Shulou(Shulou.com)05/31 Report--

This article analyzes "what is the principle of building a fortress machine". The content is detailed and easy to understand. Friends who are interested in "what is the principle of building a fortress machine" can read it slowly and deeply with the editor's train of thought. I hope it will be helpful to everyone after reading. Let's follow the editor to learn more about "what is the principle of building a fortress machine".

Whether it is the use of self-built fortress machines or some commercial solutions, the general principles will not change.

Principle 1: first, to establish the concept of a personal account, one person must have one account, never allow multiple people to share a personal account, let alone allow a common account to log on to the fortress machine.

Principle 2: the security level of each line of defense from the local machine to the server should be the same. Be sure not to log in to the jumping machine with very strong control, but when it comes to the business server, it is the person root or has the sudo permission.

Principle 3: there must be an operation log, recording each operation or recording all output after logging in to the fortress machine. In particular, dangerous operations must be reported to the police, in addition to being banned directly.

Principle 4: authentication, do not use a password to log in, it is recommended to use a personal token+ dynamic password. The logged-in machine needs to be physically verified, and the identity needs to be verified by mobile phone dynamic code.

Principle 5: user authorization, it is recommended to combine the company's internal CMDB to achieve one-to-one correspondence, different positions for different permissions, it is not recommended to manually maintain, there will be authority maintenance is not timely.

Principle 6: the network is isolated and the fortress machine itself can only be accessed by the company's intranet. Further, to achieve environmental isolation, for example, the production environment and test environment isolation; at the same time to achieve the isolation between businesses, different lines of business machines can not access each other.

Principle 7: high availability, the high availability of the fortress machine itself needs to be paid attention to, regular backup and emergency handling, alarm mechanism must be in place, and special personnel are needed for operation and maintenance.

This is the end of what is the principle of building a fortress machine. I hope the above content can improve everyone. If you want to learn more knowledge, please pay more attention to the editor's updates. Thank you for following the website!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.