September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
252
|
第
15
章
DNS
查询的日志也是一种基于网络的、非常有用的信息源。借助
DNS
日志,可以查看公
司中是否有计算机解析了某个主机名。例如,你可能希望查看网络中是否有主机对已知恶
意主机名做了
DNS
查询
,或可能希望检查以前解析的域名,以识别攻击者访问的、控制
的每台计算机。运维安全团队还可能使用
DNS
“沉洞”
(
sinkhole
)技术,错误地解析已知
的恶意域,进而使攻击者无法有效地使用它们。当用户访问一个“沉洞”时,检测系统往
往会发出高优先级告警。
还可以使用承载内部或出口流量的
We
b
代理日志。例如,可以使用
Web
代理扫描网页来
查找钓鱼网站或已知安全漏洞。当使用代理进行检测时,还需要考虑员工隐私,并与法务
团队就代理日志的使用做讨论。一般来说,我们建议尽可能调整恶意内容检测的准确度,
以尽量减少触发告警时接触的员工数据量。
15.2.4
日志记录成本
调试和调查活动会消耗资源。我们使用的一个系统有
100TB
的日志,其中大多从未使用
过。由于日志记录消耗了大量的资源,而且在没有问题的情况下,日志的监控频率通常较
低,因此针对日志记录和调试基础设施的投资可能会不足。为了避免这种情况,我们强烈
建议提前对日志记录做好预算,同时考虑解决服务问题或安全事件可能需要的数据量。
为了实现快速、方便地实时查询数据,现代日志系统通常包含一个关系型数据系统,如
Elasticsearch
或
BigQuery
。相关成本随系统所需存储和索引的事件数量
、处理和查询数据
所需的计算机数量以及所需的存储空间而增长。因此,当需要长时间保留数据时 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.