Akamai and other Content Delivery Networks (CDNs) are a perfect example of engineers solving a problem (fast delivery of content/highly available content/content with robust anti-denial of service capabilities) only to cause serious security headaches for IT networking professionals.
These CDNs take the control completely out of the content users' hands on where they can go to get the content. For instance, you cannot ensure that you will only get the content from US based servers. You cannot control access to CDNs using IP based firewall rules.
In other words, CDNs completely break the paradigm of statefull packet inspection (SPI). I guess this is why Palo Alto Networks says that the days of SPI only firewalls are over.
Recent Comments