API Concepts

The following list provides a road map of all the conceptual objects you deal with when interacting with the SIA Configuration API, and provides pointers to where you can learn more.

  • Configurations: When you sign up for SIA, you receive a configuration and associated ID. This configuration contains settings for all of your sites, such as locations, policies, and quick lists. You can configure network configurations, global settings, and add or remove connectors to your base SIA configuration.

  • Sites: A site is a named collection of public IP addresses that belong to a region or geographic area in your network, such as a CIDR block for an office branch or company headquarters. Use sites to compare the query's source IP with the IPs of configured sites. A site configuration must include the IP address of your Active Directory or other local DNS server used to communicate with SIA.

  • Sub-locations: A sub-location represents different virtual local area networks (VLANs) in your network that are routed to the Internet with the same IP address as a parent location.

  • DNS Provisioning: Defines the IPv4 and IPv6 address information for the primary and secondary DNS recursive servers that are assigned to you. These DNS servers forward traffic from users to Akamai.

  • Policies: A policy is the rule set that defines how SIA handles known or suspected DNS threats. You assign a policy to a location or you can assign multiple locations to a policy.

  • DLP Dictionaries: Data loss prevention (DLP) allows to identify and block sensitive or confidential data that's uploaded from a corporate network and transmitted to the public Internet over an HTTP or HTTPS connection. A DLP dictionary contains the patterns or the regular expressions that are used to find this information.

  • Accepted Usage Policies (AUP): Defines how SIA handles violations to an Acceptable Use Policy (AUP). SIA enforces the policy by denying DNS queries from sources that have deemed inappropriate in the AUP, and returns an error page in response. SIA includes AUP categories for content that is traditionally blocked with an enterprise. AUP categories are configured in a policy as part of access control and application and visibility control (AVC). You add AUP categories to a policy and select an action for these categories.

  • Categories: The type of threat detected. The threat type can be malware, phishing, command and control (C&C), or another category.

  • Lists: A list is a set of domain and IP addresses, URLs and filehashes that are known or suspected to be malicious for a specific category of threat.

    • Akamai Lists: By default, each policy is configured with Akamai security lists. These security lists contain domains and IP addresses identified by Akamai as threats in the category assigned to the list. Various network security resources are used to maintain and update these lists.
    • Custom Lists: In a custom list configuration, you define the known and suspected values in a list and associate with a policy. You also select the action that SIA completes to handle a known or suspected threat to your network.
  • Custom responses: A custom response configuration allows you to direct suspicious traffic to a machine in your network where activity is recorded. Information about the user device that made the request is captured to discover the internal IP addresses of infected machines on the corporate network.

  • List Quota: When creating a custom list, each domain or IP address,URL and filehash entry is counted. You can have a total of 200,000 custom list entries.

  • Responses: When SIA receives a DNS query, it sends back a response. The responses must match the original query, which verifies there is a valid mapping from query type to response type.

  • Honeypots: A honeypot action directs a known or suspected malicious domain or IP address to a security device that monitors activity and collects information regarding the domain or IP address. When creating or editing a policy, you have the option to select a sinkhole as the action for the list.

  • Security Connectors: Forwards suspicious or malicious traffic to identify machines that are infected with malware, attempt to download malware, or make requests to command and control servers. They can also be used as an HTTP or DNS Forwarder.

  • Proxy Certificates: TLS certificates allow you to establish a secure connection using the public key provided by your certificate authority (CA). You can specify an Akamai-issued certificate or a customer-provisioned certificate using a trusted third-party CA.

  • Proxy Credentials: Enables the SIA Proxy to authorize connections from the on-premises proxy in a proxy chaining configuration. This setting adds the Proxy-Authorization header to these connections. The Proxy-Authorization header contains proxy credentials that are used to authenticate the on-premises proxy. ETP Proxy validates these credentials before it allows connections from the on-premises proxy.

  • Client Configurations: Enables managing client configurations. The apis include CRUD for the SIA clients and network configuration along with version management and ability to activate and deactivate on demand.

  • Configuration Deployments: After applying configuration changes to a site, policy, emergency list, or honeypot, you must deploy these changes to the SIA network to ensure the changes take effect. Changes typically deploy within 20-30 seconds.
    For example, when you add or modify a location, the configuration changes are not propagated to the SIA network until the deploy operation is complete.