APT defense based on cloud computing security

In recent years, with the rapid development of Internet technology, the dependence of the network has been enhanced year in, and cloud computing and cloud computing security naturally become the research focus. Cloud computing security allows people to enjoy the security services from the network, and the full use of cloud computing, it needs the security of cloud computing protection as a guarantee. The APT attack in the network also promoted the research of APT defense.

1 Cloud computing Security status

Traditional IT systems are closed and controlled by independent departments, while in cloud computing security, all data, it infrastructures, and network architectures are exposed to the cloud, with no control over the surrounding environment, and the use of virtualization technology by cloud computing systems also brings many disadvantages.

Network, first of all, in cloud computing, its environment has no topological boundaries, multiple business systems share the same physical infrastructure, as shown in the network topology of the cloud computing system, the virtual machines located on a server may not be in the same security zone after virtualization with cloud technology. Virtual machines located on multiple servers are in the same security zone. Second, in virtualized environments, data between virtual machines located on a single server can be exchanged for data through virtual switches that are not visible to the external network.

Storage, in the cloud environment, all data is stored in the cloud, and the storage space of the cloud is not known by the user. On the other hand, in order to ensure the security and confidentiality of cloud data, the cloud data is encrypted, and it can not search for valid data in a short time by using the method of data search and analysis.

2 traditional APT defense based on cloud computing security

From the analysis of technical means, the complexity of apt attack can be divided into two aspects.

(1) Using multiple channels and different ways to collect information

The defense against this is that no matter what channel an attacker attacks, it must be performed on a personal computer. Although it can prevent apt attack, but the operator has the opportunity to enter into the cloud, query a large amount of data, it can cause data leakage.

(2) from the perspective of interdisciplinary

Apt attacks have numerous frontiers of intersection, as shown in Fig. 2. For this kind of apt attack's defense, it uses the Big Data analysis detection scheme, but has the high demand to the server running speed, therefore cannot be widely used.

3 Cloud computing Security Defense improvements

For large enterprises, cloud computing set up a file whitelist, security policy and server level, its full network of files can be cloud query, cloud audit and cloud identification, and ultimately realize monitoring and defense apt attack.

For a core server, you can use the Advanced security policy, that is, other than the specified file, all other files can not run, to prevent the possibility of confidential information being compromised. This advanced security policy only shuts down the core files, and the server runs well, does not affect the user's normal use, and greatly increases the security of the server. For small and medium enterprises, the defensive improvement is as follows.

(1) Perimeter network security

Firewall is a blockade mechanism built on the boundary of internal and external network, which is considered to be safe and reliable, while the external network has security hidden trouble. Firewall through monitoring, restricting, changing the data flow across the firewall, greatly protect intranet security.

(2) Host Layer Security

For enterprise internal core servers and key user computers to do a unified security management, that is, the installation of genuine enterprise-type anti-virus software. Because the enterprise version of antivirus software is the advantage of the client management, and facilitate the collection of the entire network security situation. Authenticate the user name and password of the network user, it is the core line of defense against illegal access, and the user authentication on the important server must be changed frequently; then use the network control users and user groups to access files and other resources; You can specify the permissions that users can perform on these files and directory devices. Install operating system patches or database system patches in time to prevent 0day attacks.

(3) Data Layer Security

Digital signature is a process of signing and confirming both sides, providing the identification of the source of information, guaranteeing the integrity and non-repudiation of the information, and providing solutions to the problems of forgery, impersonation and tampering.

(4) Enhance safety awareness

Today's information security is no longer a product-only solution, it can be a safe and secure era. Even a detailed security policy can be destroyed by the wrong actions of people within the enterprise. For apt attack, promote user terminal use habit and safe operation Consciousness, prohibit employee to use U disk on important server, can defend apt attack effectively. Develop clear information security manuals, prohibit employees from clicking on spam and unknown links, understand current security threat trends and conduct reasonable terminal management, and prohibit employees from connecting laptops that have important information within the enterprise to the Internet in an unsecured environment.

4 concluding remarks

This paper studies the security Status of cloud computing and the traditional apt defense, and puts forward some measures to improve cloud computing security for small and medium-sized enterprises, such as security management and maintenance, core server security management and Enterprise document database permission control.