Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
小米-企业安全实践
Search
laiwei
July 28, 2014
Technology
1
5.3k
小米-企业安全实践
xiaomi
laiwei
July 28, 2014
Tweet
Share
More Decks by laiwei
See All by laiwei
小米运维自动化
laiwei
0
5.6k
小米自动化运维实践 qcon 2014 Beijing
laiwei
2
12k
小米运维基础设施
laiwei
2
1.3k
noops in xiaomi @ Velocity 2013 beijing
laiwei
1
1.4k
laiwei #adc2013# #taobao adc#
laiwei
5
3.8k
Other Decks in Technology
See All in Technology
LIXIL基幹システム刷新に立ち向かう技術的アプローチについて
tsukuha
1
390
AIでテストプロセス自動化に挑戦する
sakatakazunori
1
540
データ駆動経営の道しるべ:プロダクト開発指標の戦略的活用法
ham0215
2
110
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
820
Microsoft Defender XDRで疲弊しないためのインシデント対応
sophiakunii
2
320
Four Keysから始める信頼性の改善 - SRE NEXT 2025
ozakikota
0
420
OpenTelemetryセマンティック規約の恩恵とMackerel APMにおける活用例 / SRE NEXT 2025
mackerelio
3
2k
american aa airlines®️ USA Contact Numbers: Complete 2025 Support Guide
aaguide
0
500
cdk initで生成されるあのファイル達は何なのか/cdk-init-generated-files
tomoki10
1
670
shake-upを科学する
rsakata
7
1k
Talk to Someone At Delta Airlines™️ USA Contact Numbers
travelcarecenter
0
160
LLM拡張解体新書/llm-extension-deep-dive
oracle4engineer
PRO
24
6.4k
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.8k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.6k
The Cult of Friendly URLs
andyhume
79
6.5k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
18
990
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
Music & Morning Musume
bryan
46
6.7k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
50
5.5k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
138
34k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Making the Leap to Tech Lead
cromwellryan
134
9.4k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
5.9k
Transcript
图说企业安全建设 看屌丝是怎样建设安全基础设施 --- 小米安全中心:康竟淞 新浪微博:@淡定淞淞
前言 权限管理 Godlike -- 认证,授权,审计(AAA) Medusa -- 密码管理
入侵检测 NIDS -- Suricata+ELK LIDS -- OSSEC Web安全 Webscan -- 扫描平台 安全防护 Shield -- 应用防火墙 数据分析 安全日志分析 流量分析
GODLIKE •关键字: Google authenticator Cmdrecorde Kerberos Ldap
示意图 用户 堡垒机 验证 服务器 目标服务器 SSH 审计服务器 办公网 IDC
审计员 权限管理员
用户 权限管理 审计员 各角色界面
IDS • 关键字: Suricata ELK(elasticsearch + Logstash + Kibana) Ossec
SyslogNG
示意图 GUI & Report Logstash Indexer Shiper 3 Elasticsearch Storage
& search Kibana Web Interface Shiper 2 IDC1 服务器 网络设备 SyslogNG OSSEC Shiper 1 Network Network Interface PF_RING Sensor Suricata Rules eve.json Logstash- forwarder
界面图
SHIELD • 关键字: Nginx Lua Redis
示意图 Client 部分 Tengine Lua Sqlite Shield Client Pipe Server部分
Mysql Webconsole Redis
界面图
安全日志分析 • 关键字: Kafka Storm Redis
示意图 流量镜像 Storm Redis Mysql Kafka Web应用 Java 应用
界面图
THANKS! Q&A
laiwei
tsukuha
sakatakazunori
ham0215
sansan33
sophiakunii
ozakikota
mackerelio
aaguide
tomoki10
rsakata
travelcarecenter
oracle4engineer
maggiecrowley
reverentgeek
andyhume
sergeychernyshev
thoeni
bryan
eileencodes
philnash
wjessup
cromwellryan
kevinliebholz
