Using a Secure CDN to Accelerate Your Content
Security is very important to us here at KeyCDN which is why we have various security features to help not only protect your content but also prevent unauthorized access to your CDN account. In this post we’ll go over what makes KeyCDN a secure CDN and which features we provide to increase the security of your content and account.
The Importance of Security
According to a survey conducted by TeleSign, 40% of users said they had a security incident in the last year, meaning they had an account hacked, password stolen, or were given a notice that their personal information had been compromised.
One of the most common reasons for these incidents occurring is because people are not using a complex enough password. According to SplashData's annual list that they compile, the top ten most widely used passwords are:
These are definitely not the types of passwords we recommend using! Here is a good guide on how to choose a strong password. We also recommend using a free program like KeePass or KeePassX which allow you to generate secure passwords and store them in a database locally on your computer.
Moreover, here are a few alarming security facts over the past couple of years:
- 21 percent of all files are not protected in any way. (Varonis)
- 65 percent of companies have over 500 users who never are never prompted to change their passwords. (Varonis)
- In 2017 there was a 13 percent overall increase in reported system vulnerabilities. (Symantec)
With that in mind, it’s important to have secure infrastructure in place at all levels to minimize the threat of data breaches. Therefore, KeyCDN offers 3 powerful ways to help you protect your account from being compromised.
1. Secure CDN Account with Two-Factor Authentication
The first account security feature KeyCDN offers is two-factor authentication which helps improve account security by requiring the user to provide two forms of authentication in order to log in. KeyCDN uses Google Authenticator to provide an authentication code which is used to log in. Follow the steps below on how to enable it on your account.
- Login to your KeyCDN dashboard and navigate to “Account Settings” → “Authentication.” Click on “Enable 2 Factor Auth.” Once this option is selected, two-factor authentication is immediately enabled. Be sure to continue with the following steps before logging out of your account.
- Install the Google Authenticator app on your device and add the two-factor authentication secret manually or scan the QR code provided on your screen. If you are on a Microsoft device you can also use the Authenticator app. The next time you log in to your account you will be required to enter in your username and password as well as your auth code. If you want to revert to simply using your username and password, you can disable the additional protection by turning off two-factor authentication in your account settings: https://app.keycdn.com/login
2. Secure CDN Account by Restricting IP Addresses
KeyCDN also offers the ability to secure your CDN account by setting up account access rules. This allows you to restrict the access to your account by IP (/32) or network (e.g. /24). You can look up your public IP using KeyCDN’s IP location finder tool.
Follow the steps below to enable this on your account.
- Login to your KeyCDN dashboard and navigate to “Account Settings” → “Access Rules.” Click on “Add Rule.” Note: Be careful with this feature as you could prevent yourself from accessing your account, especially if you have dynamic IPs.
- Enter in your IP address or a range of IPs, such as
188.8.131.52/32and click “Add.”
3. Account Notifications
Lastly, to keep you notified of any account activity, KeyCDN also offers account notifications which will alert the account owner of a successful login or a change in origin URL. The login notification sends an email to the account owner with information such as the username, login time, and the IP address of the user that logged in. The origin change notification sends the user an email providing them with the Zone that was modified, the changed origin URL address, and the time that the change took place.
Follow the steps below to enable this on your account.
- Login to your KeyCDN dashboard and navigate to “Account Settings” → “General.” Click on “Edit Account Details.”
- You can enable one or both notifications by selecting “enabled” and clicking “Save.”
You can disable these at any time from within account settings.
Automated KeyCDN Security Features
KeyCDN also provides several other security features and upgrades in the background. We do this to offer superior protection while at the same time giving our customers the ability to take advantage of the latest and greatest software improvements. Below are 3 automated features we run in the background to enhance security for all.
1. TLS Upgrades
At KeyCDN, we pride ourselves on being ahead of the curve in terms of implementing new, stable technology that is known to make the web faster and more secure.
That’s why back in September of 2018, we were happy to announce that we launched TLS 1.3 with 0-RTT support. This newly updated version of TLS offers users both faster performance and improved security. Moreover, 0-RTT support actually negates the need for any round trip on existing connections which are resumed. Below, is a diagram showing the difference between 1-RTT and 0-RTT.
Furthermore, to take our commitment to web security a step further, we deprecated TLS versions 1.0 and 1.1 back in March of 2018. This decision was made due to the fact that these legacy versions of TLS simply don’t offer the same level of protection as they once did. Much has changed since these versions of TLS were released and in order to provide the optimal level of security we strive for, these TLS versions were deprecated in favor for TLS 1.2 and 1.3.
2. Automatic DDoS Protection
DDoS attacks can be one of the biggest disruptors to a website’s infrastructure. In 2018, DDoS attacks upwards of 1.7Tbps were launched thus bringing certain websites to a crawl for hours.
Protecting against a DDoS attack isn’t always easy however KeyCDN has implemented various layers of protection to detect and rectify any possible DDoS attacks. In fact, we have built an entirely custom infrastructure just to handle DDoS mitigations. This ensures that if an attack does take place that things are routed accordingly to unaffected POPs/edge servers so that visitors don’t incur any downtime.
3. Bad Bot Protection
There is a multitude of bots who crawl the Internet every day. Some bots such as Googlebot or Bing bot are trying to determine the type of content you have on your site so that it can be properly indexed in their search engines. However, other bots crawl websites with malicious intent which cannot only impose security risks but also uses up bandwidth which costs you money.
To help combat this, KeyCDN offers a bad bot protection feature where we maintain a list of known bad bots and block them automatically from accessing your CDN content. This feature simply requires that you enable the “Block Bad Bot” feature in your KeyCDN Zone.
Once done, bad bots will receive a 451 error when trying to access your content thus protecting both your content and your KeyCDN credits.
Additional Security Hardening Options
In addition to securing your CDN account, KeyCDN has many other security features available.
- CSRF (Cross Site Request Forgery) validation
- Secure Tokens
- HTTP Strict Transport Security
- Cross-origin resource sharing (CORS)
- Shared and Custom SSL (free custom SSL certificates also available via our Let’s Encrypt integration)
We highly recommend KeyCDN users take advantage of the security features above to better secure your CDN account. If anything, they will help add peace of mind knowing that your account is safe and it is hardened against unauthorized access in the future.