September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
306
|
第
18
章
更改密码并继续操作是一项简单的任务。但如果攻击者有权访问各类账户,包括管理员账
户,或无法确认他们攻破了哪些账户,则必须更换所有用户的凭据。创建恢复检查清单
时,请务必列出重置账户的顺序,优先重置管理员凭据、已知被泄露的账户以及能访问敏
感资源的账户。如果系统用户量大,则可能需要一次性重置所有用户的密钥。
把握机会
更换大型组织中的一次性凭证,往往会导致严重的业务中断。想象一下让成千上万的
人同时采取行动会发生什么。单点登录(
SSO
)服务和集中身份认证系统可以简化用
户在恢复阶段需要采取的操作,进而减轻更换凭据的影响。然而,在事件恢复过程中
引入
SSO
这样的复杂系统,不但耗时,成本也高,故不适用于短期缓解工作。
现代身份和访问的云解决方案允许相对快速地添加双因素身份认证,因此变得越来越
有吸引力。特别是对于保护措施薄弱的登录点(如邮件登录入口)来说,启用双因素
身份认证能快速起效。双因素身份认证还有额外的好处:可以知道攻击者是否仍在尝
试登录账户。这些尝试行为表现为账户登录失败。
为了改进安全状况,在开展短期缓解工作时,可以探索一些长期解决方案。包括启用
双因素身份认证云服务,以及一些更为系统化的变更,比如使用基于
FIDO
的安全密
钥(在第
7
章中讨论过)。
如果组织之前很少有类似的处理经验,则更换凭据会遇到更复杂的问题:攻击和缓解可能
会使情况更糟。假设公司使用集中化系统(如
LDAP
数据库或
W
indows Active Directory
)
来管理员工账户。其中一些系统存储有密码的历史记录
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.