How big websites ensure Network Security

First, the server uses private operating systems and databases. The so-called private systems are not completely written by themselves, but are all private and transformed, generally, the open-source operating system and database are used for transformation. For example, the operating system uses free bsd and the database uses mysql. When the number of website servers is hundreds, many websites start to implement this project, cost is an important factor, but more importantly, it is a security factor. Firewalls are not only expensive, but also seriously reduce efficiency, so they generally do not consider them.

During the transformation of the operating system, except for some command files required for communication, many command files are replaced with file names (Some people think this is a small trick), and a large number of functions are rewritten, hackers cannot obtain data even if they have the permission to sit in front of the server.

The Chief Security Officer of a website thinks that putting a door on others is not as good as giving people two ways to choose the correct or incorrect ones. All users who use wrong accounts and passwords to try the system, all of them are allowed to log on to a shell anonymously. The shell is very similar to the real system. Well, it is just like it, but it is actually an empty shell, all commands, it will be run at the minimum cost and the fake information interface will be called. Some even put traps in it to guide hackers to automatically send identity information or some other sensitive information. After all, hackers may send the information through overseas springboards. If not, websites are hard to obtain hacker identity information.

You can use your own security policies to defend against existing attacks. For example, if syn flood is used, the service quality is temporarily reduced and the waiting time for semi-connections is reduced. In this way, the connection success rate is reduced, but the service will not be stopped.

During idle time, fraudulent data streams often flow between the office network and servers, encrypted in a low-intensity encryption mode, allowing hackers to do something.

When the website's internal staff use the business system to log on to the website server, the interface is the same as that of the general server. All General commands can be executed by converting the business system to a dedicated Command of the private operating system, the internal staff of the website only seldom know the comparison of the conversion, and generally all of them are divided into powers for operating system development and are not responsible for server maintenance, you do not know where the operating system server installed with an internal version number is deployed.

The account and password must be transmitted through the secure messaging platform as required.

You have your own DNS servers deployed in different cities. All deployed applications have backup systems that are not in the same data center. The emergency response mechanism is configured in your own DNS server, use servers that carry other services for cross-border security status monitoring. For example, server A1 is A backup system of server A, and servers such as CDEFGH are used for security status monitoring and timed communication of server, and pass the signal of successful communication to the A1 server. When the failure rate exceeds A certain value, A1 automatically shares part of the pressure of, the previously undertaken non-timely services (non-customer-oriented, such as index services) on the A1 server are prioritized. So mutual monitoring between all servers ensures that monitoring is timely and effective through a mechanism. In this case, even if a DNS service provider is attacked, most of its websites can be accessed by users, because DNS in different regions have not been flushed yet, users can still use those DNS to connect to the website.

In general, the security of websites is greatly improved by using these methods.