Upgrade to Pro — share decks privately, control downloads, hide ads and more …

小米-企业安全实践

Avatar for laiwei laiwei
July 28, 2014
Technology
5.3k
1

 小米-企业安全实践

xiaomi

Avatar for laiwei

laiwei

July 28, 2014

More Decks by laiwei

See All by laiwei
小米运维自动化
Avatar for laiwei laiwei
0
5.6k
小米自动化运维实践 qcon 2014 Beijing
Avatar for laiwei laiwei
2
12k
小米运维基础设施
Avatar for laiwei laiwei
2
1.4k
noops in xiaomi @ Velocity 2013 beijing
Avatar for laiwei laiwei
1
1.4k
laiwei #adc2013# #taobao adc#
Avatar for laiwei laiwei
5
3.8k

Other Decks in Technology

See All in Technology
Shipping AI Agents — Lessons from Production
Avatar for vvatanabe vvatanabe
0
280
独断と偏見で試してみる、 シングル or マルチエージェント どっちがいいの?
Avatar for ShichijoYuhi shichijoyuhi
1
110
EMから幅を広げるために最近挑戦していること / Recent challenges I'm undertaking to expand my horizons beyond EM
Avatar for hiro-torii hiro_torii
1
110
M5Stack CoreS3とZephyr(RTOS)で Edge AIっぽいことしてみた
Avatar for misoji engineer iotengineer22
0
280
Do Vibe Coding ao LLM em Produção para Busca Agêntica - TDC 2026 - Summit IA - São Paulo
Avatar for Jessica Pauli de C Bonson jpbonson
3
150
Oracle AI Database@AWS:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
4
2.4k
The Journey of Box Building
Avatar for Satoshi Tagomori tagomoris
4
3.3k
サイボウズ 開発本部採用ピッチ / Cybozu Engineer Recruit
Avatar for Cybozu cybozuinsideout
PRO
10
78k
AI駆動1on1〜AIに自分を育ててもらう〜
Avatar for Yoshiaki Yasuda yoshiakiyasuda
0
140
生成AIが変える SaaS の競争原理と弁護士ドットコムのプロダクト戦略
Avatar for 弁護士ドットコム bengo4com
1
2.2k
社内エンジニア勉強会の醍醐味と苦しみ/tamadev
Avatar for Ichiro Nishiuma nishiuma
0
230
Practical TypeProf: Lessons from Analyzing Optcarrot
Avatar for Yusuke Endoh mame
0
930

Featured

See All Featured
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.2k
Jess Joyce - The Pitfalls of Following Frameworks
Avatar for Tech SEO Connect techseoconnect
PRO
1
140
Public Speaking Without Barfing On Your Shoes - THAT 2023
Avatar for David Neal reverentgeek
1
380
So, you think you're a good person
Avatar for Per Axbom axbom
PRO
2
2k
Exploring the relationship between traditional SERPs and Gen AI search
Avatar for Ray Grieselhuber raygrieselhuber
PRO
2
3.8k
Mozcon NYC 2025: Stop Losing SEO Traffic
Avatar for Sam Torres samtorres
0
210
Accessibility Awareness
Avatar for Sarah Abderemane sabderemane
1
100
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
55
3.3k
Lightning Talk: Beautiful Slides for Beginners
Avatar for Ines Montani inesmontani
PRO
1
530
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
Avatar for Yuki Nakata chikuwait chikuwait
0
490
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
17k

Transcript

  1. 图说企业安全建设 看屌丝是怎样建设安全基础设施 --- 小米安全中心:康竟淞 新浪微博:@淡定淞淞

  2. 前言 权限管理  Godlike -- 认证,授权,审计(AAA)  Medusa -- 密码管理

    入侵检测  NIDS -- Suricata+ELK  LIDS -- OSSEC Web安全  Webscan -- 扫描平台 安全防护  Shield -- 应用防火墙 数据分析  安全日志分析  流量分析

  3. GODLIKE •关键字: Google authenticator Cmdrecorde  Kerberos Ldap

  4. 示意图 用户 堡垒机 验证 服务器 目标服务器 SSH 审计服务器 办公网 IDC

    审计员 权限管理员

  5. 用户 权限管理 审计员 各角色界面

  6. IDS • 关键字: Suricata ELK(elasticsearch + Logstash + Kibana) Ossec

    SyslogNG

  7. 示意图 GUI & Report Logstash Indexer Shiper 3 Elasticsearch Storage

    & search Kibana Web Interface Shiper 2 IDC1 服务器 网络设备 SyslogNG OSSEC Shiper 1 Network Network Interface PF_RING Sensor Suricata Rules eve.json Logstash- forwarder

  8. 界面图

  9. SHIELD • 关键字: Nginx Lua Redis

  10. 示意图 Client 部分 Tengine Lua Sqlite Shield Client Pipe Server部分

    Mysql Webconsole Redis

  11. 界面图

  12. 安全日志分析 • 关键字: Kafka Storm Redis

  13. 示意图 流量镜像 Storm Redis Mysql Kafka Web应用 Java 应用

  14. 界面图

  15. THANKS! Q&A