Upgrade to Pro — share decks privately, control downloads, hide ads and more …

小米-企业安全实践

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for laiwei laiwei
July 28, 2014
Technology
5.3k
1

 小米-企业安全实践

xiaomi

Avatar for laiwei

laiwei

July 28, 2014

More Decks by laiwei

See All by laiwei
小米运维自动化
Avatar for laiwei laiwei
0
5.6k
小米自动化运维实践 qcon 2014 Beijing
Avatar for laiwei laiwei
2
12k
小米运维基础设施
Avatar for laiwei laiwei
2
1.4k
noops in xiaomi @ Velocity 2013 beijing
Avatar for laiwei laiwei
1
1.4k
laiwei #adc2013# #taobao adc#
Avatar for laiwei laiwei
5
3.8k

Other Decks in Technology

See All in Technology
AI-DLCを活用した高品質・安全なAI駆動開発実践 / AI Driven Development with AI-DLC
Avatar for 吉田真吾 yoshidashingo
0
170
地球に⽣きるAI —GeoAIと「中間領域」— / AI Living on Earth — GeoAI and the “Intermediate Layer” —
Avatar for Kiyota Yoji, Ph.D. ykiyota
0
280
フロンティアAIのゲート化と地政学リスク
Avatar for 長津孝輔 nagatsu
0
120
Snowflakeと仲良くなる第一歩
Avatar for あべ coco_se
4
430
Djangoユーザが知っ得なPostgreSQL機能 - 設計の選択肢を増やす / Djang-use-PostgreSQL
Avatar for soudai sone soudai
PRO
1
230
2026TECHFRESH畢業分享會 - Lightning Talk - 打造精準高效的 MCP 設計模式與測試實務
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
810
ACE-Step-1.5で見る 音楽生成AIのしくみと“破綻だけ直す”Retake機能の開発【zennfes spring 2026 登壇資料】
Avatar for asap personabb
1
130
エラーバジェットのアラートのタイミングを考える.pdf
Avatar for KairiM kairim0
0
120
新しいVibe Codingと”自走”について
Avatar for watany watany
5
290
20260619 私の日常業務での生成 AI 活用
Avatar for Masaru Ogura masaruogura
1
120
LLMと共に進化するプロセスを目指して
Avatar for y_matsuwitter ymatsuwitter
12
4k
2026TECHFRESH畢業分享會 - AI 時代的人生存檔點
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
810

Featured

See All Featured
We Are The Robots
Avatar for Honza Javorek honzajavorek
0
240
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
66
8.5k
From Legacy to Launchpad: Building Startup-Ready Communities
Avatar for Dug Song dugsong
0
230
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
Avatar for Yuki Nakata chikuwait chikuwait
0
580
Test your architecture with Archunit
Avatar for Yoan thirion
1
2.3k
Designing Dashboards & Data Visualisations in Web Apps
Avatar for Des Traynor destraynor
231
55k
SEO for Brand Visibility & Recognition
Avatar for Aleyda Solis aleyda
0
4.6k
16th Malabo Montpellier Forum Presentation
Avatar for AKADEMIYA2063 akademiya2063
PRO
0
140
The Director’s Chair: Orchestrating AI for Truly Effective Learning
Avatar for Mike Taylor tmiket
1
190
Ten Tips & Tricks for a 🌱 transition
Avatar for Manu Carrasco Molina stuffmc
0
130
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
360
30k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
Avatar for mongodb mongodb
49
10k

Transcript

  1. 图说企业安全建设 看屌丝是怎样建设安全基础设施 --- 小米安全中心:康竟淞 新浪微博:@淡定淞淞

  2. 前言 权限管理  Godlike -- 认证,授权,审计(AAA)  Medusa -- 密码管理

    入侵检测  NIDS -- Suricata+ELK  LIDS -- OSSEC Web安全  Webscan -- 扫描平台 安全防护  Shield -- 应用防火墙 数据分析  安全日志分析  流量分析

  3. GODLIKE •关键字: Google authenticator Cmdrecorde  Kerberos Ldap

  4. 示意图 用户 堡垒机 验证 服务器 目标服务器 SSH 审计服务器 办公网 IDC

    审计员 权限管理员

  5. 用户 权限管理 审计员 各角色界面

  6. IDS • 关键字: Suricata ELK(elasticsearch + Logstash + Kibana) Ossec

    SyslogNG

  7. 示意图 GUI & Report Logstash Indexer Shiper 3 Elasticsearch Storage

    & search Kibana Web Interface Shiper 2 IDC1 服务器 网络设备 SyslogNG OSSEC Shiper 1 Network Network Interface PF_RING Sensor Suricata Rules eve.json Logstash- forwarder

  8. 界面图

  9. SHIELD • 关键字: Nginx Lua Redis

  10. 示意图 Client 部分 Tengine Lua Sqlite Shield Client Pipe Server部分

    Mysql Webconsole Redis

  11. 界面图

  12. 安全日志分析 • 关键字: Kafka Storm Redis

  13. 示意图 流量镜像 Storm Redis Mysql Kafka Web应用 Java 应用

  14. 界面图

  15. THANKS! Q&A