.9 billion data points to come up with something actionable.

While the program logic is specific to the financial trading industry, it has many common concepts shared across different industries – engineering, legal services, etc. The question to ask is simple –

How many processing tasks have you had that you wished ran faster? Can they be split into multiple pieces and run in parallel? How can this be done cost-effectively?

Information Technology and Software Solution

Cloud Computing has dramatically changed the cost landscape of IT Infrastructure, especially for prototype or short run projects like this one. In a general sense, CPU cycles and RAM are cheap compared to the highly skilled labor required to improve performance by several orders of magnitude.

Our goal was simple – make the program to run a lot faster with minimal effort.

We have a large list of projects to be completed so development time is our most precious resource so we didn’t want to re-write the entire program. We kept the software changes and technology solution simple – it’s basically an 80/20 approach to setup the infrastructure and handle the code changes that still solves the problem, albeit in a less elegant fashion.

To accomplish our goal, we modified the program  to operate on a user-defined subset of the original data set. This allows the problem to be split into many small parts and spread apart across multiple servers. We can then distribute the pieces to each server to handle the processing for that subset.  

IT Infrastructure Architecture

In staying with a 80/20 simple solution first approach, we created a solution with the following pieces:

  1. Linux based application server (Amazon EC2 Amazon Machine Image (AMI), alternatively a VMware image could be created and converted to an AMI.
  2. Highly-Available, scalable, central filestore (Amazon S3)
  3. Master configuration data stored in Amazon S3

The cluster itself is comprised of sixteen cc2.8xlarge EC2 instances. Each instance has 88 Compute Units, has 2 x Intel Xeon E5-2670 processors (16 cores per instance), 60.5GB of RAM, 3370GB storage. The cluster provided 1408 Compute Units, 256 Cores and 968 GB of RAM.

The basic logic of the program goes something like this

  1. Load all required data into Amazon S3
  2. Launch the pre-configured AMI to run the program after the server launches
    • Get a specific subset of the data for the node from the central filestore
    • Update the master configuration data to notify the other nodes what data still needs to be processed before, during and after each test run.
    • Save the results to the central filestore
    • Shutdown the node after the work is completed

Cost Analysis

This is not intended to be a totally comprehensive cost comparison but rather a quick TCO comparison using some standard costs. To quickly do this, we used the AWS EC2 Cost Comparison Calculator on the bottom of this page.

SLTI’s EC2 based approach is roughly 99.5% cheaper than an in-house solution.  There are other similar examples of the ROI of an EC2 based approach for this type of workload here 

Key Takeaways

  1. Using the cloud enables a much more adaptive and scalable data processing infrastructure than in-house IT hardware.
  2. If you’re not using AWS (or something similar), you’re overpaying for IT infrastructure, especially for short run or highly variable workloads.

This post is a short overview on some of the ways we’re using advanced cloud computing technology to help our clients improve their IT agility and reduce IT expenses. We’re currently working on a few case studies that describe these concepts in more detail. To get updated with new research just sign up using the form on the right of this page.

If you’d like to explore a specific use case for your situation – please contact us

[gravityform id=”4″ name=”Subscribe to our Blog” description=”false” ajax=”false”]

Who is Solid Logic Technology Inc. (SLTI)?

As you may have noticed, our website has been updated over the past few days.  We thought this would be a good time to answer some questions. This post should give you a good idea of who we are and where we are headed.

We’re a Birmingham, Michigan based mobile application development start-up founded by two entrepreneurs – Eric Detterman and Ron Redmer – that love technology and have spent their entire careers around it.  We have developed web software, mobile apps, trading systems (stock, commodities, and currencies), photography systems, call center software, technology for the defense industry and many other things.  We have personally been involved in pretty much everything related to the IT industry –  software development (coding in most major programming languages and even some obscure ones), software development management (in-house, outsourced, offshore, etc.), hardware virtualization, ‘cloud computing’, advanced technologies, etc. Click here to view our management team bios.

Solid Logic Technology Inc. uses software and technology as a means to an end – it allows us to accomplish some goal for ourselves or our clients.  We build software to do cool things with mobile phones, cloud-based web servers and other cutting edge technology.  We try to align ourselves with the leaders in the IT industry – Apple, Google, Amazon, Facebook, Twitter, etc. We focus on bringing thought leadership and value to each client project.  We have managed internal data centers before but don’t anymore – everything we do runs securely in the cloud so we don’t have to think about it very much. This frees us up to focus on creating software.

What is SLTI going to blog about?

We’re going to blog about quite a few different topics. We’re going to use the blog as a way to communicate things we’ve learned throughout our careers and some of the cool things we come across day to day.  We’re going to have some posts specific to the work we do and some complex software and technology items for the geeks and we’ll also have a lot of things for everyone else too.

Business and Non-Technical Ideas

    • ‘Lean’ start-up concepts (http://en.wikipedia.org/wiki/Lean_Startup)
    • Outsourcing and ‘Virtual Assistants’– Business, Personal, Lifestyle
    • How to improve the workplace with technology and process improvements
    • How to work the same amount of time and get more done
    • IT Industry trends, reviews and commentary
    • Smart-Phone and Mobile Tablet Industry trends, reviews and commentary
    • Common software development errors
    • What works and what doesn’t work in software development projects
    • How to explain highly technical items to people who don’t care about or don’t understand the technical aspects
    • How to eliminate information overload (i.e. 200+ emails daily!)
    • Software and business risk reduction
    • IT software & service provider selection process
    • Our community involvement

Technical Ideas

    • New Technology – programming languages, techniques, development environments, virtualization
    • Cloud computing
    • iOS, iPhone, iPad, Android and Blackberry app development concepts
    • Mobile app and web integration
    • Open Source and proprietary software analysis
    • Software and tool reviews

So far these are our ideas. If you have any other ideas or suggestions – feel free to drop it in a comment or contact us. Since we’re still making changes and improvements to the site, please subscribe to the blog so we can keep you up to date with our progress.