Shulou(Shulou.com)06/01 Report--

The landlord starts with a story, which reminds me of the fact that the supercomputer was killed.

First of all, network security has not been a simple thing, and people have always had a mysterious and unknown understanding of *. We can disassemble and analyze complex things. first of all, we can divide the surface into seven layers of OSI, which are: physical layer, data link layer, network layer, transport layer, session layer, presentation layer and application layer.

Physical layer: a data transmission environment implemented by some basic hardware facilities. People have brought their own network equipment and servers when they purchase them, and they generally will not modify them, and there are fewer loopholes.

Data link layer: the well-known mac address works at this layer. Because of some standardized protocols, there is less work to be done at this level.

Network layer: ip address work area, we often through switches, routers, firewalls to set up a whitelist, divide the vlan to achieve secure transmission. Because ip address transmission does not check the source host, it is impossible to rely entirely on ip whitelist. It is recommended to use encryption technology * * and other methods to avoid this problem.

Transport layer: as we all know, TCP,UDP,*** often scans common ports to * some common services, and reduces the exposure to * by restricting and closing external ports.

Session layer, presentation layer and application layer: these three layers sometimes boil down to the application layer, mainly based on the fact that people use different systems and applications to present different forms. These three levels are not only the most open to everyone, standards and rules are changeable, but also have the greatest probability of problems. We can only try to require our code to be logical and less bug.

Through the brief description of the seven layers of OSI above, we will find that the main security measures are still in the network layer, transport layer, session layer, presentation layer and application layer, * also occur in these five layers.

-

Now let's talk about the difference between public cloud and self-built computer rooms in terms of security:

At the network layer and transport layer: at least one network engineer in the self-built computer room is familiar with the configuration and use of switches, routers, firewalls, and network planning, as well as general knowledge of network equipment security. Even so, you may encounter some unexpected situations, such as: you continue to encounter a large number of ddos***, if the bandwidth exceeds.

The bandwidth of the computer room doesn't matter if your site is no longer accessible to users. The public cloud only needs you to know the basic network knowledge, set up security groups for your host, configure port security scanning, and find problems in time, even if you encounter ddos*** public cloud security products.

It can also help you solve it.

Session layer, presentation layer and application layer: these three layers have always been vulnerability-prone areas, because some small and medium-sized companies like to use some open source projects or tools, and the quality of the code is uneven. The company does not have a corresponding security personnel reserve, which makes it easier to be used here. You can only recruit if you build your own computer room.

Hire appropriate security personnel to conduct code review, which many companies do not want to do. Because of the large volume of operators and relatively mature security products, public cloud can help people to complete the job better with lower cost.

Finally to the critical point, even if you go to the cloud, you can't guarantee your absolute safety. It's like a child with a sword and doesn't know how to wield it. Only by enhancing the awareness of network security, learning security knowledge, and mastering various security means can we make our website more secure.

Because the above is some of the contents of my previous reply, it is a little trivial.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.