Professional Documents
Culture Documents
sensitive information to ensure that only authorized users can use it.
1.2 Integrity
Availability refers to the ability of an authorized subject to receive services in time when
1.4 Controllability
1.5 Non-repudiation
principles need to be followed to ensure that tenant data, authentication data, intelligent
operation and maintenance data can meet the security requirements to the greatest
extent.
When there is a conflict between security and business, we must first ensure the
security personnel must communicate with the business department to ensure that they
understand the business objectives. The objectives of security reinforcement must serve
the business objectives.
The data service of Cloudnet network is provided by API interface. There must be a
perfect API security control system to ensure the security of user data.
build a strong defense system on the possible attack path of the whole path from layer 3
The security reinforcement of Cloudnet network ensures the security of the whole system
network, security, etc. Cloudnet network provides the overall solution for network
services on the UCenter platform. The security of Cloudnet network is reflected in the
following aspects:
● platform safety
● network communication security
● application safety
● equipment safety
This solution provides a wealth of security features, including, but not limited to, the
following:
The tenant administrator logs into Cloudnet through cloud network or mobile app,
permission).
password.
5. Support hierarchical decentralization, support multi account roles (sub
monitoring account)
6. All operations can be traced back to the source, and operation logs will be
The identity identification and authentication of end users can not only use the
also can deploy authentication server in local network, and adopt 802.1x or Mac
The secure websocket protocol (websocket over TLS) is used between the network
access device and the cloudnet. Based on this protocol, access control of serial number
The tenant can obtain the secret key corresponding to his account in the cloud Jane
network. After obtaining the key, the tenant can obtain the data corresponding to the
device under the tenant name according to its own development capability. This
The tenant administrator / mobile app uses HTTPS to log in to the Cloudnet network
Wireless access point devices provide WPA, WPA2, 802.1x, portal and other security
authentication when wireless users are online and data encryption when wireless users
transmit data services. For the occasions with high security requirements, 802.1x
The management traffic that the device must run contains configuration
The data flow of users running the device is forwarded locally, and the traffic will
The business data of each tenant is stored in MySQL and mongodb which are
secured and reinforced; After the tenant logs out, the data is completely deleted.
The platform receives performance, location, traffic and other data first written
into rabbitmq or Kafka, then reads and processes the data and writes it to mongodb
database.
There are many access points and large number of access devices in Cloudnet
network. Therefore, the platform is also vulnerable to illegal intrusion from devices,
platform, which has the ability to detect illegal intrusion online, and even use big data to
detection and response of the import and export network are carried out, and a strong
defense mechanism is provided for various flood attacks and single packet attacks in the
network.
Cloudnet, tenants can configure URL filtering and NAT functions, select IPS and AV
templates and apply them. The cloud management platform can also monitor in real
time and provide alarm and log functions to provide users with richer security defense
strategies.
− QoS
4. A large number of end users' online and offline records and online records.
In order to protect the above privacy data, this solution provides the following
technologies:
1. 1.The authentication credentials of Cloudnet network and tenant users are stored in
The configuration file of the device is stored in the corresponding HDFS according to
3. Tenants use NETCONF / CMD over websocket to configure and manage cloud
devices.
4. The cloud device uses websocket over TLS to send the operation status data of the
5. The MAC information of the end user is desensitized and stored locally by hash
algorithm.
The Cloudnet network comprehensively checks the equipment operation log and user
operation log.
1. Logs in the system are divided into user operation logs, security logs and equipment
− user operation log: records the historical information of user operation and login.
attack, etc.
− user information
− event type
the overall solution all user data and equipment data meet the privacy protection
requirements.