Upgrade to Pro — share decks privately, control downloads, hide ads and more …

小米-企业安全实践

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for laiwei laiwei
July 28, 2014
Technology
1
5.3k

 小米-企业安全实践

xiaomi

Avatar for laiwei

laiwei

July 28, 2014
Tweet

More Decks by laiwei

See All by laiwei
小米运维自动化
Avatar for laiwei laiwei
0
5.6k
小米自动化运维实践 qcon 2014 Beijing
Avatar for laiwei laiwei
2
12k
小米运维基础设施
Avatar for laiwei laiwei
2
1.4k
noops in xiaomi @ Velocity 2013 beijing
Avatar for laiwei laiwei
1
1.4k
laiwei #adc2013# #taobao adc#
Avatar for laiwei laiwei
5
3.8k

Other Decks in Technology

See All in Technology
CDKで始めるTypeScript開発のススメ
Avatar for つくぼし tsukuboshi
1
560
【Ubie】AIを活用した広告アセット「爆速」生成事例 | AI_Ops_Community_Vol.2
Avatar for Yoshiki yoshiki_0316
1
120
Greatest Disaster Hits in Web Performance
Avatar for Estela Franco guaca
0
290
配列に見る bash と zsh の違い
Avatar for kazzpapa3 kazzpapa3
3
170
量子クラウドサービスの裏側 〜Deep Dive into OQTOPUS〜
Avatar for OQTOPUS oqtopus
0
150
Why Organizations Fail: ノーベル経済学賞「国家はなぜ衰退するのか」から考えるアジャイル組織論
Avatar for Yasunobu Kawaguchi kawaguti
PRO
1
200
顧客との商談議事録をみんなで読んで顧客解像度を上げよう
Avatar for shibayu36 shibayu36
0
320
顧客の言葉を、そのまま信じない勇気
Avatar for yamatai12 yamatai1212
1
360
2026年、サーバーレスの現在地 -「制約と戦う技術」から「当たり前の実行基盤」へ- /serverless2026
Avatar for Serverless Operations slsops
2
270
SchooでVue.js/Nuxtを技術選定している理由
Avatar for Okuto Oyama yamanoku
3
210
10Xにおける品質保証活動の全体像と改善 #no_more_wait_for_test
Avatar for nihonbuson nihonbuson
PRO
2
340
予期せぬコストの急増を障害のように扱う――「コスト版ポストモーテム」の導入とその後の改善
Avatar for Masahiro Yoshizawa muziyoshiz
1
2.1k

Featured

See All Featured
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
Avatar for Kenny Baas-Schwegler baasie
0
230
Skip the Path - Find Your Career Trail
Avatar for Mark Kilby mkilby
0
59
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
Avatar for Dr. Kim W Petersen kimpetersen
PRO
0
240
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
210
24k
AI: The stuff that nobody shows you
Avatar for John Nunemaker jnunemaker
PRO
2
270
Navigating Algorithm Shifts & AI Overviews - #SMXNext
Avatar for Aleyda Solis aleyda
0
1.1k
BBQ
Avatar for Matthew Crist matthewcrist
89
10k
How To Speak Unicorn (iThemes Webinar)
Avatar for Michelle Schulp Hunt marktimemedia
1
380
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
330
40k
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
Avatar for konakalab konakalab
0
350
A Soul's Torment
Avatar for Nat Ma seathinner
5
2.3k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
25
1.7k

Transcript

  1. 图说企业安全建设 看屌丝是怎样建设安全基础设施 --- 小米安全中心:康竟淞 新浪微博:@淡定淞淞

  2. 前言 权限管理  Godlike -- 认证,授权,审计(AAA)  Medusa -- 密码管理

    入侵检测  NIDS -- Suricata+ELK  LIDS -- OSSEC Web安全  Webscan -- 扫描平台 安全防护  Shield -- 应用防火墙 数据分析  安全日志分析  流量分析

  3. GODLIKE •关键字: Google authenticator Cmdrecorde  Kerberos Ldap

  4. 示意图 用户 堡垒机 验证 服务器 目标服务器 SSH 审计服务器 办公网 IDC

    审计员 权限管理员

  5. 用户 权限管理 审计员 各角色界面

  6. IDS • 关键字: Suricata ELK(elasticsearch + Logstash + Kibana) Ossec

    SyslogNG

  7. 示意图 GUI & Report Logstash Indexer Shiper 3 Elasticsearch Storage

    & search Kibana Web Interface Shiper 2 IDC1 服务器 网络设备 SyslogNG OSSEC Shiper 1 Network Network Interface PF_RING Sensor Suricata Rules eve.json Logstash- forwarder

  8. 界面图

  9. SHIELD • 关键字: Nginx Lua Redis

  10. 示意图 Client 部分 Tengine Lua Sqlite Shield Client Pipe Server部分

    Mysql Webconsole Redis

  11. 界面图

  12. 安全日志分析 • 关键字: Kafka Storm Redis

  13. 示意图 流量镜像 Storm Redis Mysql Kafka Web应用 Java 应用

  14. 界面图

  15. THANKS! Q&A