Welcome toTencent Cloud + community, get more Tencent mass technology practice dry goods oh ~

This article was published in cloud + Community column by Tencent Cloud database TencentDB

In the afternoon of September 10, another large-scale Redis unauthorized access vulnerability attack database event occurred, this hacker to blackmail money as the first purpose, rampant, attackers naked threat, directly delete database data. Tencent cloud security system in the attack began less than 30 seconds to start the whole network interception.

Tencent cloud issued an early warning about this high-risk vulnerability in 2017, but many users still haven’t hardened their security. Tencent cloud security experts remind users to refer to the end of the method, as soon as possible security vulnerability repair or deployment defense. In this case, programs and data on the entire server are deleted and data cannot be recovered, which affects service development.

What can we do in the face of Redis being blackmailed? Will you just pay the ransom? Tencent cloud database team through the analysis of ransomware attack principle, combined with years of database security experience accumulation, developed a comprehensive Redis anti-ransomware protection program before, during and after the event.

First, do a good job in advance of database attack prevention:

  • Proper permission Management: Cloud computing vendors generally provide the Web service Cloud Access Management (CAM), which is mainly used to help customers securely manage the Access permissions of resources under their accounts. CAM creates, manages, and destroys users (groups), and uses identity management and policy management to control the access of other users to cloud resources. The Key Management Service can also be used to encrypt data with high security levels.
  • Customized private networks (VPCS) : Cloud computing vendors provide private networks for users to customize and isolate network Spaces on the cloud. Instances on private networks can be started on predefined, customized network segments isolated from other cloud tenants.
  • Use security groups to control access permissions: A security group is a stateful virtual firewall with the filtering function. It is used to control the network access of one or multiple servers. O&m personnel need to control the access lists of corresponding servers and strictly control the access lists of security groups.

Two, strengthen the database attack in the event of protection:

  • Do a good job in multiple authentication information: do a good job in password strong authentication, mandatory database password complexity, to prevent hackers from cracking violence; For high-risk operations, such as FlashDB and Flash All operations, permission control is prohibited and SMS password authentication is added. Of course, the development cost of this part is also very high.
  • Strengthen data communication encryption: If conditions permit, IPsec VPN data channel encryption or SSL transmission encryption can be adopted. Of course, about 30% performance loss should be borne.

Third, do a good job of post-review correction:

  • Backup: continuous data protection, daily backup, weekly backup
  • Dr: Automatic Dr And data synchronization. If the host is faulty, services are switched to the standby host in seconds. The switchover does not affect online services

Once an intrusion occurs, you need to take necessary measures to recover and block data. Our disaster recovery plan we need, to restore a database to be smoothly before the invasion of point in time, and then combined with the security products, ensuring that the system is solid, we need a detailed audit log record and storage, are back and confirm the attack, the clues of the reduction of malicious behavior, find out “rival” detailed information and accurate damage assessment, Facilitate the following long-term prevention and business hemostasis.

Having said so much, to do a good job in the above detailed Redis security protection, we need to invest a lot of development and DBA students to carry out long-term construction, and at the same time, the business needs to run fast and the relevant management personnel are disregarded. Fortunately, we live in the era of cloud computing, Tencent cloud database Redis can help us solve the pressing problem. Tencent Cloud database Redis is based on Tencent cloud security system, providing multiple security mechanisms such as firewall, account security, access control, intrusion prevention, isolation, backup and recovery to protect user data security, so that Tencent cloud enterprises can always feel at ease in their own business development.

Redis, the Tencent cloud database, supports three specifications of stand-alone version, master/slave version and cluster version, as low as 12 yuan/month, providing a full set of database services such as automatic disaster recovery switchover, data backup, fault migration, instance monitoring, online capacity expansion, data file back, and security. To learn more about tencent cloud Redis database information, please visit: cloud.tencent.com/product/crs…

Tencent Cloud security notice: [Security Alert] Notice about Redis unauthorized access vulnerability customer repair

Question and answer

Does Redis have backups?

reading

How to prevent and deal with Redis extortion, Tencent cloud teach you

Tencent cloud database MySQL game industry data security practice sharing

CynosDB for PostgreSQL

Machine learning in action! Quick introduction to online advertising business and CTR knowledge

This article has been authorized by the author to Tencent Cloud + community, more original text pleaseClick on the

Search concern public number “cloud plus community”, the first time to obtain technical dry goods, after concern reply 1024 send you a technical course gift package!

Massive technical practice experience, all in the cloud plus community!