摘要
一直以来,运营商各个业务网站分散在各个地市分公司,因为安全投入不够,人员和技能不足,导致信息安全事件频发。因此,广东移动借鉴美国建设TIC可信互联网连接通道的思路,将地市分公司的分散出口进行整合关停,通过构建集约化网站保护安全云平台,统一利用双层异构防火墙、网络入侵保护、Web应用防火墙和负载均衡设备来组建强大的Iaa S资源池,通过创新的代理服务和访问控制来实现地市各个业务网站的按需接入云服务,并进行统一的安全运维,大大提升本省的网站安全形势。另外,借鉴了美国持续监控建设思路,云平台还提供漏洞扫描、网站监控等云服务,可以进行网站安全状态的持续监控,发现网站的漏洞、平稳度、篡改、挂马、非法内容等安全事件,并及时进行预警,对于建设私有云和公有云模式都是很好的安全借鉴。
For years, the business websites of telecom carriers, which are distributed at massive provincial subsidiaries in different regions, frequently exposes security issues due to inadequate investment in security and lack of security staffing and skills. Therefore, with reference to the constructing TIC(Trusted Internet Connections)in the USA, China Mobile Guangdong integrates and shut down some distributed egresses at the subsidiaries. It secures the security cloud platform by establishing an integrated website, and comprises a powerful laa S resource pool with powerful dual heterogeneous firewalls, intrusion protection systems, WAF(web application firewalls) and load balancers. Via the innovated application proxy services and access controls, it enables each business website located in different cities to have on-demand access to cloud services, with centralized security maintenance provided. These measures can significantly enhance the security postures of the websites located in Guangdong province. In addition, with reference to the continues monitoring(ISCM)in the USA, the cloud platform also provides vulnerability scanning, website monitoring and other cloud services for continuously monitoring of website security. It detects and alerts vulnerabilities, instability, defacement, malware injection, illegal contents and other security events. This can be a good reference for the construction of private cloud and public cloud modes.
出处
《计算机安全》
2014年第11期40-44,共5页
Network & Computer Security
关键词
云安全
安全云服务
TIC可信互联网连接
持续监控
Cloud Security
Cloud Security services
Trusted Internet Connections(TIC)
Continuous Monitoring
