Shulou(Shulou.com)06/02 Report--

With the deepening of enterprise cloud, security strategy has become a key issue to be considered in the construction of enterprise cloud. How to use cloud computing safely and effectively to carry out their own business? This article will briefly share the security building ideas of cloud tenants: know yourself and know each other, and control the security risk within an acceptable range.

(1) know yourself

Knowing yourself may be the hardest or the most important. Different enterprises have different cloud systems or projects, and business systems or projects have different degrees of importance. the first thing an enterprise should do is to analyze its own business system and arrange the security budget according to the importance of the business system and the rate of return.

(2) know the other side

In the process of operation, the enterprise cloud business system is faced with many security threats, and effectively identifying the possible sources of security threats is the premise of building a cloud security defense system. So, what security threats may business systems on the enterprise cloud face?

* * (1) Network layer: denial of service attack

Distributed denial of Service (DDoS) is the most violent, bloody and effective way, which can directly lead to bandwidth congestion of business systems on the enterprise cloud.

* * (2) Host layer: attack on CVM * *

The CVM is an important bearer of the business system on the enterprise cloud. Attackers invade the CVM through vulnerabilities such as cracking or configuration vulnerabilities to build botnets, steal data and extort money.

* * (3) Application layer: attack Web application vulnerabilities

Many systems on the enterprise cloud that provide services use HTTP/S Application Protocol (Web). Attackers take advantage of many loopholes that may exist in Web services to steal business system data or permissions.

* * (4) data layer: data theft or tampering

The data of the business system on the cloud may be stolen or tampered with in the process of transmission through the Internet, thus affecting data integrity and confidentiality.

(5) Operation and maintenance layer: operation and maintenance personnel violate the risk of operation

The business system on the enterprise cloud needs internal personnel for operation and maintenance operations, so how to prevent high-risk operation and maintenance operations is very important.

(VI) Compliance layer: national level protection

In June 2017, the National Cyber Security Law began to be implemented, and enterprise security construction is not only internally driven, but also legally driven.

(3) Security risk control

Enterprises sort out the importance of business systems on the cloud, combine the security risks that they may face, and begin to build a security system on the cloud:

(1) Cloud business system architecture

Through the use of cloud VPC (private network), build a logically isolated network environment that belongs to cloud tenants. In a VPC, create a VPC with a specified network disconnection, create a subnet in the VPC, manage cloud resources independently, and achieve security protection through the network ACL.

(2) Service port carding

Enterprises sort out the open IP, ports and services of various business systems, and only release the IP and port services that must be opened, so as to reduce the exposure.

(3) Security configuration baseline

Enterprises formulate and implement the internal baseline configuration of the cloud system according to their own conditions, such as Linux system security configuration baseline (shared account check, redundant account locking policy, ROOT remote account login limit, password complexity policy, password maximum lifetime policy, directory permission control, etc.).

(4) Cloud security solution

Adopt high defense service to control the risk of denial of service faced by the network layer

Using Web application firewall to control the risk of Web application vulnerabilities faced by the application layer

Use host detection to control the violent cracking, vulnerabilities and risks faced by the CVM

Using SSL certificate and database audit to control the risk of theft and tampering in data transmission and processing.

Fortress machine is used to control the risk of illegal operation and maintenance of internal operation and maintenance personnel in the enterprise.

The use of equal insurance consulting services to meet the national network security level protection compliance requirements.

UCloud Security Product selection Guide

(5) Emergency response plan

Security is relative, there is no absolute security. Enterprises should build their own security emergency response team or adopt third-party emergency response services to deal with possible security incidents.

(4) write at the end

The construction of safety system is inseparable from a comprehensive understanding of safety technology knowledge. in addition to relevant ideas and methods, we have also sorted out a technical learning map of safety engineers. I hope this map can help you better understand and master the knowledge system in the field of security. Need to be clear is that everything in the world can not be generalized, specific problems also need to be combined with the actual situation of specific analysis, practice can be true knowledge.

Website image compression will lead to part of the content is not clear, interested readers can click the link to download the free high-definition electronic version: https://static.ucloud.cn/002cbba594444c92a18a59ee370e6254.jpg

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.