The internet has changed our lives, and cloud computing is changing the Internet. In the future, only need a notebook or a mobile phone, you can through the network services to achieve everything we need. But, the great convenience, also contains the great danger, whether cloud computing will provide a newer and bigger "stage" for the network hacker? Does its open posture open up the Dora box and run out of countless demons from inside? In the face of these puzzles, how do we build a "security cloud" environment? In this regard, Fei TA (China) Technical director Li Hongkei that the key in the information security architecture on how to protect the "public cloud" and "private cloud" common security.
The application of new network era is more complicated
New forms that bring new security issues. Li Hongkei that the application of the new network era, mainly embodied in: Network application of centralized evolution, social network to enhance the interaction and infiltration of individuals, network terminals gradually become a resource transfer station, sharing and application of security threats to the carrier, the diversity of application threats seamless intrusion, network security presents robustness, virtualization, centralized situation; Business centralization expands the level of security defenses; The terminal becomes the neural node of the cloud network.
The architecture of the telecom operation network can be described as "cloud", "pipe" and "End", "end" namely individual user, mobile user and desktop user, including enterprise user. In the overall architecture, security is divided into three points, one is the access point, to the end user, the other is the pipeline layer, the last one is to provide the security of the cloud itself, if the cloud itself has problems, then eventually sent to the end of the cloud services can not be a good service.
On the security threats to the Cloud Network Center, there is an increase in penetration behavior of hackers from the external Internet, the hijacking of cloud center internal hosts to the external network, the intrusion of malicious virus software on cloud network hosts and the formation of zombie hosts ... In the Cloud Center remote interconnection and operational management of security issues, let people deeply feel the "dark clouds" of the possibility.
Emphasize information security architecture, provide visual security
With regard to the security of the public cloud, which is centralized in the above business, Li Hongkei that the first step in the overall architecture is to consider the security of the cloud. China's cloud architecture development, there are three stages: architectural services, platform services, and finally hope to achieve software-oriented services. Software-level services, that is, in the cloud, in addition to the platform, all databases, users can freely run all their own programs, do not need any system, as well as hardware, software equipment facilities.
At this level, users are most concerned about their private cloud and other private clouds that are separated from each other to ensure individual security and privacy. Based on this, Li Hongkei believes that users must be provided with visual security. In the cloud of security, everything to application-oriented, not technology as a guarantee, do not pay attention to which part of the firewall, focus on and determine the application and application objects, no longer discuss the details, but focus on security.
According to relevant survey data, the number of malicious content of Web pages in China ranked second, accounting for around 20% of the world, Web application vulnerabilities have become the mainstream of infiltration direction, 49% of the Web application contains a high risk level of vulnerability, can be directly attacked by automatic tools. Regarding the security of the Web platform interface, Li Hongkei analysis points out that the security of web products is now mainly through the way of proxy operation, the need to use group technology more systematic. Data and storage security as the primary consideration, for cloud computing centers, the storage of data needs to be effectively monitored.
Three-dimensional defense, building an integrated security cloud service
In the case of cloud architecture, the flight Tower defense is three-dimensional, multi-dimensional all-round defense. Li Hongkei pointed out that the safety of the flight tower to the main object, to security technology division, regardless of any network, basically divided into four objects, basic network architecture, user desktop, business analysis, database. Within the framework of the entire cloud system, the Flying Towers provide the trinity of boundaries, from borders to servers, to databases, to the complete system of virtualized desktops.
On this basis, the concept is a safe fusion technology, the flying Tower is concerned about the protection of objects, as well as the operation of the safe operation of protection. The three-dimensional safety protection design provided by the company is a visual security defense technology, a reliable high-performance structure, a trusted security Cloud service network, and provides an integrated security cloud service in the network layer and application layer. And can be in a large number of network pressure under the circumstances, at a gateway to carry out multi-layer protection treatment.
In addition, in the Cloud Computing Center, the tower also deploys innovative, high-performance safety integration equipment. By means of virtualization, all devices are safely and smoothly handled by traction. At the web level, a cleaning method is used to isolate, scan, and restore the data to the cloud platform.
In the Cloud Center virtualization fusion Security Structure design, the flying tower at the network exits to the traffic attack protection and the blocking carries on the two-way fusion security defense, and supports the centralized virtual device isolation, provides the security policy based on the business group. The Unified safety Management concept (UTM) can effectively reduce the safety management investment, improve the maintenance efficiency and reduce the overall operating cost.
About the Security service system, Li Hongkei said, the future hope to achieve is the software-level service architecture. Operators can cooperate with manufacturers, for a variety of security threats can be updated at any time, to provide some push the central service, and in an interface, to provide users with 7 * 24 hours of perfect service system, as well as some emergency services.
Safety comes from behind, and flying towers makes life better on the web.
Security comes from the power behind. Flying Tower is headquartered in the United States, the world's leading network security equipment suppliers and the Unified Threat Management (UTM) market leader. Since its inception, for the global enterprises, service providers and government units to simplify the IT security architecture for the various industries in the field of information security escort.
The flying Tower side said will continue to exert force, for enterprise customers to display a unique reassuring cloud strength, in order to better meet the growing security needs of enterprises and markets, fully assist customers to enjoy efficient, leading, high-end cloud technology. In the new network era, more free to enjoy the good life of the network.
(Responsible editor: The good of the Legacy)