Iron Flower, joined Alibaba in 2006, began to work on security-related work in 2008, Taobao's first SDL establishment and implementation, Taobao's first generation of web security solutions and development framework, the main developer, the creation of a secure static code scanning platform. All in Wireless was responsible for the overall service team and overall technical business security of the business unit, and one of the main designers of the internal IM instant messaging cloud platform. At present, the Ministry of Safety is responsible for the construction of the safety technology platform product system and the development of basic safety. The medium-sized output construction of the safety technology platform products, the construction of the infrastructure technology system and the guarantee of the Group's major activities are being emphasized.
Traffic cleaning overviewTraffic cleaning, that is, AnTI Malicious Network Traffic, is the cleaning of all network traffic that accesses services through the network layer to eliminate the dross, leave the essence, and de-authenticate, to ensure the traffic to the business system. There are no external attacks and non-human malicious traffic. In terms of service scenarios, traffic cleaning should cover DDoS attack protection, CC attack protection, Web attack protection, batch machine behavior defense, service security/wind control, and network current limiting. Although the traditional traffic cleaning solution deploys a large number of security products on the entire link of the service, it also brings a series of problems such as deployment maintenance and personnel operating costs, weak protection capabilities, and data loss.
Iron Flower said that compared with the current malicious traffic cleaning platform, the seven-layer traffic cleaning presents a new feature: the first is to refine the scene, and it is no longer a single technical point attack but a certain Complex link attacks in a scenario, so the corresponding defense platform needs to be abstracted for different similar scenarios. Secondly, the full-link data is opened, and all data from the client to the network connection layer to the service layer are integrated. Analysis and algorithm modeling can achieve optimal results; then intelligent, some of the current platform models have begun to intelligently adjust and automate defense.
For common malicious traffic such as DDoS and malicious vulnerability scanning, the industry's conventional countermeasures include anti-DDoS systems, WAF-like web firewalls, and box-type firewall products provided by some security companies. In addition to these conventional means, Alibaba can also intelligently handle the malicious and malicious attacks caused by black and gray production at the network layer by clearing the vertical and horizontal data of the scenes and intelligently handling them.
I have a few Aliyun lucky vouchers to share with you, there will be special surprises when you buy or upgrade Alibaba Cloud products with coupons! Take away the lucky coupons for the products you want to buy! Get started quickly and you will be robbed soon.
Latest application resultsAt present, the subordinate-seven-layer traffic cleaning is responsible for all network layer traffic cleaning and guarantee work of Alibaba Group. In 2017, Double 11, it handled a peak of 20 million QPS traffic, ensuring that the flow purity to the core trading system is greater than 99.85%.
"This year's double 11 is the most smooth and effective year in the past years. It is definitely not the merit of a single system or a platform." Tiehua believes that a safe business is special. To achieve such a good result, we must rely on the effective linkage of online and offline, and consider all aspects of the business from the end to the business. Stable and reliable system is indispensable.
Functional and technical interpretationThanks to Ali's complex and fast-growing business, creating a corresponding security system is extremely difficult and challenging, not only to meet basic business premise, but also to think about future judgments, as well as security, performance and user experience. The balance between the three is balanced.
Insulated Power Cable,Bimetallic Crimp Lugs Cable,Pvc Copper Cable,Cable With Copper Tube Terminal
Taixing Longyi Terminals Co.,Ltd. , https://www.longyiterminals.com