近年来,Along with the enterprise business on cloud acceleration,The cloud security has become a problem that nots allow to ignore.Nowadays, many enterprises faced with cloud asset management difficult、漏洞风险高、Traffic is not controllable, etc.During the period of important activities to ensure,The attacker's attack on the cloud resources is becoming more and more frequent.

First on the side of the cloud is cloud network firewall security defense,Tencent cloud in heavy cover defense firewall,To level than the number of【黑名单拦截】、针对oa、mail、Security software console【Zero trust protection】、Cheating on an attacker【网络蜜罐】三大黑科技,Power enterprises to keep the first line of defense.

This article from the Angle of defender,Analysis under the heavy bao scene,Tencent cloud firewall how to“System protection seven steps”的策略,Help enterprises to realize the cloud assets systemic protection.

Perspective on the cloud attack link,Global perspective deployment of defense

Before the deployment of security defense,Everyone can pass kill chain model of attack and defense both sides of the timeline,To explore the effects of tencent cloud firewall in each phase：

1. The scan investigation phase：Tencent cloud cloud firewall can comb a key enterprise assets and assets of the exposed surface,And make proposal for banned,To expose the convergence;And by threatening to intelligence、地理位置、Cloud vendors to visitIP进行封禁处理;
2. 在投递、漏洞利用、Tools installation phase：Tencent cloud firewall can beIPSAnd network honeypot for an attacker to intercept and cheat;
3. In the outsideC2、横向移动、Data gaiden stage：Tencent cloud firewall can through the east-west firewall、NAT边界防火墙、Intranet honeypot detection and prevention in the form of.

System protection seven steps,Realize the cloud assets efficient protection

第一步：Combing assets with the exposed surface

In the center of the tencent cloud firewall assets,Enterprise can get cloud with a global perspective on asset condition;例如,What assets has exposed port？对应的服务是什么？These services whether there was a hole？另外,Tencent cloud firewall can be assets to group management,And apply grouping to firewall allACL中,When there are new assets or exposed surface,Will provide automatic alarm.

第二步：Open the firewall switch

Tencent cloud after switch firewall,Will begin to configurationACLAnd intrusion defense function,A comprehensive screening and control boundary flow.在重保期间,The exploit is a kind of attack is the most commonly used way,So you need to in a short period of time to find a loophole in the forming rule,Immediately release into the firewall.

第三步：Enable intrusion prevention strict mode

Strict mode tencent cloud firewall will adopt the way of a ladder（半小时、1小时、1天）Shielding try to attackIP,Make the protection more effective.

第四步：Open the heavy cover special threat intelligence

Using tencent security threat intelligence for heavy scene of bao bao intelligence package,Tencent cloud firewall users only need to open a switch,Intelligence in the packageIPAddress will be automatically added to the list of banned,Stop all access.

第五步：Reinforce the vulnerable business

The cloud common attack generally comes fromssh/rdpThe blasting and someoa、mail、VPNSystem of vulnerability.As the remote office and mixed office routine,IPWhite list become less flexible.

• Tencent cloud firewall zero trust protection can support WeChat the identity of the access control,Block management port,To avoid blasting attack;同时支持SSH和RDP,Users only need to white list can be completed in the firewall configuration of fragile business access control
• For users of enterprise WeChat, Can provide based on the architecture of flexibleACL访问能力,These visits were conducted and recorded、Can be used to trace and audit
• Network attack is a heavy cover offensive and defensive attack on a high frequency of,Tencent cloud firewall can provide zero trustWeb防护：
  1. Convergence network service public exposure,Provide a simple man-machine protection
  2. Concealing the source station and all kinds ofWebClass service provides uniform access access entrance,通过微信/Enterprise micro for visitor identification,Can effectively avoid the network attack
  3. 微信/Companies from sweeping code within micro,一键访问
• Use of tencent zero trust cloud firewall protection process for：
  1. The administrator login console and assign permissions,Support WeChat or enterprise WeChat
  2. Operational users trust protection login command in the command line, enter zero,Command line pop-up qr code
  3. Sweep WeChat code validation,Work can begin after verification by the remote operations
  4. Administrators can in cloud firewall audit operations staff operating console

第六步：Controls the active outreach

Weight during the period of insurance to focus onvpcThe outreach of the traffic flow,After the success of the attack areC2通信,Download the backdoor action,Tencent cloud firewall byNAT边界防火墙、The border of Internet communications control and intrusion prevention ability can quickly detect attacks and real-time blocking.

第七步：A honeypot deployment network

In addition to the conventional protection,The ability to tencent cloud also provides network firewall honeypot.Firewall honeypot support some commonly usedoaSpecial honeypot system and the ability to back the attacker,It can be deployed in public to deceive attackers attack traffic;Honeypot deployment will also be trying,Once an attacker to break through the layers of defense,When doing the network detection can be found in time and do the corresponding firewall isolation treatment.

在重保场景下,Defenders can change passive to active,设置“陷阱”A complete record of attack behavior,As a defense of basis;And because the attack will target simulation of honeypot business,Defenders of the real business protected.

Tencent cloud is a firewall based on cloud nativeSaaS化的产品,Support a key delivery、弹性扩容,Can provide all network border access control、身份认证、入侵防御 （威胁情报）Such as traffic control ability,And integrated vulnerability scanning、网络蜜罐、日志审计等功能,Through screening anticipation、Make real-time intercepting,After the whole process of the evidence of the scheme,打造云上的流量安全中心、策略管控中心,Help enterprises to build the first security defense.

The above is our during the offensive and defensive drills forWebThe application of protective management thinking and best practice,Welcome to focus service number for ac.