Wave SSR to reshape the safety of industrial cloud platform in Hefei

Cloud computing resources, storage resources and network resources gathered together to form a huge pool of shared virtual IT resources, while increasing usability, but also put security issues on the cusp. How to ensure the security of the cloud platform is a problem that all cloud builders need to face. Recently, Hefei in the industrial cloud Platform Security construction process, select the Wave SSR operating system security enhancement System ("Wave SSR") to strengthen the platform, effectively enhance the security of the cloud platform.

Industrial cloud Platform brings high demand for safety

Cloud computing is profoundly changing the pattern of it architecture in various industries, and industrial enterprises are no exception. Large enterprises want to use cloud computing to cope with the objective law of diminishing scale effect, optimize resource allocation and give full play to resources overall advantage. The "industrial Cloud" was born in this context. Last year, the Ministry of Industry and Information technology proposed "industrial cloud" innovation services, and included in the Ministry of Information and Industrialization of the deep integration of the Special Action Plan (2013-2018). Hefei is the Ministry of Industry "Industrial cloud" innovative services of the pilot provinces and cities, will be through the industrial cloud service platform, to provide cloud office systems, industrial design, field pass functions such as service capabilities.

The industrial cloud platform in Hefei has brought higher IT management and usability, which has brought more powerful information capability support and the driving force of business model transformation to industrial enterprises. However, because of the characteristics of cloud computing and virtualization itself, security issues are more pronounced.

Similar to a large number of physical servers clustered in traditional data centers, a large number of virtual servers are clustered in cloud computing environments. The virtual machines running on the same physical server can easily cause mutual attacks, which cannot be prevented by physical isolation and hardware-based security protection, and the traditional security methods such as intrusion detection for physical machines need to be extended to the virtual machine level. Local servers and cloud virtual machines use the same operating system and applications, further increasing the likelihood of attackers exploiting vulnerabilities in these systems and programs for remote threats. Virtual machines are more vulnerable to attacks when programs move between local and cloud platforms.

In a cloud computing environment, dynamic migration of virtual machines is a common state of the system, but this common state poses a challenge to security policy, cloning and publishing virtual machines between physical servers, security policies may not be consistent, and may result in the rapid spread of configuration errors and other security vulnerabilities.

In addition, patch issues in traditional systems are more prominent in cloud computing environments. Industrial cloud Platform, enterprise users use cloud computing resources, need to be within their business scope of the system patching. Therefore, the maintenance of the patch more decentralized, but also brought greater security risks.

In the face of cloud computing's complex environment, how to minimize the security risks? In the construction of industrial cloud, Hefei used a non-governmental professional evaluation agency to participate in the assessment and investigation, security experts believe that the operating system is the core of the virtualized environment, as long as the security of the virtual machine operating system, Can solve these security risks in the cloud computing environment from the source.

The tide of consolidating the Qing and the SSR rebuilding industrial cloud Platform security

"In view of the construction of industrial cloud platform, wave SSR can be strengthened for physical machines and virtual machines to ensure the security of cloud platform operating system effectively." Security experts say. At present, the Hefei industrial cloud platform, deployed a set of wave SSR, including physical machines and virtual machine version, to ensure the security of the cloud platform operating system.

In the cloud computing environment, the security focus is to ensure that the virtual machine operating system security, as long as the security of each operating system, you can from the source to avoid attacks between virtual machines and remote threats. Wave SSR intercepts all kernel access paths, all files, processes, services, and permissions that comply with cloud platform rules are "released" and are shielded from the rules. The effect is similar to refactoring the original code technology of the operating system, with the benefit that it does not affect the user's business continuity. In this way, the cloud Platform's operating system to completely eliminate the hacker attacks, Confucianism and virus infection of the "living environment", but also fundamentally solve the problem between the virtual machine attack.

Wave SSR to build secure operating system environment

In view of the inconsistency of security policies brought by virtual machine migration, SSR can solve the problem of inconsistent security policy by implementing security zone isolation in cloud computing environment, and ensuring different security policies in different regions.

The problem of patching the operating system is no longer a problem after the wave SSR, because the wave SSR does not need to rely on the virus Behavior feature library to identify the attack, but instead uses the whitelist protection technique. As long as the SSR security policy is configured, the administrator will no longer need to carry out upgrades, patches, etc. for the operating system. From the discovery of vulnerabilities to the "vacuum" of the patch is not there, the system has a considerable ability to ' immune ' ability.

"Wave SSR helps the industrial cloud platform to achieve a significant increase in security capabilities, protect the security of important data and applications in cloud computing systems, fundamentally immune to current attacks on cloud computing operating systems, and prevent viruses, worms, and hacker attacks from destroying cloud computing operating systems and databases." Security experts say.

At present, cloud computing application scope has been gradually expanded, cloud environment security problem is more prominent. Tide SSR effectively protects the cloud platform through active defense mechanism, which provides an important choice for resolving security threats in cloud computing applications.