KeyCDN Blog Using a Secure CDN to Accelerate Your Content

<p>Security is very important to us here at KeyCDN which is why we have various security features to help not only protect your content but also prevent unauthorized access to your CDN account. In this post we&rsquo;ll go over what makes KeyCDN a secure CDN and which features we provide to increase the security of your content and account.</p> <h2 id="the-importance-of-security">The Importance of Security</h2> <p>According to a survey conducted by <a href="https://www.telesign.com/" target="_blank" rel="nofollow noopener">TeleSign</a>, <strong>40% of users said they had a security incident in the last year</strong>, meaning they had an account hacked, password stolen, or were given a notice that their personal information had been compromised.</p> <p>One of the most common reasons for these incidents occurring is because people are not using a complex enough password. According to <a href="http://gizmodo.com/the-25-most-popular-passwords-of-2014-were-all-doomed-1680596951" target="_blank" rel="nofollow noopener">SplashData&#39;s annual list</a> that they compile, the top ten most widely used passwords are:</p> <ol> <li>123456</li> <li>password</li> <li>12345</li> <li>12345678</li> <li>qwerty</li> <li>123456789</li> <li>1234</li> <li>baseball</li> <li>dragon</li> <li>football</li> </ol> <p>These are definitely not the types of passwords we recommend using! Here is a good guide on <a href="http://www.bu.edu/infosec/howtos/how-to-choose-a-password/" target="_blank" rel="nofollow noopener">how to choose a strong password</a>. We also recommend using a free program like <a href="http://keepass.info/" target="_blank" rel="nofollow noopener">KeePass</a> or <a href="https://www.keepassx.org/" target="_blank" rel="nofollow noopener">KeePassX</a> which allow you to generate secure passwords and store them in a database locally on your computer.</p> <p>Moreover, here are a few alarming security facts over the past couple of years:</p> <ul> <li>21 percent of all files are not protected in any way. <a href="https://info.varonis.com/hubfs/2018%20Varonis%20Global%20Data%20Risk%20Report.pdf" target="_blank" rel="nofollow noopener">(Varonis)</a></li> <li>65 percent of companies have over 500 users who never are never prompted to change their passwords. <a href="https://info.varonis.com/hubfs/2018%20Varonis%20Global%20Data%20Risk%20Report.pdf" target="_blank" rel="nofollow noopener">(Varonis)</a></li> <li>In 2017 there was a 13 percent overall increase in reported system vulnerabilities. <a href="http://images.mktgassets.symantec.com/Web/Symantec/%7B3a70beb8-c55d-4516-98ed-1d0818a42661%7D_ISTR23_Main-FINAL-APR10.pdf?aid=elq_" target="_blank" rel="nofollow noopener">(Symantec)</a></li> </ul> <p>With that in mind, it&rsquo;s important to have secure infrastructure in place at all levels to minimize the threat of data breaches. Therefore, KeyCDN offers 3 powerful ways to help you protect your account from being compromised.</p> <h2 id="1-secure-cdn-account-with-two-factor-authentication">1. Secure CDN Account with Two-Factor Authentication</h2> <figure><img src="https://www.keycdn.com/img/blog/secure-cdn-two-factor-authentication.png" alt="secure cdn two factor authentication" class="img-fluid rounded"></figure> <p>The first account security feature KeyCDN offers is <a href="https://www.keycdn.com/support/enabling-two-factor-authentication">two factor authentication</a> which helps <strong>improve account security</strong> by requiring the user to provide two forms of authentication in order to log in. KeyCDN uses Google Authenticator to provide an authentication code which is used to log in. Follow the steps below on how to enable it on your account.</p> <ol> <li><p>Login to your KeyCDN dashboard and navigate to &ldquo;Account Settings&rdquo; → &ldquo;Authentication.&rdquo; Click on &ldquo;Enable 2 Factor Auth.&rdquo; <strong>Once this option is selected, two-factor authentication is immediately enabled. Be sure to continue with the following steps before logging out of your account.</strong> <figure><img src="https://www.keycdn.com/img/blog/enable-2-factor-authentication.png" alt="enable 2 factor authentication" class="img-fluid rounded"></figure></p></li> <li><p>Install the <a href="https://support.google.com/accounts/answer/1066447" target="_blank" rel="nofollow noopener">Google Authenticator</a> app on your device and add the two-factor authentication secret manually or scan the QR code provided on your screen. If you are on a Microsoft device you can also use the <a href="https://www.microsoft.com/en-us/store/apps/authenticator/9wzdncrfj3rj" target="_blank" rel="nofollow noopener">Authenticator</a> app. <figure><img src="https://www.keycdn.com/img/blog/2-factor-authentication-code.png" alt="2 factor authentication code" class="img-fluid rounded"></figure> The next time you log in to your account you will be required to enter in your username and password as well as your auth code. <figure><img src="https://www.keycdn.com/img/blog/keycdn-login-auth-code.png" alt="keycdn login auth code" class="img-fluid rounded"></figure> If you want to revert to simply using your username and password, you can disable the additional protection by turning off two-factor authentication in your account settings: <a href="https://app.keycdn.com/login">https://app.keycdn.com/login</a></p></li> </ol> <h2 id="2-secure-cdn-account-by-restricting-ip-addresses">2. Secure CDN Account by Restricting IP Addresses</h2> <figure><img src="https://www.keycdn.com/img/blog/secure-cdn-by-ip-address.png" alt="secure cdn by ip address" class="img-fluid rounded"></figure> <p>KeyCDN also offers the ability to secure your CDN account by setting up <strong>account access rules</strong>. This allows you to restrict the access to your account by IP (/32) or network (e.g. /24). You can look up your public IP using KeyCDN&rsquo;s <a href="https://tools.keycdn.com/geo">IP location finder</a> tool.</p> <figure><img src="https://www.keycdn.com/img/blog/ip-location-finder.png" alt="ip location finder" class="img-fluid rounded"></figure> <p>Follow the steps below to enable this on your account.</p> <ol> <li><p>Login to your KeyCDN dashboard and navigate to &ldquo;Account Settings&rdquo; → &ldquo;Access Rules.&rdquo; Click on &ldquo;Add Rule.&rdquo; <strong>Note: Be careful with this feature as you could prevent yourself from accessing your account, especially if you have dynamic IPs.</strong> <figure><img src="https://www.keycdn.com/img/blog/secure-cdn-account-access-rules.png" alt="secure cdn account access rules" class="img-fluid rounded"></figure></p></li> <li><p>Enter in your IP address or a range of IPs, such as <code>110.10.10.10/32</code> and click &ldquo;Add.&rdquo; <figure><img src="https://www.keycdn.com/img/blog/add-ip-restriction-range.png" alt="add ip restriction range" class="img-fluid rounded"></figure></p></li> </ol> <h2 id="3-account-notifications">3. Account Notifications</h2> <p>Lastly, to keep you notified of any account activity, KeyCDN also offers <a href="https://www.keycdn.com/support/account-notifications">account notifications</a> which will alert the account owner of a <strong>successful login</strong> or a <strong>change in origin URL.</strong> The login notification sends an email to the account owner with information such as the username, login time, and the IP address of the user that logged in. The origin change notification sends the user an email providing them with the zone that was modified, the changed origin URL address, and the time that the change took place.</p> <p>Follow the steps below to enable this on your account.</p> <ol> <li>Login to your KeyCDN dashboard and navigate to &ldquo;Account Settings&rdquo; → &ldquo;General.&rdquo; Click on &ldquo;Edit Account Details.&rdquo;</li> <li>You can enable one or both notifications by selecting &ldquo;enabled&rdquo; and clicking &ldquo;Save.&rdquo; <figure><img src="https://www.keycdn.com/img/blog/cdn-account-notifications.png" alt="cdn account notifications" class="img-fluid rounded"></figure></li> </ol> <p>You can disable these at any time from within account settings.</p> <h2 id="automated-keycdn-security-features">Automated KeyCDN Security Features</h2> <p>KeyCDN also provides several other security features and upgrades in the background. We do this to offer superior protection while at the same time giving our customers the ability to take advantage of the latest and greatest software improvements. Below are 3 automated features we run in the background to enhance security for all.</p> <h3 id="1-tls-upgrades">1. TLS Upgrades</h3> <p>At KeyCDN, we pride ourselves on being ahead of the curve in terms of implementing new, stable technology that is known to make the web faster and more secure.</p> <p>That&rsquo;s why back in September of 2018, we were happy to announce that we launched <a href="https://www.keycdn.com/blog/tls-1-3-support">TLS 1.3 with 0-RTT support</a>. This newly updated version of TLS offers users both faster performance and improved security. Moreover, 0-RTT support actually negates the need for any round trip on existing connections which are resumed. Below, is a diagram showing the difference between 1-RTT and 0-RTT.</p> <figure><img src="https://www.keycdn.com/img/blog/0-rtt-vs-1-rtt.png" alt="0 rtt vs 1 rtt" class="img-fluid rounded"></figure> <p>Furthermore, to take our commitment to web security a step further, we deprecated <a href="https://www.keycdn.com/blog/deprecating-tls-1-0-and-1-1">TLS versions 1.0 and 1.1</a> back in March of 2018. This decision was made due to the fact that these legacy versions of TLS simply don&rsquo;t offer the same level of protection as they once did. Much has changed since these versions of TLS were released and in order to provide the optimal level of security we strive for, these TLS versions were deprecated in favor for TLS 1.2 and 1.3.</p> <h3 id="2-automatic-ddos-protection">2. Automatic DDoS Protection</h3> <p><a href="https