What Is a Host-Based Security System?
Mainframe security, its core content includes security application delivery system, application supervision system, operating system security enhancement system and operation and maintenance security management and control system. Its specific function refers to ensuring the confidentiality, integrity, and availability of the host in data storage and processing. It includes the hardware, firmware, and system software's own security, as well as a series of additional security technologies and security management measures to establish a complete Host security to protect the environment. [1]
Host security
- Immune to the Trojan Horse
- After more than 20 years of construction of information security in China, we have achieved certain results in antivirus, network, and border security. However, we have not paid attention to the construction of a host environment for storing and processing data. The host is the most important and last door of information security. The defense line, coupled with the US's use of trade barriers to restrict the purchase of high-security products to China, further exacerbates the difficulty of China's mainframe security construction.
- The mainframe security has undergone four stages of following, learning, exploring and summarizing in China, and gradually formed a trilogy of mainframe security solutions with Chinese characteristics: innovation, application, and improvement.
- Innovation: refers to the use of new technologies to create host core basic equipment and security reinforcement products that meet China's information security requirements, such as: domestic trusted servers, domestic secure storage, domestic operating systems, foreign operating system kernel reinforcement products, domestic middleware, Domestic database, foreign database security reinforcement products, data center host security monitoring products, etc.
- Application: Gradually realize the replacement of core basic equipment in key areas. For core equipment that cannot be quickly replaced in a short period of time, such as core assets such as operating systems, databases, and middleware, deploy domestically-produced security reinforcement products to make them compatible with China. Information security related requirements.
- Improve: The existing domestic mainframe equipment has certain gaps with similar foreign products in terms of functions, performance and ease of use. Therefore, it is necessary to continuously improve the functions, performance and ease of use of the products. It is inevitable that there will be many security loopholes in the continuous improvement of the design and development of domestically-made basic equipment. It is also essential to deploy security reinforcement products and add patches on its periphery.
- The security risks faced by the host mainly come from three aspects: First, the host's own defects, which include defects in the software and hardware itself, such as vulnerabilities, and misoperations by management personnel; Second, external threats, which are scheduled information The main considerations in security construction are external defense; third, internal threats, which have attracted much attention in recent years, and how to prevent illegal access and operations by internal personnel.
- In the era of cloud computing and big data, many manufacturers focus on "host security", relying on independent innovation, focusing on the development of secure and controllable host security key technologies, creating a series of host security products, and providing dedicated host security services, such as: Inspur Group.
- In the cloud computing environment, the focus of security is to ensure the security of the virtual machine operating system. As long as the security of each operating system is guaranteed, attacks between virtual machines and remote threats can be avoided from the source. Inspur SSR intercepts all kernel access paths, and all files, processes, services, and permissions that comply with the rules of the cloud platform are "passed", and those that do not meet the rules are blocked. The effect of this is similar to the technology of refactoring the original code of the operating system, but the benefit is that it will not affect the user's business continuity. In this way, the operating environment of the cloud platform completely removes the "survival environment" of hacking, worms and virus infections, which fundamentally solves the problem of attacks between virtual machines.
- On September 27, 2014, the first domestic mainframe system industry alliance led by Inspur Group was established in Beijing under the witness of the Ministry of Industry and Information Technology. The first group of alliance members includes 16 Inspurs, winning software, Kingdee, Dameng, Major IT software and hardware companies such as Ruijie Networks in China. The alliance aims to promote cooperation among IT companies in the mainframe, chip, operating system, database, middleware and other fields, establish China's independent IT industry chain, and realize the transformation and upgrading of development methods.
- Inspur data center host security solutions, products and technologies for key business applications, and nationally produced servers based on processors such as Godson and Feiteng, and actively build host-based application ecosystems, with domestic operating systems, middleware, databases, Software application and other manufacturers establish strategic cooperation alliances, so that data center data and applications are no longer "naked in other people's courtyards". On the other hand, for data centers that have purchased and run foreign software and hardware brands in large quantities, implement safe and reliable technologies The development route is based on the security of the host system to improve the information security protection level and capabilities of the entire data center.
- As a leading domestic cloud computing overall solution provider, Inspur takes national information security as its mission. On the one hand, it actively adopts independent and controllable technological development routes to develop Inspur Tissot K1, mass storage, Yunhai OS, and big data all-in-one machines. High-end, the overall defense system with SSA, SSR, SSM, and SSC as the core is built from two aspects of business data flow and management data flow. From the perspective of business data flow, data is accessed from the outside, and server load balancing technology and web data filtering technology are used to ensure high availability, faster and more secure data, and to ensure that the server has high performance and high scalability. At the host server level, the Kernel hardening technology, build a secure kernel model, implement mandatory access control, ensure that the server operating system itself is immune to all external and internal attacks, and implement active defense to ensure continuous business and data loss, and fundamentally prevent the loss of super administrator privileges The risks brought by; from the application level, unified monitoring and management of data center equipment, including server operating systems, middleware, databases, etc., to achieve quantifiable security, visualization, and cognizability, to achieve security incident monitoring, response linkage mode; In terms of system operation and maintenance, the system administrator, system operation and maintenance personnel, system application high-priority users, third-party vendor maintenance personnel, and other temporary high-level personnel are all-rounded in management, integrating account management, identity authentication, authorization management, and Security audits to achieve data Heart operations centralize centralized control. [1-7]