One . Three elements of information security （CIA A triple ）

Confidentiality（ confidentiality ）： Only authorized users can obtain information .

Integrity（ integrity ）： It refers to the process of information input and transmission , Not be modified or destroyed by illegal authorization , Ensure data consistency .

Availability（ Usability ）： It means to ensure that legitimate users' use of information and resources will not be improperly rejected .

Address in priority , I prefer to call AIC, namely ：Availability（ Usability ）> Integrity（ integrity ）> Confidentiality（ confidentiality ）

in fact , Good security architecture logic in real scenarios , Safety protection plan , Priority should also follow AIC The order .

Triples complement each other , Be short of one cannot .

Many security solutions are common in the following Two types of limitations ：

（1） Excessive attention to confidentiality and integrity , Ignoring system availability .
（2） Pay too much attention to the impact of internal factors of the architecture on availability , Ignore the impact of external security issues on availability .

The difference between the security disaster recovery solution and the business disaster recovery solution ：

（1） Business disaster recovery solutions tend to solve problems within the business architecture . The common cause of business disaster tolerance is based on business traffic , Architecture load , Internal availability levels such as business logic lead to , The solutions are mainly based on remote disaster recovery , Hybrid cloud multi active disaster recovery , Data migration and synchronization .

（2） Safe disaster recovery solutions tend to solve problems due to external factors of safe behavior . The common cause of security disaster tolerance is based on external security attacks , Data disaster recovery is the main solution , Host disaster recovery , Security defense , Security detection and other ideas to solve .

The fundamental purpose of safety is ： Ensure business continuity .

We can't do it one-sided “ Security ” And security .

Two . What disasters does host security face

1. Core disaster ： Blackmail virus

（1） The database was deleted and blackmailed

（2） Malicious data encryption and extortion

2. Mining Trojan

（1） Server availability issues ： High occupancy CPU process .

Post disaster impact ：（1） Business services crash , System not available .

（2） Slow recovery . Completely clean + Locate the cause of the intrusion + System security reinforcement , Routine disposal requires 1~2 Hours .

（2） Virus elimination problem ： Kernel level kernel infection . If you clean up this kind of kernel virus, it can be described as ：“ kill 1000, Since the loss 800”.

The cost of clearing the kernel mining trojan is ： Clearing the virus may also cause server downtime .

Post disaster impact ：（1） Business services crash , System not available .

（2） Eliminate impurities , The virus regenerates repeatedly , Dissipative manpower . If the system is reinstalled , Large data loss , Long time consumption .

3. Back door implant

（1） Intrusion problems ： In a word, Trojans ,webshell implant

Post disaster impact ：（1）APT attack ： There are long-term potential safety hazards .

（2） Data security risks ： The data reveal that , Privacy leaks

（3） Business services collapse ： It all depends on when the attacker initiates the destruction

（4） Waiting for an opportunity to use the enemy occupied server to launch an external attack

（2） Botnet problem ：DDOS Botnet control .

Post disaster impact ： Business service crash unavailable

There are three common reasons ：（1） Outbound flow overload .

（2） Embedded in botnets agent, Launch an external attack , Blocked by its own cloud platform .

（3） Abnormal traffic is blocked by the operator .

3、 ... and .2021 Blackmail memorabilia ：（Colonial Pipeline）

American energy transmission company Colonial Pipeline By Darkside Blackmail software blackmail 500 Thousands of dollars

When you think that paying bitcoin for an attacker can decrypt data , It's not ：

Bloomberg ： Attacked by extortion Colonial Pipeline Spent a lot of money , Switch to a useless decryption tool ：https://www.ithome.com.tw/news/144418

Four . Cloud security solution architecture

The safety disaster recovery plan is the foundation , It is used for rapid business recovery after failure , In the service of Availability（ Usability ） and Integrity（ integrity ）

The security defense plan is the core capability , Play the role of resisting the enemy thousands of miles away , In the service of Integrity（ integrity ） and Confidentiality（ confidentiality ）

The safety monitoring scheme is visible in the upper layer , Used for long-term safe operation , Attack analysis , Attack traceability . In the service of CIA Whole process

5、 ... and . Virtual machine security disaster recovery solution

1. First step ： The snapshot backup , Full snapshot

（1） Create periodic snapshots on the cloud ：https://cloud.tencent.com/document/product/362/8191

（2） Regularly back up the core data to the local hard disk .

2. The second step ： Cloud defense , Choose a hybrid Cloud Architecture blackmail defense security product

（1） Tencent cloud

Tencent host security hybrid cloud solution ：https://v2.s.tencent.com/activity/news/70

（2） Alibaba cloud

Alibaba cloud anti extortion solution :https://cn.aliyun.com/solution/security/bvp

（3） Hua Wei Yun

Huawei virtual machine security HSS Blackmail prevention best practices ：https://support.huaweicloud.com/bestpractice-hss/hss_06_0010.html

3. The third step ： Terminal defense , Configure terminal security products as required

（1） Tencent Yudian ：https://guanjia.qq.com/avast/177/index.html

（2）VERITAS：https://www.veritas.com/protection/netbackup#announcement