|
From August 14th to 15th, 2014, the 7th Mobile Internet International Symposium was held in Beijing International Conference Center. The theme of the conference was “Innovation and Transformation in the Age of 4G Mobile Internet”, focusing on 4G network technology and future development. Industrial hotspots such as virtual operators, mobile Internet applications, information security, Internet of Things, and converged communications. The following is Tan Jie, China's chief technical consultant, who delivered a speech at the "Cloud Computing and Big Data Application" sub-forum.
Tan Jie.gif
The following is a shorthand for the speech: Good afternoon everyone. Just now, our host also mentioned that to popularize cloud computing, one of the issues that users are concerned about is security. Today I am here to tell you about the solution and experience of the flying tower in cloud computing. Fortinet is a pride of Chinese students in the United States. Although it was not long, Fortinet is the world's third-largest security provider and the largest professional security vendor in the Asia Pacific region. We are among the best in the security industry in the very field. Including traditional firewalls, as well as the emerging multi-functional security gateway across the network to the application layer, is UTM. In this field, Fortinet has always ranked first in the world.
Fortinet provides a very complete security solution. Here is a panoramic view. We can look at it, whether it is in the corporate headquarters, in the branch office, or in the mobile office network, as well as the key cloud computing, data center and security management. In terms of cloud security services, there is a very comprehensive and very complete solution.
Including security gateway, application security, access layer security, and WAN VPN access security, such as web application firewall, email security, database security, etc., as well as application solutions for network application interaction, server application acceleration Wait. Finally, we have a variety of management, such as security management SIM, event information analysis, and some of our certifications, etc. This is a panoramic view of our solution. When we build cloud computing, we are sure to face a variety of problems. I believe that if we choose Fortinet, we can provide us with better choices in all aspects. Fortinet is highly recognized in the industry, and the number of network and security certifications is the highest among all security vendors.
Let me introduce the concept and experience of Fortinet in cloud computing. There have been several development trends in recent times. The number of solutions introduced in a panorama just now is also very large. Today, we focus on these topics. The performance of the first pair of networks and changes in the infrastructure. We know that after the cloud business is concentrated, the performance requirements and bandwidth requirements have changed dramatically. SDN technology is also becoming more widely used in cloud platforms, so our core network needs a new structure with a higher performance.
In the development of basic protocols for the network, such as IPV6, there are some new technologies on the border. Therefore, cloud computing center border firewalls also have new requirements. The third cloud architecture is very different from the traditional distributed architecture. The data is concentrated and the value is multiplied, so the threat is unprecedented. Therefore, our cloud computing platform faces different threats when choosing security solutions and vendors, and faces different levels of expertise. APT's advanced persistent threats, we know that many cloud computing providers, including Google, have been attacked by APT, so we need to do advanced threat defense in Yunping, not just a simple element like a firewall.
When our system is getting bigger and bigger and more complicated, how to implement it effectively is also very important, so we have to talk about management topics.
Based on this, Fortinet proposes that the advanced threat defense framework is mainly composed of these five aspects. First, how to narrow the attack surface, we tighten the fence tighter and the door is more secure. This is mainly the access control aspect, the firewall can do the division of the security zone, the wall authentication, every action, every visit, can only be carried out by the person with the authority, so this is the authentication aspect. Vulnerability management, how to evaluate and repair the entire cloud platform, whether it is host, application, network, device, protocol as an effective vulnerability, so that the attack surface is reduced. Next detect and block the threat. There are known threats, such as Trojan horses, attack intrusions, all kinds of bad content, etc., all of which can be based on corresponding security technologies. For example, if you want to defend against viruses, we have anti-virus technology, etc. This is known. Threat. There is also an unknown threat. Especially in the APT's rampant attack, hackers have developed such a vulnerability. After such an attack, they are not eager to release, but attack the target that he most wants to attack. Previously, feature-based security technology is relatively weak. Therefore, we need to like Shahe, and user reputation assessment also uses the means of big data analysis to evaluate all users, all sites, all elements of the network security reputation value, and timely discover some of these security risks. The fourth emergency response has a corresponding means after the discovery of known unknown threats. Finally, evaluate audits and improvements. For all of our previous data, we do a comprehensive analysis to grasp the security situation. Early warning of some threats that may arise from security incidents provides a scientific basis for our next security construction and reinforcement. This form a closed loop, which can give us a significant improvement in the security level of cloud computing platforms.
Specifically, let's take a look at what is worth our attention. On the first cloud platform, we will face unprecedented performance pressure. We have more and more tenants. We provide more and more services, so the bandwidth of the network, the ability of packet forwarding, and the delay are greatly increased. Affecting business, DDOS attacks, will create performance pressure. No matter how high-end firewall is placed here, it may take a while to find that the system resources are more obvious.
For a cloud computing data center, different requirements are imposed on the border or core firewall than on the traditional architecture. The first interface requirements, the actual interface is not a high-end representative, we need 40G, or even 100G interface, effectively simplify management in our data center, and reduce the number of cables, is very important for the cloud platform. The second high performance. No matter what the firewall's throughput and painting requirements are, there are unprecedented requirements. The problem of security and confidentiality brought about by cross-regional synchronization requires a lot of VPN applications. Therefore, we also put forward high requirements for the firewall and VPN encryption and decryption capabilities of the border.
As a cloud platform, resources are very valuable. Both space and energy consumption will be added to the overall TCO. Therefore, when we choose security products and solutions, we put forward higher volume and energy consumption. Requirements.
For a firewall, in addition to the traditional security features required, the threat to the new application layer of the cloud requires related defenses, so the functional requirements are greatly improved.
Finally, how to adapt to the cloud architecture, multi-tenant virtualization environment, how to integrate with the third-party management system through the API, this is a high demand for cloud computing.
We have a range of solutions for high performance data center firewalls. At the highest level, we can do more than 1T of firewall throughput. The 3U chassis can achieve 160G processing power, and the capability and cost performance are very capable in the industry. We have a 100G interface device for the interface.
How does the principle and structure of high performance come about? This is a relatively unique point for Fortinet, using ASIC chips for fast data forwarding. The general release is strongly implemented by CPU plus software. The traffic is large, and the above businesses and applications are more, which is easy to form a bottleneck. Fortinet's solution, we use ASIC chips to share the pressure on the CPU. This is the network processor, the state detection of the firewall, the negotiation to be used by the VPN, and the encryption and decryption are handled by this chip. These three combined to share the performance pressure, so that the performance of the whole machine reached a relatively high level.
When doing cloud, it is very important that SDN is used more and more. Everyone wants software to define networks, define data centers, and more and more software implementation. We know that software has a lot of disadvantages, and the CPU share is getting higher and higher. In the end, we still need to implement mature technology using dedicated hardware. We say the separation of the control plane from the data forwarding plane. The upper layer's policy definition, distribution, and representation processing are handled by software. The core of the firewall is still implemented by hardware. Its cost performance and its competitiveness will be the strongest. Fortinet's solution is like this. When the upper layer is created, the CPU will pass the CPU. When the actual data is transmitted, it will be forwarded through the ASIC chip. The performance of such a structure is greatly improved, and the volume, power consumption, and overall cost are greatly reduced. The delay, throughput, and packet forwarding capabilities that are reflected in the network can reach the highest level.
How to adapt to the structure of the cloud in the context of virtualized cloud computing. There are many forms of network virtualization and security virtualization. We have two types of virtualization for Fortinet, one is hardware virtualization and the other is hardware virtualization. All management, policies, daily reports, etc. are independent and can be well adapted to our application scenarios in a multi-tenant environment on this border. The other is software virtualization, which runs through the firewall and other security devices in the virtual machine, which can better effectively apply the computing resources of each physical server, thereby gaining the advantage of personalized management performance expansion flexibility.
Combined with SDN, OPENSTACK's API combines traffic to firewalls and other devices via SDN, then to business and virtual machines for better scalability and auto-deployment features. A lot of research and productization work. This is the first point just mentioned, in terms of performance and architecture, for the performance and cloud computing platform.
APT attacks are very concealed, and the most critical one is the 0day attack. Our traditional approach is that there is no way to defend. So we need sandboxes, in the importance of virtualization, letting mobile things run, contacting the Trojan Control Center we know, generating files and other malicious acts can help us judge that it is suspicious and malicious. software.
The sandbox can break the chain of APT very well. It can find 0day attacks, can effectively find the target of hacker supply, and we terminate the APT process in time.
The sandbox system provided by Fortinet, combined with our equipment, finds gray and white files for behavior analysis and deep filtering. Here is an example of such malware that when trying to pass a firewall, because there are no features, it is not found.
With regard to management pressure, we know that a lot of security products and technologies are used in a cloud platform. In the past, their logs were independent, and it was very inconvenient to manage. There are tens of thousands or even hundreds of thousands of logs every day that we need to pay attention to, so it creates a heavy workload for the administrator, and the effect is not good, because the logs are many. We didn't have the patience and time to look at it. Some very important things leaked.
Foritsiem proactively discovers assets on the network, discovers network assets through active scanning, and collects various security logs through a unified collection platform. After collecting it, you can do some active security defenses. For example, some time ago everyone was shocked by the bleeding of the heart. We have seen such a log and need not pay attention to it. Foritsiem receives such a file and scans the target server being attacked. Is there such a vulnerability? If the patch is hit, there is no such vulnerability, we know it is safe, we can ignore the IPS log, so we can filter out a lot of logs we do not need to pay attention to, reduce our management difficulty and improve the effectiveness. There are many other algorithms for correlation analysis that can effectively correlate and reduce the logs generated by different security products. Finally, through a comprehensive analysis of all the logs, make a big data analysis, make a perception of the security situation, and make an early warning of possible dangers. Help us simplify management, quickly identify security threats, and make a holistic view of the overall security posture.
Fortinet provides the most extensive and deep security protection for cloud computing platforms. We have a large number of virtualized architecture solutions for ultra-high performance data center firewalls. For APT attacks and 0day we have sandboxing means.
|
