This article shares a seasoned ops engineer's evolving understanding of IT security, covering network, host, application, data, and web security measures, practical tools like ELK and OSSEC, and actionable recommendations to strengthen system protection against attacks and breaches.
This article introduces Session Border Controllers (SBC), outlines three typical deployment scenarios, and shares detailed practical experiences—including architecture, implementation steps, and common pitfalls—of building software‑based SBC solutions such as VAG, VIG, and VTG for VoIP services.
This article explains how 360’s Linux Virtual Server (LVS) platform evolved with the FULLNAT forwarding mode, enhancing cross‑VLAN deployment, simplifying real‑server configuration, adding SYN‑proxy protection, and improving UDP handling, while detailing the new deployment architecture and operational benefits.
The article chronicles Meituan‑Dianping’s external network port monitoring evolution—from slow Python‑driven Nmap scans to a fast Masscan‑Nmap pipeline and real‑time traffic‑driven DPDK module—explaining black‑box scanning, white‑box analysis, best‑practice recommendations, and the critical role of continuous port visibility for security.
This article presents a comprehensive overview of cloud‑era network boundary management, detailing security challenges, unified access control concepts, endpoint protection, traffic analysis, and how automated operations and visualization platforms can reduce risk while maintaining efficient network operations.
This guide presents 25 essential Linux iptables rules—from clearing existing policies to configuring SSH, HTTP, DNS, and DoS protection—illustrated with command screenshots, enabling administrators to quickly adapt firewall settings to their specific network security needs.
The 2017 China International Information Communication Exhibition highlighted NB‑IoT as a pivotal, low‑power, wide‑coverage technology set to dominate over 60% of IoT demand, while outlining China's policy support, deployment milestones, industry challenges, and recommended actions for secure, scalable growth.
This article shares practical IT security insights covering network, host, application, data backup, and web security measures, illustrating how comprehensive protection goes far beyond simple password changes and port tweaks.
This article presents a detailed mind‑map of network security, covering introductory concepts, scanning and defense, monitoring, password cracking, deception attacks, denial‑of‑service, buffer overflow, web and trojan attacks, computer viruses, and future trends, each illustrated with explanatory images.
This article details a cost‑effective hybrid DDoS/CC protection architecture that blends overseas traffic‑scrubbing services with domestic CDN and smart DNS, explaining the attack background, analysis, chosen solutions, implementation steps, and operational results.
The article examines the widespread exposure of MongoDB instances on default ports, outlines how attackers hijack them, and provides concrete steps—including enabling authentication, configuring role‑based access, encrypting traffic, and limiting network exposure—to secure MongoDB deployments.
A critical backdoor was discovered in NetSarang’s Xshell 5 Build 1326, where the nssock2.dll module contains malicious code that contacts a remote domain, affecting multiple NetSarang products; the article details the vulnerability, affected versions, behavior, and provides safe download links.
A recent security advisory reveals that popular remote terminal Xshell versions contain a backdoor in the nssock2.dll component, enabling shellcode to harvest host information, generate monthly DGA domains, and potentially expose sensitive data, prompting immediate version checks and upgrades.
This article outlines a comprehensive, multi‑layered security framework for operations teams, covering policy design, dual‑account permission separation, grid‑based vulnerability management, topology and network safeguards, OS and database hardening, common misconceptions, and actionable principles for maintaining robust protection.
Alibaba’s IT platform evolved from a simple employee directory in 2013 to a comprehensive, self‑developed ecosystem—including cloud‑based Wi‑Fi, soft‑phone, wireless casting, device management, and unified audio‑video conferencing—that reduces costs, enhances security, and delivers seamless, mobile‑first office experiences across global campuses.
The recent ONION and WNCRY ransomware outbreak, originating from leaked NSA tools like EternalBlue, rapidly infected over 70 nations, targeting hospitals, universities and other institutions, and this article explains the attack timeline, infection mechanisms, impact on Chinese campuses, and practical mitigation steps such as backups, patching, port blocking and domain filtering.
This article explains how 360’s Linux Virtual Server (LVS) platform has progressed over six years, introducing the FULLNAT forwarding mode, Syn‑Proxy attack protection, a new UDP‑friendly tunnel design, and an enhanced redundant deployment architecture to improve performance, security, and scalability.
This article recounts a Ctrip security engineer’s evolution from early Unix‑based operations to fully automated network security, highlighting challenges in forecasting, application security integration, rapid incident response, and large‑scale firewall automation within a fast‑growing enterprise.
This comprehensive guide explains Linux firewall fundamentals, the role of iptables and Netfilter, the structure of tables and chains, rule ordering, common commands, and real‑world configuration examples for securing networks and handling port mapping.
This guide explains how to install, enable, and manage FirewallD on Linux, covering zones, services, ports, rich rules, port forwarding, and direct iptables integration, with step‑by‑step commands and visual examples to help administrators configure persistent, dynamic firewalls efficiently.
The article describes Alibaba's smart defense model that uses real‑time traffic analysis and big‑data insights to automatically adjust DDoS mitigation strategies, outlines the system's capabilities such as attacker identification and traffic quantification, and discusses future challenges in handling increasingly complex and large‑scale attacks.
This article reviews the 2016 Dyn DDoS incident, explains why DDoS attacks remain a critical security challenge, and details Alibaba's internally built high‑performance DDoS mitigation solution AliGuard, covering its development timeline, multi‑user architecture, scalability from 40 Gbps to over 400 Gbps, and deployment models.
This document outlines a comprehensive enterprise IT infrastructure plan covering network topology, hardware selection, security measures, VPN solutions, and wireless deployment to support a growing organization with minimal operational overhead and high reliability.
This article introduces Linux’s built-in iptables (netfilter) firewall, explains its four tables and chains, and provides detailed command-line examples for starting, stopping, configuring, listing, and managing rules, including common options and extended matching techniques.
When a production server is compromised, abrupt actions like pulling the plug can disrupt services, so this guide outlines an eight‑stage, evidence‑driven response process—including verification, on‑site preservation, containment, impact assessment, online analysis, backup, deep forensics, and reporting—plus real‑world case studies and concrete command examples.
This guide walks through iptables fundamentals—including listing, flushing, and setting default policies—then demonstrates adding, inserting, replacing, and deleting rules, explores basic and extended match modules, and provides practical exercises for building robust firewall configurations.
The article explains the TCP handshake spoofing technique, showing how the 32‑bit sequence and acknowledgment fields can be abused to impersonate a client, the traffic volume required for a successful attack, and why TLS is the recommended mitigation.
This article explains the layered design of TLS, details the cryptographic primitives and cipher suites it uses, and provides guidance on selecting secure configurations while avoiding unsafe legacy algorithms.
The article explains that an AR gateway's outbound ACL 3301, which denies ICMP to 8.8.8.8, does not affect ping commands issued on the device itself because those packets bypass the forwarding plane where traffic‑filter policies are enforced.
This guide compiles essential papers, tools, virtual machines, datasets, and training sites to help learners deepen their understanding of computer and network security through both theoretical study and hands‑on practice.
This guide demonstrates how to simulate a high‑traffic scenario between two machines and use an iptables rule to reject connections from a specific host when its concurrent requests exceed ten, including command syntax, execution steps, and result analysis.
The article describes how Ctrip’s network security team built an automated, centralized firewall management platform that handles multi‑brand firewalls, streamlines policy queries, generation, and deployment, integrates with change‑ticket workflows, and dramatically improves operational efficiency while reducing human error.
This article provides an in‑depth technical overview of Linux Netfilter, explaining its hook architecture, key macros, packet‑processing flow, and how iptables interacts with the kernel to filter, NAT, and track connections across the IPv4 stack.
Learn the fundamentals of iptables firewall on Linux, including configuration file location, service control commands, the hierarchy of tables, chains, and rules, common targets, and essential iptables commands for listing and flushing rules.
This article explains how DNS hijacking injects unwanted ads by exploiting HTTP's lack of encryption, identity verification, and integrity checks, and demonstrates how HTTPS, with SSL/TLS encryption, certificates, and integrity validation, protects users from such attacks while also discussing performance impacts.
This article explains the Linux Netfilter framework and iptables utility, detailing hook points, rule tables (filter, nat, mangle, raw), chain behavior, packet routing flow, and common command syntax for building robust firewall policies.
This article explains what HTTP and DNS hijacking are, illustrates real-world examples, analyzes root causes such as ad injection and malicious attacks, and presents concrete anti‑hijacking techniques like data legitimacy checks, timeliness verification, HttpDNS, and operator cache mitigation.
The article explains what HTTP and DNS hijacking are, illustrates real‑world examples, analyzes root causes such as ad injection and ISP caching, describes the resulting harms, and presents practical anti‑hijack techniques including data validation, HttpDNS, and logging strategies.
This article explains the fundamentals of HTTPS by comparing web communication to passing notes in a classroom, covering symmetric and asymmetric encryption, RSA key exchange, the role of Certificate Authorities, and how these mechanisms together protect against man‑in‑the‑middle attacks.
This article provides an in‑depth overview of security testing, covering its definition, lifecycle, test types, a wide range of scanning and injection tools, practical checklists, evaluation metrics, and recommendations for integrating security assessments throughout the software development process.
This article explains how to transform massive security‑related big data into clear visual insights, covering storytelling, data processing, visual encoding, design workflow, and two real‑world case studies that illustrate vulnerability mapping and internal traffic analysis for improved threat awareness.
The article explains what Distributed Denial of Service (DDoS) attacks are, why they are a persistent resource‑war in cyberspace, outlines new hybrid attack trends, the expanding range of compromised devices, and discusses evolving defense approaches from local cleaning to cloud‑based anti‑DDoS services.
This article presents a concise visual mind map of iptables, illustrating its core concepts, chains, tables, and typical rules, enabling readers to quickly grasp firewall configuration and operation at a glance in.
This guide explains how to protect Linux servers from SYN flood and DDoS attacks by tuning sysctl parameters, applying iptables rules, installing the free DDoS‑deflate script, and monitoring nginx logs to identify and block malicious IPs and user agents.
Traffic hijacking, a form of man‑in‑the‑middle attack that injects unwanted ads or modifies web content, can be mitigated by HTTPS, which uses SSL/TLS for server authentication, encryption, and integrity, and the article explains the attack methods, HTTPS fundamentals, and practical deployment steps including Alibaba Cloud support.
This guide explains how iptables functions as a Linux firewall, detailing packet traversal through the prerouting, input, forward, output, and postrouting chains, the four built‑in tables with their priorities, and essential commands for listing, clearing, and adding rules to secure network traffic.
This guide demonstrates how to configure an access control list (ACL) with specific deny rules, traffic classifiers, behaviors, and policies on an internal interface, and notes that the same setup can be created easily via a web page.
The article explains what HTTP and DNS hijacking are, illustrates real‑world examples, analyzes their causes and harms, and presents practical anti‑hijacking techniques such as data validation, HttpDNS, operator cache handling, and logging systems.
This article summarizes a comprehensive ops security talk that breaks down network segmentation, system hardening, and permission management into layered defenses, offering practical guidance on VLANs, ACLs, least‑privilege principles, and account auditing for robust enterprise protection.
This article explains the mechanisms of HTTP and DNS hijacking, illustrates real‑world examples, analyzes their causes and impacts on mobile applications, and presents practical anti‑hijacking techniques such as data validation, HttpDNS, ISP cache handling, illegal redirect blocking, and monitoring strategies.
This guide demonstrates how to configure NAT with an ACL, set up internal and external interface IP addresses, define a default static route, and create an ACL‑based traffic policy to block specific internal hosts from accessing a given external IP address.
This article explains how to use Linux iptables to create network-level ACLs that block non-production IP ranges from accessing a Memcached server, providing command examples for adding, listing, and clearing firewall rules, and discusses future considerations such as IPv6 support.
Using the thriller "The Call of Terror" as a metaphor, this article explains how weak controls in an internal network’s APP zone can let attackers bypass firewalls, and how eSDK‑enabled security policies and TSOC analytics can automatically block malicious traffic.
This tutorial walks you through installing OpenVPN on a Linux server, generating server and client certificates, configuring the OpenVPN service, enabling IP forwarding, and setting up client connections with detailed commands and screenshots.
This comprehensive guide explains Linux firewall concepts, the evolution and operation of iptables, rule chains, policies, command syntax, matching criteria, state tracking, NAT/DNAT techniques, and practical exercises, providing readers with the knowledge to configure and manage secure network access effectively.
This article explains TCP fundamentals—including three‑way handshakes, sliding windows, and four‑way termination—then details how the RST flag works and how attackers can forge packets using source ports and sequence numbers to execute powerful RST denial‑of‑service attacks.
The article explains how the Linux kernel’s SYNPROXY feature, introduced in version 3.13, effectively mitigates SYN flood DoS attacks by acting as a gateway, validating handshake cookies, and dramatically reducing kernel soft‑IRQ load during testing on Debian and SLES‑12.
The article provides a comprehensive overview of traffic hijacking methods—from legacy hub sniffing and MAC spoofing to DNS poisoning, router CSRF, PPPoE phishing, and Wi‑Fi hotspot attacks—explaining how each works, real‑world examples, and practical mitigation steps for network administrators.
