Content distribution networks provide organizations who might experience a high volume of web traffic from around the world a way to satisfy that demand without building out massive web infrastructures. They also provide advanced security features that can protect web environments from many types of attack. Learn how CDNs function and the security advantages they can offer.
- [Narrator] Content Distribution Networks provide organizations who might experience a high volume of web traffic from around the world a way to satisfy that demand without building out massive web infrastructures. CDNs also provide advanced security features that can protect web environments from many types of attack. One quick note on terminology. Everyone agrees that this technology goes by the acronym CDN but people differ on what the D stands for. Most technologists describe CDNs as Content Delivery Networks.
The CISSP Body of Knowledge describes them as Content Distribution Networks so I'll use that term in this course. It's mostly just a matter of semantics but you should be aware that both CDNs are the same thing. When organizations expect a high volume of web traffic to their servers the natural response is to simply increase the capacity of their web server farm by adding more servers to meet additional demand. This can quickly become a cat and mouse game as usage increases, creating demand for even more servers.
There are some major disadvantages to this approach. First, adding servers is something that takes time. If you're dealing with physical servers you need to first recognize the need for additional capacity then spec out the servers that you'll need order them, wait for them to be delivered install them in your data center and then configure them as part of your web farm. That could take weeks. Second, web usage typically does not experience even demand over time. It's bursty.
If your organization is in the news runs a special sale, or has other periods of high interest you'll experience a very irregular usage pattern. This means that the extra capacity that you need to add to meet your time of highest demand will sit unused almost all of the time. Third, it's not just about servers. You'll also need to add other infrastructure components to support periods of high demand. For example, you'll need network bandwidth to serve the web content from those servers and that has the same issue with lead time and burstiness.
Finally, this scaling approach places all of your servers in one or two centralized locations. Everyone from around the world will need to reach out to those centralized locations to retrieve your web content. This means that people in far-flung locations will experience significantly slower response times than those located near your data center. Content Distribution Networks seek to address these issues by providing a shared web infrastructure that satisfies demand for your content through a network of dozens or hundreds of locations around the world that cache web content.
The organization's web server is fronted by a network of points of presence located around the world. These points of presence retrieve content from your web server and then cache it for local users. When users attempt to access your website they don't reach all the way back to your data center. Instead, they are routed to the nearest CDN point of presence and then retrieve content from there without touching your actual web infrastructure. There are several benefits to using a CDN.
First, CDNs provide on-demand scaling. They serve thousands of clients so they can balance out the peaks in demand among their many customers. Second, they are usually much more cost efficient than scaling web infrastructure. The CDN handles the provisioning of hardware, bandwidth and other infrastructure needs. Third, they place content close to the end user. A user in Eastern Europe will receive similar response time to one in North America or Asia. Finally, CDNs can provide security benefits.
Let's take a look at two of those. DDoS protection and web application firewalling. CDNs can protect organizations against distributed denial of service, or DDoS attacks. They have massive capacity that can absorb many DDoS attacks. And they can also perform filtering against known DDoS sources to prevent those attacks from reaching an organization's web infrastructure. CDNs can also add web application firewalling functionality outside of the organization's infrastructure.
Filtering out SQL injection, cross-site scripting and other attacks before they reach the web servers where they could do some harm.
Learn about communication and networking best practices, including TCP/IP networking, network security devices, and secure network design and management. Instructor and cybersecurity expert Mike Chapple also includes coverage of converged protocols, network encryption, and wireless networking. You can find Mike's companion study books for this series at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- IP addressing
- Switches and routers
- Content distribution networks
- Designing secure networks
- Specialized networking
- Managing secure networks
- Working with virtualized networks like SDNs
- Detecting and preventing network attaches
- Transport encryption
- Wireless networking
- Host security