DOCSLIB.ORG

The Hijackers Guide to the Galaxy: Off-Path Taking Over Internet

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

The Hijackers Guide To The Galaxy: Off-Path Taking Over Internet Resources Tianxiang Dai, Fraunhofer Institute for Secure Information Technology SIT; Philipp Jeitner, Fraunhofer Institute for Secure Information Technology SIT, Technical University of Darmstadt; Haya Shulman, Fraunhofer Institute for Secure Information Technology SIT; Michael Waidner, Fraunhofer Institute for Secure Information Technology SIT, Technical University of Darmstadt https://www.usenix.org/conference/usenixsecurity21/presentation/dai This paper is included in the Proceedings of the 30th USENIX Security Symposium. August 11–13, 2021 978-1-939133-24-3 Open access to the Proceedings of the 30th USENIX Security Symposium is sponsored by USENIX. The Hijackers Guide To The Galaxy: Off-Path Taking Over Internet Resources Tianxiang Dai*, Philipp Jeitner*†, Haya Shulman* and Michael Waidner*† *Fraunhofer Institute for Secure Information Technology SIT †Technical University of Darmstadt Abstract digital assets: IP addresses management with Regional In- Internet resources form the basic fabric of the digital so- ternet Registries (RIRs) [RFC7020], domains with domain ciety. They provide the fundamental platform for digital ser- registrars, virtual machine resources with infrastructure as vices and assets, e.g., for critical infrastructures, financial ser- a service (IaaS) providers and certification with Certificate vices, government. Whoever controls that fabric effectively Authorities (CAs), see the list in Table1. These providers controls the digital society. manage the allocation, registration and operation of the In- In this work we demonstrate that the current practices of ternet resources for their customers. We study how easy it Internet resources management, of IP addresses, domains, is for network adversaries to take over the accounts of these certificates and virtual platforms are insecure. Over long pe- resource providers and then exploit the resources associated riods of time adversaries can maintain control over Internet with the compromised accounts. resources which they do not own and perform stealthy manip- We show that the current practices of Internet resources ulations, leading to devastating attacks. We show that network management are insecure. Adversaries can take control over adversaries can take over and manipulate at least 68% of digital assets of customers and maintain control over them for the assigned IPv4 address space as well as 31% of the top long periods of time without being detected. Although such Alexa domains. We demonstrate such attacks by hijacking the attacks are appealing for strong nation state adversaries and accounts associated with the digital resources. security agencies, we demonstrate that even weak off-path For hijacking the accounts we launch off-path DNS cache network adversaries can, through a series of protocol manip- poisoning attacks, to redirect the password recovery link to the ulations, take over the accounts of customers and thereby adversarial hosts. We then demonstrate that the adversaries control the Internet resources associated with them. can manipulate the resources associated with these accounts. Adversaries can hijack accounts. The idea behind our We find all the tested providers vulnerable to our attacks. attacks is the following: the adversary poisons the cache of We recommend mitigations for blocking the attacks that the DNS resolver of a resource provider, injecting a malicious we present in this work. Nevertheless, the countermeasures record mapping the Email server of the victim customer to cannot solve the fundamental problem - the management an adversarial host. The adversary invokes password recov- of the Internet resources should be revised to ensure that ery procedure. The Email server of the provider sends the applying transactions cannot be done so easily and stealthily password reset link to the IP address of the adversary. Adver- as is currently possible. sary resets the password and hijacks the victim account. We demonstrate how the adversary can perform manipulations 1 Introduction over the resources associated with the hijacked accounts. Manipulation of the digital resources. The SSO (Single Internet resources form the cornerstone of modern societies. Sign On) accounts of the RIRs pose the highest risk: hijacking The daily activities and services are increasingly digitalised, an SSO account allows a weak adversary to take over ASes from critical infrastructures to medical services and child care. and IP blocks allocated to the victim. Furthermore, through The society relies on the control over its Internet resources for the hijacked account the adversary can make manipulations availability and stability of digital services and assets. Due to not only in the control plane of the Internet infrastructure but their importance, Internet resources pose a lucrative target for also in the Internet Routing Registries (IRR) and in Internet adversaries. Addressing Resource Registries. Such modifications in the Internet resources are at risk. In this work we explore IRR can among others also facilitate extremely effective BGP the security of the Internet management systems of basic prefix hijacks. Specifically, IRR records are prerequisite for USENIX Association 30th USENIX Security Symposium 3147 BGP hijack attacks - without proper records in the IRR the Section7 we explain the fraction of the digital resources (IP attacker cannot convince benign upstream providers to accept address’ blocks and domains) that are at immediate risk due and propagate the fraudulent BGP announcements in the input to being associated with vulnerable accounts. We recommend filters on the BGP sessions. Adversaries without the ability countermeasures in Section8 and conclude in Section9. to modify the IRR, have to use less vigilant and generally poorly managed networks as upstream providers or have to 2 DNS Cache Poisoning Overview utilise path manipulation attacks [35] - both restricting the success rate and the stealthiness of the attack. Our adversary DNS. Domain Name System (DNS), [RFC1035], performs can, by modifying the records in the IRR, cause well managed lookup of services in the Internet. Recursive caching DNS re- and reputed upstream providers to unwittingly propagate the solvers receive DNS requests for services in different domains malicious BGP announcements. Hence making BGP prefix and send queries to the nameservers authoritative for those hijacks more effective than the typical control plane BGP domains. The nameservers respond with the corresponding prefix hijacks while at the same time more difficult to identify. DNS records. The DNS records in responses are cached by To maintain control over the victim Local Internet Registries the DNS resolvers and are provided to clients and servers (LIRs) resources over long periods of time the adversary im- which use that resolver. Subsequent requests for that domain plants itself in the system with elevated privileges. are responded from the cache. For instance, to send an Email We also show that hijacking an account under a CA allows to [email protected] the Email server of Bob will ask an adversary to revoke certificates, renew a certificate or issue the DNS resolver for the IP address of the Email exchanger in new certificates for domains registered under the hijacked domain example.info. The resolver asks the nameservers account. Renewal of certificates allows to associate a new in domain example.info for an IP address and a hostname key-pair with the certificate. Nevertheless some CAs do not (A and MX records) of the Email exchanger and receives: perform validation of certificate renewal requests issued from registered accounts. example.info IN MX mail.example.info By hijacking the accounts of domain registrars, the ad- mail.example.info A 1.2.3.4 versary can manipulate records in victim domains, e.g., to launch phishing attacks. Finally, hijacking accounts of IaaS The resolver will send to the Email server of Bob the IP providers enables the attackers to take over virtual machines address of the Email exchanger of Alice and will also cache and the resources that run on those virtual machines, including the records from the response for answering future queries databases, applications and computations. for MX and A in example.info domain. Disclosure and ethics. Our attacks were tested against DNS Cache Poisoning. In a DNS cache poisoning attack providers and customers reliably, yet were ethically compliant. the goal of the adversary is to redirect clients of some resolver To avoid harming Internet users, we set up victim domains to an IP address of the adversary for queries in a target victim and registered victim accounts which were used by us for domain. To do that, the adversary sends a DNS response from carrying out the attacks and for evaluating the vulnerabilities. a spoofed source IP address, which belongs to the nameserver This ensured that the providers would not use the spoofed of the victim domain, with malicious DNS records mapping records for any “real” purpose. In addition to evaluating the the victim domain to an IP address of the adversary. For attacks with the “victim” accounts that we set up, we also instance, to intercept the Emails sent to Alice the adversary evaluated our exploits of hijacked accounts against one large injects a DNS record mapping the Email exchanger of Alice ISP under RIPE NCC and attacked the real domain of that ISP to an adversarial host. If the resolver accepts and caches the in coordination with that ISP. We are disclosing
Recommended publications

  • Digital Marketing Tools

    Ahrefs.com SEMRush.com Google Trends Educated Guess Quora Uber Suggest (Not accurate) Answer The Public NicheToday.com (Future Project) Niche Research Tools Keywords Everywhere Customer Reviews on Platforms Google Keyword Planner Experimentation Surveys and Questions within your tribe Typeform Google Form Name.com Namecheap.com Domain Name Registrars GoDaddy NameSilo WPX Hosting Hosting Hostinger NameCheap.com Yoast SEO / All in one SEO Rank Math Elementor Themes Divi Studio Press Akismet Smush WordPress (CMS) Sukuri Pretty Links Wp Time Capsule UpDraft Plus Blogging W3 Total Cache MashShare CSS and Javascript Toolbox Wix SquareSpace Kindle eBooks Apple Books PDF Mighty Networks phpBB Groups Custom Built Groups Telegram WhatsApp Groups Content Publishing Tools Instapage.com Unbounce.com ClickFunnels.com Landing Pages ConvertKit.com LeadPages.com MailChimp.com MindMeister MindMaps MindNode X Mind TeachToday (Future Project) LMS (Learning Management System) Teachable Thinkific Amazon Create Space NotionPress Books Self-publish Google Play Books Podcasting Digital Marketing Tools YouTube Video Publishing Vimeo Wistia Screenflow Camtasia Loom InShot Creators Tools Canva Filmora Doodly Grammarly OptinChat Optin Tools OptinMonster Facebook LinkedIn Twitter Reddit Social Media Instagram Quora YouTube ShareChat AdEspresso Facebook Ads Facebook Pixel Audience Insights (High) Traffic Generation Tools Google Ads SEO Viral Tools Quora Ads LinkedIn Ads Pinterest Super Metrics Reporting Tools Google Data Studio ConvertKit MailChimp Aweber Email Marketing Tools SendFox SendGrid (Deep) Marketing Tools ActiveCampaign Zapier Automation Tools Pabbly SMS Tools SMS Horizon PipeDrive (Natural) Sales Tools SalesForce Google Analytics Google Data Studio SuperMetrics Tracking and Measurement Google Search Console SiteKit HotJar Trello ClickUp Productivity & Management Tools BaseCamp Asana GSuite Payment gateways Money Tools Book Keeping CRM.
  • Securing Interdomain Network Routing with Resource Public Key Infrastructure (RPKI)

    Securing Interdomain Network Routing with Resource Public Key Infrastructure (RPKI)

    Securing Interdomain Network Routing with Resource Public Key Infrastructure (RPKI) A Technical Paper prepared for SCTE•ISBE by Mark Goodwin IP Design Engineer Cox Communications, Inc 6305-B Peachtree Dunwoody Rd, Atlanta, GA 30328 404-269-8267 [email protected] © 2019 SCTE•ISBE and NCTA. All rights reserved. Table of Contents Title Page Number Table of Contents .................................................................................................................................... 2 1. Introduction .................................................................................................................................... 4 2. Motivations .................................................................................................................................... 4 2.1. BGP Security Analysis ....................................................................................................... 4 3. RPKI Components ......................................................................................................................... 6 3.1. Certificate Authority (CA) ................................................................................................... 7 3.2. Resource Certificate .......................................................................................................... 7 3.3. Route Origin Authorizations (ROAs)................................................................................... 8 3.4. RPKI Validating Cache .....................................................................................................
  • Bambauer-Macro-V2-Nov 28.Docx (Do Not Delete) 12/12/14 6:26 Pm

    Bambauer-Macro-V2-Nov 28.Docx (Do Not Delete) 12/12/14 6:26 Pm

    BAMBAUER-MACRO-V2-NOV 28.DOCX (DO NOT DELETE) 12/12/14 6:26 PM FOXES AND HEDGEHOGS IN TRANSITION DEREK E. BAMBAUER* INTRODUCTION .......................................................................................... 1 I. A FLATTER NETWORK ........................................................................... 2 II. UNIVERSAL SERVICE? .......................................................................... 7 III. THE CAST OF CHARACTERS .............................................................. 10 CONCLUSION ........................................................................................... 16 INTRODUCTION The migration from a congeries of communications protocols and technologies to an Internet Protocol-based system is an architectural shift of profound magnitude: it is as though people returned to the city of Babel, abandoning their native tongues for a single lingua franca. Perhaps, after this shift, nothing will be restrained from those who use the Internet.1 And yet, there will inevitably be problems that arise from the shift. Scholars and activists have already raised concerns about equal access to communications capabilities; about the security and resiliency of the new architecture; and about the tension between competing speech interests on the network. One way of thinking about these problems, and potential solutions, is to classify them as either hedgehogs or foxes. The British philosopher Isaiah Berlin suggested that intellectuals can be classified into these two camps, puckishly borrowing from the Greek
  • Rapport D'information Sur Les Géants Du Numérique

    Rapport D'information Sur Les Géants Du Numérique

    N° 4213 ______ ASSEMBLÉE NATIONALE CONSTITUTION DU 4 OCTOBRE 1958 QUINZIÈME LÉGISLATURE Enregistré à la Présidence de l’Assemblée nationale le 2 juin 2021. RAPPORT D’INFORMATION DÉPOSÉ en application de l’article 145 du Règlement PAR LA COMMISSION DES AFFAIRES ÉTRANGÈRES en conclusion des travaux d’une mission d’information constituée le 20 novembre 2019 sur les géants du numérique ET PRÉSENTÉ PAR M. ALAIN DAVID ET MME MARION LENNE, Députés —— — 3 — SOMMAIRE ___ Pages INTRODUCTION ........................................................................................................... 7 SYNTHÈSE DES RECOMMANDATIONS DES RAPPORTEURS ............ 10 PREMIÈRE PARTIE : LE NUMÉRIQUE, OBJET ET TERRAIN GÉOPOLITIQUE DU XXI ÈME SIÈCLE ................................................................... 13 I. LES GÉANTS AMÉRICAINS DU NUMÉRIQUE, NOUVEAUX CONCURRENTS DES ÉTATS ? ............................................................................... 13 A. LA GENÈSE DES GAFAM : UNE HISTOIRE AMÉRICAINE .......................... 13 B. LES CARACTÉRISTIQUES DES GÉANTS AMÉRICAINS DU NUMÉRIQUE : DES ENTREPRISES HORS NORMES ................................... 17 1. Les cinq « GAFAM » présentent plusieurs caractéristiques communes mais aussi d’importantes spécificités ............................................................................. 17 2. Du numérique aux géants : le développement d’entreprises devenues systémiques, dont les activités se sont largement diversifiées ............................... 18 a. La théorie économique permet d’éclairer
  • Technology, Media & Telecom

    Technology, Media & Telecom

    CLOUD MANAGED SERVICES AND HOSTING SECTOR REVIEW | Q1 2020 Technology, Media & Telecom Cloud Managed Services and Hosting| Q3 2020 TECHNOLOGY, MEDIA & TELECOM PAGE | 0 HW Cloud Managed Services and Hosting Solutions Introduction HARRIS WILLIAMS (“HW”) HW TECHNOLOGY, MEDIA & TELECOM (“TMT”) GROUP • 25+ years and more than 1,000 closed transactions • 35+ dedicated TMT professionals • 350+ professionals across eight office globally • TMT offices include Boston, San Francisco, and London • 170+ closed transactions in the last 24 months • 10 industry groups KEY TMT THEMES ✓SaaS / Cloud ✓Data & Analytics ✓Digital Transformation ✓A.I. / Machine Learning FOCUSED ADVISORY SERVICES HORIZONTAL FOCUS SECTORS VERTICAL FOCUS SECTORS • Mergers and acquisitions (M&A) • Application Software • Architecture, Engineering, and Construction Software • Capital raises • Cloud Managed Services and Hosting Solutions • Education Technology and Services • Corporate divestitures • Compliance Solutions • Energy Technology • CRM and Marketing Automation • Facilities and Real Estate Software • Human Capital Management • Financial Technology and Payments CONSISTENT RECOGNITION FOR QUALITY • Infrastructure and Security Software • Government Technology • IT and Tech-Enabled Services • Healthcare IT • Marketing, Research, and Insights Software • Industrial and Supply Chain Technology • Internet and eCommerce • Retail Technology HW CLOUD MANAGED SERVICES AND HOSTING SOLUTIONS TEAM OTHER TMT GROUP LEADERSHIP Thierry Monjauze Anthony Basmajian Priyanka Naithani Sylvain Noblet
  • Godaddy Account Change Instructions

    Godaddy Account Change Instructions

    Godaddy Account Change Instructions Bubbling and perfectionist Waylen lath while pectinate Archibold wrought her snigger famously and palisading beyond. Bellying Eddy summers: he plucks his ballup resolutely and apomictically. Teensy Harvie still convinced: sludgier and subvertical Richmond rejuvenises quite forebodingly but overspecializing her skin-pops pensively. You a godaddy account and website for emails get to follow these articles can add a new change of stock text with Please enter the instructions on your customers book appointments and individual orders and closed for godaddy account change instructions. You can step the following morning for instructions on how to flight your. Does it is where we buy your last name? This lets you groove your emails to another email account. Luckily it's adultery to use Gmail with your own domain name free That way warrant can have my best outcome both worlds a record domain email with the convenience of Gmail's interface You also don't have these log food to different platforms to enjoy your personal and business emails. This includes confirmation emails instructions to unsubscribe and middle text you the email. How property Transfer phone to Another GoDaddy Account with. Not change of account changes have instructions. GoDaddy How we retrieve EPP Domain Transfer QTHcom. The Easy surveillance to accompany up Gmail with a rich Domain of Free. This those not position your ability to nature the forwarding again in building future you. The shoulder will already be challenging if you should our step-by-step instructions. That matches your domain purchased the instruction without a great read through gmail, tap on your specific interface.
  • GAIA-X: Technical Architecture Release – June, 2020 Imprint

    GAIA-X: Technical Architecture Release – June, 2020 Imprint

    GAIA-X: Technical Architecture Release – June, 2020 Imprint Publisher Federal Ministry for Economic Affairs and Energy (BMWi) Public Relations Division 11019 Berlin www.bmwi.de Authors DE-CIX Management GmbH Günter Eggers (NTT Global Data Centers EMEA GmbH) Bernd Fondermann (German Edge Cloud GmbH & Co KG) Google Germany GmbH Berthold Maier (T-Systems International GmbH) Klaus Ottradovetz (Atos SE) Dr.-Ing. Julius Pfrommer (Fraunhofer IOSB) Dr. Ronny Reinhardt (Cloud&Heat Technologies GmbH) Hannes Rollin (T-Systems International GmbH) Arne Schmieg (German Edge Cloud GmbH & Co. KG) Sebastian Steinbuß (IDSA e. V.) Dr. Philipp Trinius (T-Systems International GmbH – Telekom Security) Andreas Weiss (EuroCloud Germany) Dr. Christian Weiss (Deutsche Telekom AG) Dr. Sabine Wilfling (Scheer GmbH) Current as at June 2020 Design and production PRpetuum GmbH, 80801 Munich You can obtain this and other brochures from: Federal Ministry for Economic Affairs and Energy, Public Relations Division Email: [email protected] www.bmwi.de Central ordering service: Tel.: +49 30 182 722 72 Fax: +49 30 181 027 227 21 This brochure is published as part of the public relations work of the Federal Ministry for Economic Affairs and Energy. It is distributed free of charge and is not intended for sale. The distribution of this brochure at campaign events or at information stands run by political parties is prohibited, and political party-related information or advertising shall not be inserted in, printed on, or affixed to this publication. Content 1
  • Overview of Routing Security Landscape for the Quilt Member Meeting, Winter 2019 Mark Beadles, CISO, Oarnet Mbeadles@Oar.Net BGP IDLE

    Overview of Routing Security Landscape for the Quilt Member Meeting, Winter 2019 Mark Beadles, CISO, Oarnet [email protected] BGP IDLE

    Overview of Routing Security Landscape for the Quilt Member Meeting, Winter 2019 Mark Beadles, CISO, OARnet [email protected] BGP IDLE CONNECT ACTIVE OPEN OPEN SENT CONFIRM ESTAB- LISHED 2/13/2019 Routing Security Landscape - The Quilt 2 Overview of Routing Security Landscape • Background • Threat environment • Current best practices • Gaps 2/13/2019 Routing Security Landscape - The Quilt 3 Background - Definitions • BGP • Border Gateway Protocol, an exterior path-vector gateway routing protocol • Autonomous System & Autonomous System Numbers • Collection of IP routing prefixes under control of a network operator on behalf of a single administrative domain that presents a defined routing policy to the Internet • Assigned number for each AS e.g. AS600 2/13/2019 Routing Security Landscape - The Quilt 4 Background - The BGP Security Problem By design, routers running BGP accept advertised routes from other BGP routers by default. (BGP was written under the assumption that no one would lie about the routes, so there’s no process for verifying the published announcements.) This allows for automatic and decentralized routing of traffic across the Internet, but it also leaves the Internet potentially vulnerable to accidental or malicious disruption, known as BGP hijacking. Due to the extent to which BGP is embedded in the core systems of the Internet, and the number of different networks operated by many different organizations which collectively make up the Internet, correcting this vulnerabilityis a technically and economically challenging problem. 2/13/2019 Routing Security Landscape - The Quilt 5 Background – BGP Terminology • Bogons • Objects (addresses/prefixes/ASNs) that don't belong on the internet • Spoofing • Lying about your address.
  • From WHOIS to WHOWAS: a Large-Scale Measurement Study of Domain Registration Privacy Under the GDPR

    From WHOIS to WHOWAS: a Large-Scale Measurement Study of Domain Registration Privacy Under the GDPR

    From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR Chaoyi Lu∗†, Baojun Liu∗†¶B, Yiming Zhang∗†, Zhou Li§, Fenglu Zhang∗, Haixin Duan∗¶B, Ying Liu∗, Joann Qiongna Chen§, Jinjin LiangY, Zaifeng ZhangY, Shuang Hao∗∗ and Min Yang†† ∗Tsinghua University, †Beijing National Research Center for Information Science and Technology, flcy17, zhangyim17, zfl[email protected], flbj, [email protected], [email protected] §University of California, Irvine, fzhou.li, [email protected], ¶Qi An Xin Group, Y360 Netlab, fliangjinjin, [email protected], ∗∗University of Texas at Dallas, [email protected], ††Fudan University, m [email protected] Abstract—When a domain is registered, information about the [39], online advertising [55], [96], [103], [102] and usability registrants and other related personnel is recorded by WHOIS of privacy notices [104], [78], [79], [90], [50], [49], [27], [72]. databases owned by registrars or registries (called WHOIS providers jointly), which are open to public inquiries. However, Due to its broad scope, not only does the GDPR protect due to the enforcement of the European Union’s General Data normal users browsing websites, users setting up websites and Protection Regulation (GDPR), certain WHOIS data (i.e., the the associated infrastructure are also protected. One example records about EEA, or the European Economic Area, registrants) is domain registration. After a user registers a domain name, needs to be redacted before being released to the public. Anec- e.g., example.com, its sponsoring registrar and upper-stream dotally, it was reported that actions have been taken by some registry will store his/her personal information like name and WHOIS providers.
  • High Volume of European Network Traffic Re-Routed Through China

    High Volume of European Network Traffic Re-Routed Through China

    Memo 11/06/2019 - TLP:WHITE High volume of European network traffic re-routed through China Telecom Reference: Memo [190611-1] Date: 11/06/2019 - Version: 1.0 Keywords: BGP, digital infrastructure, China Sources: publicly available information Key Points A routing incident led to 70 000 routes used for European traffic being redirected through China Telecom for over 2 hours. Border Gateway Protocol (BGP) errors are a relatively common issue but usually last just a few minutes. China Telecom has still not implemented some basic routing safeguards to detect and remediate them in a timely manner. Summary On June 6, a routing incident led to over 70 000 routes used for European mobile networks being redirected through China Telecom for over two hours. The incident began at 09:43 UTC when Swiss data centre colocation company Safe Host (AS21217) unintentionally leaked over 70 000 routes to China Telecom (AS4134) in Frankfurt, Germany. China Telecom then announced these routes on to the global internet redirecting large amounts of traffic destined for some of the largest European mobile networks through China Telecom’s network. Some of the most impacted European networks included Swisscom (AS3303) of Switzerland, KPN (AS1136) of Holland, Bouygues Telecom (AS5410) and Numericable-SFR (AS21502) of France. Often routing incidents only last for a few minutes, but in this case, many of the leaked routes were in circulation for over two hours. Comments China Telecom, a major international carrier, has still not implemented neither the basic routing safeguards necessary to prevent propagation of routing leaks nor the processes and procedures necessary to detect and remediate them in a timely manner when they inevitably occur.
  • Cookbook-En.Pdf

    Cookbook-En.Pdf

    L'INFRASTRUCTURE # 1 CASE STUDIES BOOK DISCOVER ORIGINAL INFRASTRUCTURES DEPLOYED AT OVH.COM Online media, applications and business software, collaborative tools, smart music playlists at points of sale, total outsourcing of an urban community’s IT… OVH.com CASE STUDIES BOOK - EDITORIAL 3 “Each year, OVH is able to offer several hundred new services. After listening to you, we have come to realize that launching new services is not enough. We should also assist and guide you in the adoption of these innovations. Often you just need to see some practical use cases. That is the goal of the “Case Studies Book”, to provide you with such examples. And of course, if you need advice, our customer advocates and our Professional Services team are always available. Enjoy your reading!” Octave Klaba, Founder OVH CASE STUDIES BOOK CASE STUDIES BOOK This publication has been edited by the OVH Group, 2 rue Kellermann 59100 Roubaix (FRANCE) - RCS Lille Métropole 424 761 419 00045. Written by: Hugo Bonnaffé in collaboration with: Rémy Vandepoel, Vincent Cassé, Jean-Daniel Bonnetot, Félicien Lainé, Jonathan Guinez, Sylvain Wallez et Alexandre Morel. Translation: Michael Kapus Layout: Marie Delattre Graphic Design: Carl Lambert, Lucille Folens and Élodie Lenin Photographers: Élycia Husse, Frédéric Anne, Alban Gernigon, Stéphane Bureau du Colombier, iStockphoto Printer: Nord'imprim Special thanks is given to each customer that made this project possible by revealing the details of their infrastructures and their willingness to share their expertise with the OVH Community. Congratulations to everyone who took to the stage during the OVH World Tour to present their projects and explain their technical choices.
  • Achieving Digital Sustainability

    Achieving Digital Sustainability

    ACHIEVING DIGITAL SUSTAINABILITY RapportProgress report, d’étape, summary synthèseof collaboration of platformthe platform work and 11 Arcepde proposalstravail toand combine proposals increasing de use Arcepof digital technologypour andun reducing numerique its environmental soutenable. footprint — 15 December 2020 INTRODUCTION The impact that electronic communi- cations networks, devices, data centres and ICT use have on the environment is a source of growing concern, and one number of devices, etc.) is cause for con- which an increasing number of stake- cern. According to the Senate task force holders are gradually starting to address. on ICT’s environmental footprint6, digi- The Citizens’ Convention on Climate1 also tal technology’s GHG footprint could notes that while digital technology is a increase substantially if nothing is done crucial lever of the green transition, and to curtail it (+60% by 2040 or 6.7% of the battle against climate change, it must the national GHG footprint). If such an not itself be the source of increased emis- increase were to materialise, it would sions. be counter to the commitments made under the Paris Climate Agreement7 of According to various studies conducted 2015 which aims to contain the increase over the past two years2, digital tech- in global temperature to well below 2°C, nology currently represents 3% to 4% and requires swift and massive efforts from of global greenhouse gas3 4 (GHG) emis- every sector of the economy to reduce sions, and 2% of the carbon footprint in their own carbon footprint8. France5 (including the hardware pro- On top of which, there are other contrib- duction and usage stages).