Shulou(Shulou.com)06/01 Report--

What this article shares with you is about how to use CDN to prevent tampering, resist attacks, and control content. The editor thinks it is very practical, so I share it with you. I hope you can get something after reading this article.

After more than 10 years of technical precipitation and practice, CDN has gradually built an edge + cloud security network three-dimensional protection system from the traditional acceleration, providing a secure and reliable bridge for enterprises to the network from the dimensions of full-link secure transmission, edge defense of common attack types, enterprise-level exclusive resource deployment, operation and maintenance, and content security guarantee mechanism.

Basic security capability to ensure secure transmission of the whole link

Origin server protection

Due to the distributed architecture of CDN, users get the content by visiting the nearest edge node, and through such a springboard, the IP of the origin server is effectively hidden, thus decomposing the access pressure of the origin server. When a large-scale malicious attack comes, the edge node can be used as the first line of defense to greatly disperse the attack intensity. Even if it is a malicious request for dynamic content, Aliyun CDN's intelligent scheduling system can also unload the pressure on the origin server and maintain the stability of the system.

Second, tamper-proof ability

CDN provides enterprise-class full-link HTTPS+ node content tamper-proof capability to ensure the security of customer transmission from the origin server to the client. At the link transmission level, the link is guaranteed not to be hijacked by intermediate sources through the HTTPS protocol, and the origin server files can be verified on the node. If the content is inconsistent, the content will be deleted and pulled back to the origin. If the content is consistent, it will be distributed. The whole solution can ensure the security of the content in the origin server, link end, CDN node and client full link, and provide higher security transmission guarantee.

Access and authentication security

CDN can identify and filter the identity of visitors by configuring referer, User-Agent and IP blacklist and whitelist to limit access to resources, and set authentication Key to encrypt URL to achieve advanced hotlink protection and protect origin server resources. At the same time, the access restriction of blacklist IP is strengthened by building IP credit library.

1. DDoS cleaning

CDN provides marginalized application layer DDoS (CC protection capability) for enterprises, which can be monitored by IP,Header parameters, URL parameters and other dimensions, and data can be counted by times, status codes, request methods, and finally malicious access security interception, effectively ensuring the access of normal business volume. In the face of DDoS attacks at the network layer, CDN products and DDoS products can be linked to each other and can be distributed through CDN in the distribution scenario. When the DDoS attack occurs, the attack area can be detected, and the attack can be effectively dispatched to DDoS for protection and cleaning to effectively protect the origin server.

Through the linkage scheme, we can make effective use of massive DDoS cleaning, perfect defense against SYN, ACK, ICMP, UDP, NTP, SSDP, DNS, HTTP and other Flood.

II. WAF

CDN combines WAF capabilities to form the application layer protection capability at the edge, identify and protect business traffic from malicious features, and source normal and secure traffic to the server. Prevent the website server from being maliciously invaded, ensure the security of the core data of the enterprise business, and solve the problem of abnormal server performance caused by malicious attacks. CDN WAF provides virtual patches to provide quick fix rules for the latest vulnerabilities that have been exposed on the site. And rely on cloud security, fast vulnerability response speed, timely vulnerability repair ability.

Third, prevent brushing and creeping

In the face of malicious crawling of web crawlers, the CDN platform is based on the precipitated malicious IP library and malicious fingerprint database, and carries out accurate confrontation through machine learning capabilities close to business risks and customized crawler models, so as to reduce the impact of crawlers and automation tools on website business, ensure the data security of enterprises, and maintain the core business value of enterprises.

The exclusive use of CDN resources enhances the safety factor of enterprises

Aliyun CDN also provides exclusive resource solutions for business scenarios with strong security requirements, such as digital government affairs and large enterprises. First of all, CDN allows customers to achieve physical isolation through security acceleration nodes, build completely separately, deeply integrate security features, and provide advanced high-defense capability of a single node. Second, CDN provides exclusive IP resources to ensure that business security risks are isolated and will not be affected when others are attacked. Third, CDN supports single user independent scheduling domain, DNS attacks between users do not affect each other, and DNS Flood protection of millions of QPS.

Adhere to the "production" safety bottom line of content and platform

I. Health Compliance of platform content

Based on artificial intelligence and massive sample set, deep learning and training recognition model, accurately identify porn-related scenes in pictures accelerated by CDN, and provide multi-level identification and flexible control scheme according to the actual management and control needs of users. The overall accuracy of porn detection is more than 99%, which can replace more than 90% of manual audits and greatly reduce the risk of violations.

II. Convenience and safety of operation and maintenance

By simplifying the security acceleration architecture, it is more convenient for operators to carry out one-stop self-service configuration and API control, realizing daily attack monitoring and alarm, full-link troubleshooting, automatic protection and real-time panoramic data log viewing. At the same time, the escort and reinsurance response system during large-scale activities can assist enterprise applications to resist security risks and protect the stability of the system.

The above is how to use CDN to prevent tampering, attack, and control content. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.