Abstract: cloud era, network infrastructure is more complex, and the business and data running on it are more important. Whether it is e-commerce, Internet, medical, or finance, education and other industries, they are inseparable from the escort of security services. Only when the prerequisites for security work are guaranteed, can the development of other basic activities be guaranteed.
This article is shared from Huawei Cloud Community " 618 Technical Special (4) At the same time of crazy hand-picking, have you noticed the safety of e-commerce privacy? ", original author: technical torchbearer.
introduction:
There is a well-known rule in the safety industry—in 1941, the famous American safety engineer Heinrich proposed. He counted 550,000 mechanical accidents and found deaths or serious injuries, minor injuries or malfunctions, and no accidents. The ratio is 1:29:300. This rule also applies to cloud security. In other words, there are 29 successful intrusions behind every security incident, and there are more than 300 hidden dangers behind it. When a security incident occurs, it also has a perception of being above and below the iceberg. On the iceberg are the products and services that users can see; under the iceberg, more security capabilities need to be provided to carry the safety of users.
It's another 618 carnival a year. When every consumer compares prices, adds shopping carts, and every merchant is busy with new products and activities, they will ignore some vital e-commerce security issues. Various types of attacks involving information security, such as malicious attacks, data theft, and Trojan horse attacks. Security issues are usually overlooked, but once they occur, there are endless troubles.
Today, HUAWEI CLOUD takes you in-depth analysis to understand the security issues in various scenarios of e-commerce and how to deal with them. The ability to detect attacks in time and keep the danger out is a core indicator of security capabilities. In the data age, we should not only pay attention to the ease of placing orders and the growth of sales, but also establish a complete security defense system.
Host malicious attack: detection of hacker intrusion, timely warning
During the 618 promotion period, tens of thousands of users' order information will be stored in the server. If there is no security protection system, hackers use password cracking, social engineering attacks or vulnerability attacks to invade the server database and obtain a large amount of data assets. In the process of being attacked, the e-commerce business will be interrupted. A large number of malicious files occupy system resources, which will also cause the server to fail to operate normally and affect the user's purchase order operation.
Cloud hosts carry critical data and core business systems. Once attacked, the most valuable part of the entire information system will face the risk of theft and destruction. At this time, e-commerce platforms need to build a computing environment to ensure the security of the host. The defense-in-depth system with security as the core strengthens the ability to actively assess risks and actively respond to early warnings.
HUAWEI CLOUD Host Security Service (HSS) adopts a comprehensive management strategy through the host security hacking behavior detection function, including intelligent detection of password cracking, malicious requests, Trojan horse detection and other intrusion methods, and quickly discovers hackers’ The infiltration scanning behavior of the enterprise server provides timely warning.
HSS will first combine the SMS or email verification code during the login process to perform secondary authentication on the cloud server login behavior; when it detects that the host has a remote login behavior, it will promptly alert; if the account is found to be attacked by brute force, it will accurately Block the attack source IP for 24 hours and prohibit it from logging in again, so as to prevent hackers from launching an attack again.
Webpage hijacking and phishing risks: there is no application firewall
Many companies rely on Web applications for their key businesses, and 75% of Internet attacks are focused on the application layer. In the case of e-commerce companies, during 618 and Double Eleven, spike activities are often held. Some illegal attackers will use proxy servers to generate legitimate requests to the victim host, and make a large number of requests for access to the Web server, causing normal users to be unable to access them normally. Eventually, there will be a 404 unavailable phenomenon when the e-commerce page enters when the spike activity starts.
Web pages have been tampered with, visits have been phished, and there would be downtime as soon as they do activities... In fact, these are all due to the inadequate protection of web applications.
For web application protection, the web application firewall can be used to detect and block common attacks on web sites, and supports the identification and blocking of common web attacks. Help users deal with security issues such as website intrusion, vulnerability exploitation, web page tampering, backdoor implantation, CC attacks, etc., and escort the safe operation of corporate Web services.
The Web Application Firewall launched by Huawei Cloud is just such a product. It can help companies analyze Web attack behaviors and set dynamic protection strategies for specific business scenarios, provide an exclusive protection engine, and enable the intelligent defense CC function at the first time. In the process of continuous confrontation, based on flexible custom strategy configuration, we can figure out the attack strategy of the black product and put it to death. At the same time, it helps customers sort out business logic and provide a basis for business adjustment and optimization.
One of the secrets is that every mobile phone snapping up activity in the HUAWEI CLOUD VMALL mall can have a silky experience because of it.
E-commerce privacy security: prevent data leakage, guard the whole life cycle
We all know that data is the core information of an enterprise, and the key location of data storage is still in the database. The current situation is that in a large number of interconnected enterprise environments, databases generally lack effective security protection. Some criminals will attack the database to steal information by dragging the database, washing the database and hitting the database.
In the process of attacking the database, they will first use penetration attacks to find website vulnerabilities, and then find the injection location. Find the Web virtual directory, upload the ASP script, and obtain the management authority of the database. Export all the important information in the database, and finally get it on the black market for sale or blackmail.
Database security defense is faced with problems such as weak traditional protection, rampant external attacks, and hard-to-prevent internal violations. We know that the data of e-commerce companies not only include product information, but also a large number of registered users, user behavior and other related privacy data. If there is a data leakage, it is not only business losses.
Data privacy needs to be stored and circulated, but it cannot be "streaked". How to keep the data gold mine? Data on the cloud can protect data privacy through authentication methods such as key technology, new algorithms, and encryption algorithms, while enhancing the protection of the data itself. Data is encrypted at each stage of data transmission, storage and processing, and cloud technology is used to process information to realize information concealment and protect user data security. HUAWEI CLOUD also has three tricks to help you!
Database Security Service (DBSS) can provide functions based on reverse proxy and machine learning to provide sensitive data discovery, data desensitization, database auditing, and anti-injection attacks to ensure the security of databases on the cloud.
Data Encryption Workshop (DEW) provides exclusive encryption, key management, and key pair management functions, so you can avoid data leakage worries.
The data security center DSC, as a new generation of cloud-native data security platform, is built to protect the security of the entire life cycle of data around the various stages of data collection, transmission, storage, processing, use, exchange, and destruction.
In the cloud era, network infrastructure is more complex, and the services and data running on it are more important. Whether it is e-commerce, Internet, medical, or finance, education and other industries, they are inseparable from the escort of security services. Only when the prerequisites for security work are guaranteed, can the development of other basic activities be guaranteed.
618 Technical Special (1) Unknowingly, the budget is 3 times higher. Why can't you stop buying and buying? If you want to understand why our wallets are always emptied whenever there is a big sale? Behind this is whether everyone's self-control is not enough, or the e-commerce platform is too good at understanding people's hearts, we might as well take a look at it from the technical dimension.
618 Technical Special (2) Why is it more and more easy to get a spike where millions of people place orders at the same time? When consumers are captured by the recommendation system of an e-commerce company, how do they ensure that you can buy your favorite products anytime and anywhere during the big promotion, and how hundreds of millions of transaction data are circulated in an orderly manner to ensure you both Can you grab it or receive the goods in time? This article will decipher it for you one by one.
618 Technical Special (3) The king of live streaming, why is there a series of technical challenges behind "OMG buys it"? In a live broadcast room where dozens of millions of people are online at the same time, once the baby link is on the shelf, it takes seconds to reach consumers. It is a very big test for everyone to see the link at the same time, to buy it fairly, and to ensure the stability of the system. What kind of technical blessing is behind it, and what challenges did you encounter in the process? Let us find out.
Click to follow, and get to know the fresh technology of Huawei Cloud for the first time~
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。