Welcome toTencent Cloud + community, get more Tencent mass technology practice dry goods oh ~

This article is published by Tencent Game cloud team and cloud + community

Abstract: On April 13, Tencent GAME Cloud Game-tech GAME developer Technology Salon was held in Beijing. This event is the second stop of Tencent Game Cloud Game technology Ecology China tour, this Beijing station Tencent Game cloud more vertical analysis of the current game industry security situation and share relevant solutions. At the meeting, experts from Tencent Game Cloud, Tencent Game Security, Tencent Security Platform Department gathered with nearly 200 game industry practitioners and had in-depth discussions on the challenges brought by the current game security upgrade.

Q: Shortly before Tencent GAME Cloud game-tech Beijing station was held, Tencent GAME Cloud helped a GAME manufacturer successfully defend against 1.2T traffic attack, creating the record of successfully defending against the largest organized traffic attack in China. What is the current game security situation?

Tencent security platform department expert Zhou Zhibin said

The current game security situation increasingly presents the characteristics of attack threat, high cost of confrontation and large business loss. Taking DDoS attacks as an example, they are classified into two types: bandwidth congestion, which blocks the bandwidth of the equipment room or the server and leads to blackholes in the IP addresses of the machines. In resource-consuming mode, DDoS attacks are launched using protocol defects, depleting service server processing resources. Selectivity of the bad guys to attack more and more, such as SSDP reflection, such as NTP reflection and MEMCACHE UDP attacks, asymmetric, with smaller attack traffic flow cost can be amplified one hundred times, one thousand times, and black is produced specifically for its providing tools, collecting chicken even special orders, greatly reduce the cost of the threshold and attacked. However, if game manufacturers build and develop their own protection centers, they may need to invest millions of dollars in protection products with 100G capacity, which is undoubtedly a heavy burden for manufacturers.

(Zhou Zhibin, Tencent DDoS security expert)

The gaming industry has been the epicenter of DDoS attacks in recent years. According to statistics, the number of attacks in the game industry accounted for 66% in 2017, with the highest attack frequency reaching 8,000 times a month, and the peak traffic of single attacks was constantly refreshed, such as the 1.2T attacks mentioned above. At the same time, the attack sources are diversified, and the combination of overseas and domestic attacks causes the current difficult problem of protection. In view of this, Tencent Game cloud provides a set of game security solutions honed in Tencent’s self-run business for many years — Aegis security protection scheme. This solution is the technical achievement accumulated by Tencent Security Platform Department in the fight against DDoS attacks for more than 10 years, and provides security guarantee for all self-operated businesses of Tencent, such as QQ, Tencent, wechat and Tencent Games, and can develop different security solutions according to different game types, including strategy customization and security watermarking. Full protection for more vulnerable game types, such as against tier 4 CC attacks.

Q: How does Tencent cloud’s new generation of high defense solutions protect game security?

Tencent game cloud technology director Ouyang Qunming said

From the perspective of network architecture, Tencent cloud’s new generation of high security solutions can carry out intrusion detection on traffic, and then carry out T-level traffic traction and cleaning. In addition, Aegis provides game manufacturers with high defense IP and high defense package system, including BGP defense in Beijing, Shanghai and Guangzhou, Telecom 800G defense, China Unicom 600G defense and Mobile 200G defense, as well as high defense in Hong Kong, Singapore, Silicon Valley and other places in China. In terms of network protection, the new generation of high protection solution has built a network DDoS conventional protection system and watermark protection system, which supports intelligent scheduling and custom policies. SDK linkage protection mode will be launched in the future. In view of the most difficult against layer 4 CC attack, tencent cloud aegis provides CC watermark protection scheme, through a set of open source irreversible push algorithm, let the attacker in the case of don’t know the private key can’t imitate and replay attack, aegis can accurately identify the attacker and real players packets, thus helping game makers against layer 4 CC attack effectively.

(Ouyang Qunming, Technical Director of Tencent Game Cloud)

In terms of layout planning, Tencent cloud’s new generation of high defense solutions will build three protection systems in the future: First, Tencent cloud’s self-developed IDC has provided hundreds of GIGABytes of protection capabilities for cloud services; Secondly, multi-point protection is carried out by using the dynamic scheduling feature of BGP. Therefore, Tencent Aegis will also build several BGP cleaning and protection rooms and network POP cleaning and protection points as soon as possible, and build a distributed T-level cleaning and protection platform, which provides a protection scheme with almost no delay damage on the basis of near-source cleaning. Third, the use of domestic multi-regional static three network single point single line T-level bandwidth resources, can provide a solid bottom protection scheme for business.

Q: What is the best defense strategy for different attack scenarios and characteristics?

Tencent game cloud senior frame division Wang Wei said

Game security can be analyzed from two aspects of business attributes and technical architecture. Business-level key factors such as the type of game, the network communication protocol used, the network latency that can be tolerated, the attack traffic that can be faced, and the stage of the game’s life cycle; Key factors at the technical architecture level, such as which services are exposed to the public network, whether IP addresses can be changed, and whether multiple regions are deployed; We need to build corresponding protection schemes for these key factors. For complex attack scenarios, we need to comprehensive utilization of tencent cloud aegis provided by BGP high IP, BGP, package, three network defense, custom protection strategy, the watermark protection, air connection protection, emergency protection mode products such as their own characteristics and advantages, set up multi-level protection system, and even set up their own safety dispatching system, And Tencent cloud security experts together for offensive and defensive confrontation, to ensure that players can continue to enjoy quality game experience.

(Wang Wei, Senior architect of Tencent Game Cloud)

Q: How does Tencent Interactive Protect its business security?

Tencent game security expert Wang Yue said

Fair game environment and protection of players’ property are important values of game safety. In the past, cheating, theft, training, gold and other phenomena are often ignored by game safety, which will lead to the decline of game players’ experience and directly shorten the life of the game. Wang said, tencent games security based on years of technical accumulation, the problems of the cheating, for unauthorized can help game makers from the back end back cheating information, through data collection, accurately judge whether the behavior of the players in the normal category, at the same time, tencent game security also will provide manufacturers with the safety assessment scheme, Provide bug mining for game manufacturers to improve game experience better and make up for losses caused by game bugs in time. Greatly reduce the cost of game manufacturers to build their own security team, while improving operational efficiency. Tencent game security MTP products have been through Tencent cloud services to the majority of game manufacturers and developers.

(Wang Yue, senior security expert of Tencent Games)

Our Game-Tech GAME developer technology salon will continue to be held in different cities, relevant information will be published on the “Cloud + community Salon page” or “Cloud + community Tencent GAME cloud column”, please pay more attention to oh ~

Question and answer

What is component-based game engine design?

reading

How to successfully defend against 1.2TB of known maximum traffic DDoS attacks in China

“Eat chicken” global summit behind the god assist, understand?

Overview of security issues in cloud computing

Has been authorized by the author tencent cloud + community release, the original link: https://cloud.tencent.com/developer/article/1101269?fromSource=waitui