如何做一名失敗的安全架構師

{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"與大多數教你如何擔任架構師一職的顯學不同，本文從對立面剖給你看，成功學容易，想要看清泥濘中的水坑，是真的需要自己多走點路。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"安全架構師是信息安全這項目工作做久了之後的結果，但並不是必然結果，擁有多年的工作經驗、見識廣泛、大廠出身都不是充分條件。相反，一個自認爲有多年經驗、見過世面、系出名門的老哥走到了安全架構師職位，卻犯了以下幾種錯誤，那麼他大概率上會失敗。（爲什麼說大概率而不是一定，因爲據說毛主席不會用槍。如果是這一級別的大神，這篇文章不適合您，我先走了）"}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"一、言必稱架構，卻不知架構爲何物"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1、說不清功能架構、技術架構、應用架構之間的差異跟聯繫"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"先說說什麼叫架構，答案因人而異，對我而言，架構既是骨架，也是肌肉、皮膚。"}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/b0/b06d73a785b80618a611a61196140cab.png","alt":null,"title":"","style":[{"key":"width","value":"25%"},{"key":"bordertype","value":"border"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有一些大型的企業，管理上已經走過了很基本的初級階段，一點點現場的變化和改善，具體流程有些哪些變化，對這樣的企業來說根本起不到什麼作用。它們需要從整個公司的頂層設計，工作需要進入這樣一個量級。到這種規模的企業，需要的就是系統化的方法。企業架構這個東西就是從這裏切入的。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這個道理就跟做產品也是一樣的。如果說我們做一個小的產品，比如一些日用品、快消品這種生產銷售的企業，你做產品設計就比較簡單，直接開發就完了。而如果你是要做一個系統級的產品，比如說設計和生產汽車，或者航空發動機、飛機、電廠這樣規模的產品，設計的系統性就非常重要，你必須給出一個系統級的解決方案。這種系統級的產品設計就相當於我們大企業管理的頂層設計，而小企業不需要頂層設計，或者說不需要系統級的頂層設計。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"企業架構就是這樣的頂層設計。企業架構通常分兩種，一種叫業務架構，另一種叫IT架構。最早做架構的人都是搞IT的人，IT人士更有這種系統性的思維。其實做流程，有一部分起因是搞業務和管理的人，還有一部分起因是搞IT的人。是IT人士把這種流程的結構化思維推向了更高的一個層面。"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"業務架構，是對企業的業務和管理的不同維度來構建的模型。比如說企業的戰略績效模型，運營模式模型，流程模型，組織模型，空間佈局模型等等這些模型。現實中我們見的最多的企業架構模型就是組織架構。我們看到企業的組織機構圖，它就是一種業務架構。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"還有一個就是IT架構，IT架構就是從企業信息化實現的維度來給企業構建的模型。它的目的就是描繪這種信息系統的藍圖。IT架構分這樣三個部分，數據架構、應用架構和技術架構。數據架構是研究企業裏數據資源的結構；應用架構是企業部署的應用和這些應用之間的關係；技術架構就是完全技術性的東西，軟件，硬件，基礎設施，網絡，通訊，中間件等等內容。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"也就說IT架構是由企業架構衍生出來的。當我們進行IT架構設計的時候，依然還要從業務架構出發。因爲道理很簡單，不管你如何做IT規劃和IT的開發，最後你總是要用業務來實現它，你的最終目的也是要爲業務服務，否則你的IT就沒有意義。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"2、安全架構就是一通羅列，堆上去就他了"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"安全架構有兩個衍生依據，一是業務架構，二是IT架構。不滿足業務需求做安全是無源之水，不分析IT做安全是緣木求魚。"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"業務需求又分爲功能需求和合規需求，也就是對內負責和對外負責。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在實操中，安全架構的設計基本上遵循需求分析、安全功能分析、功能拆分與設計幾個步驟。以登錄這一功能爲例子進行詳細說明："}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1、某金融類App，該App有動賬功能，涉及外部客戶資金的轉出與提現。這裏需要分析的是用戶羣體、用戶環境、用戶動作以及用戶業務場景，也就是誰用什麼工具執行某項操作，用來開展某項業務。當然與登錄相關的業務都需要搞清楚，比如用戶體系來自哪裏，怎麼輸入、更新、刪除，誰來執行、審批等等。特別提示，這裏的安全分析一定要深度結合業務場景，筆者曾經在銀行和券商工作過，銀行動賬時可以選用U盾，那麼券商銀證轉賬能不能用U盾，就是不能，後者對資金轉移的快速要求是第一位，就是不能搞這麼複雜，你可以在後臺增加風控措施，在前臺就是不能這麼搞雙因素認證。"}]}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/7e/7eeb1e73370292ba3eaac19df9749811.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、摘取合規要求中與登錄相關的要求，如根據最新版的《網上銀行系統信息安全通用規範》(JR/T 0068-2020)中“6.2 安全技術規範”要求，登錄應遵循："}]}]}]},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"6.2.1.1 n) 客戶端登錄框應禁止明文顯示密碼，應使用同一特殊字符（例如，*或者.）代替。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"6.2.1.1 o) 客戶端程序程序登錄後在一定時間內容無任何操作，應自動登出，重新登錄後才能繼續使用。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"6.2.1.1 p)客戶端程序應配合服務器端採取有效措施，對登錄請求、服務請求以及數據庫查詢等資源消耗較高行爲的頻率進行合理限制。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3、分析IT架構，可以從軟件需求設計說明書中找到或參與到研發人員的前期設計會議中，瞭解IT人員用到的技術棧。例如，登錄用到了Oauth2，在技實現上用戶體系哪裏來，怎麼管。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"4、結合常見的威脅分析模型，如微軟STRIDE模型，分析登錄可能遇到的風險，並據此設計應對方案，模型給了一些通用的消減措施。 "}]}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/7a/7afd93f8d58f5a9f2b56085ffdb70cfe.png","alt":null,"title":"","style":[{"key":"width","value":"100%"},{"key":"bordertype","value":"border"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 作爲架構師，只有通用的消減措施是遠遠不夠的，還要根據前面的分析，設計更詳細的風險及應對措施。 "}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/9f/9fd880cdf1f58403692b85f655e2779a.png","alt":null,"title":"","style":[{"key":"width","value":"50%"},{"key":"bordertype","value":"border"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"重複上述過程，遍歷所有的業務需求、IT需求，就得到了一張大表，包括業務需求、IT需求、安全風險、應對措施。這張表就是安全架構設計的產物，把應對措施做同類型合併，劃分出明確的邊界，就得到了一張安全架構圖。它有以下幾個顯而易見的好處，原因不再贅述："}]},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"作爲本項目安全測試、上線前安全驗收的依據；"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"作爲同類項目滲透測試的參考；"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"長期積累，作爲項目立項、初期過需求時期的安全評審的依據；"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":4,"align":null,"origin":null},"content":[{"type":"text","text":"安全知識庫重要組成部分。"}]}]}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"3、畫不出一張合格的架構圖"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"架構圖是隨意堆疊的嗎？"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爲什麼適用方框而不是圓形，它有什麼特殊的含義嗎？隨意使用方框或者其它形狀可能會引起混淆。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"虛線、實線什麼意思？箭頭什麼意思？顏色什麼意思？隨意使用線條或者箭頭可能會引起誤會。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"架構是一項複雜的工作，只使用單個圖表來表示架構很容易造成莫名其妙的語義混亂。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"架構圖設計的建議"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於安全功能架構、安全應用架構這類比較宏觀層面的圖而言，架構圖是爲了抽象地表示功能組合的整體輪廓和各個功能之間的相互關係和約束邊界，因此需要明確區分各個功能模塊的內涵和邊界，給每個模塊起一個獨特的、不易混淆的名字，列出來這個模塊的具體內容，架構圖中一般可以畫到第三級框，圖下面再用文字寫全。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於場景、物理、邏輯、處理邏輯等軟件開發設計時的架構圖，首先應該要明確架構圖的讀者，想清楚要給他們傳遞什麼信息。所以，不要爲了畫一個架構圖去畫架構，而應該根據受衆的不同，傳遞的信息的不同，用圖準確地表達出來。除了參考大神們畫的UML、時序圖、開發機構等，這裏其實是有業界標準供參考設計的，C4模型。具體可以參考C4官網“"},{"type":"link","attrs":{"href":"https://c4model.com/","title":""},"content":[{"type":"text","text":"https://c4model.com/"}]},{"type":"text","text":"”，The C4 model for visualising software architecture Context, Containers, Components and Code。"}]}]}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"二、遇事不決，量子力學"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"整個IT產業都處於高速發展迭代的過程中，信息安全也不例外。技術與管理理念不斷推陳出新。失敗的架構師會拒絕更新知識體系，或理解不到位而生搬硬套，敷衍堆疊。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1、一招鮮吃遍天"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"遇到沒有見過的東西，失敗的架構師自然是嚴重依賴已有知識體系，如果湊巧心血來潮加入了新鮮的技術或者理念，基本上就是理解個大概就堆上去了，然後使用量子力學進行解釋，“這個、那個，對，應該就是這個意思，我就是想說那個”，沒有觀察者打開黑箱實際觀測導致坍塌就能一直走運。 從發展的模式來看，新的信息安全技術或新理念的出現一般可以從兩個地方找到痕跡："}]},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"新業務驅動"}]}]}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"出來devops要不要devsecops？出來個新的點對點支付你要不要考慮交易安全的事情，新的社區採購模式你要不要考慮用戶安全的事情，以往的安全威脅、安全防護措施，在新的業務面前還適不適用，還合不合適，程度上要不要減弱或者加強一些，都需要考慮。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"再次提示結合具體業務場景做安全需求分析的必要性，一定要從用戶、設備、操作、業務場景做深入分析，這樣才能分析出什麼叫適不適用，合不合適。舉個例子，給公司內部員工用的企業專用終端，終端是安卓的，統一安裝管理裏面的應用，不能導出和外接PC，這種情況下里面應用還需不需要做安全加固？我認爲是不需要的。 "}]}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/35/3584ab331ee0fd4fd6f7ecd9daf613eb.png","alt":null,"title":"","style":[{"key":"width","value":"25%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":2,"normalizeStart":2},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"新技術/新理念伴生"}]}]}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"舉例說明，5G需要5G的安全，在不瞭解網絡切片、邊緣計算的前提下，是不瞭解5G運營商開放能力的技術理念的前提下，是分不清楚需要做哪些安全，以及這些安全哪些應該由運營商提供，哪些需要企業自己實施這些建設模式、運營模式的。搞不清楚就會眉毛鬍子一把抓，運營商或者安全廠商提供什麼就做什麼，容易缺漏，也容易被牽着鼻子走。 "}]}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a6/a61d7df9e1bd0dfff14e4533539238d9.png","alt":null,"title":"","style":[{"key":"width","value":"100%"},{"key":"bordertype","value":"border"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一定要多看多學，擴充自己對知識的理解和整體知識面。 微信、支付寶在推出小程序的時候，他們是怎麼做的安全控制不太清楚，從認證、訪問控制這幾點來說又太泛泛而談，說不到它實際的點子上。後來看到了一張支付寶小程序的架構圖，在對支付寶小程序的開發平臺、運行平臺有了入門瞭解之後，才能夠提出針對性的安全思路來，也就是哪些支付寶可能已經做了，哪些還需要我企業自己着重做。 圖6 高明的架構師必然是儘快學習，調整自己的架構思路，不避諱不完善之初，所謂“遇事不決，多看多學”。"}]}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/fb/fb5b84e051b4ad0de1d80a8aa73da4c3.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"border"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"2、重技巧，輕本源"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們先來看一個問題，是不是所有的新技術或者新理念都涉及安全？"}]},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"吳軍在《硅谷之謎》這本書中，曾經用控制論、信息論、系統論來解釋硅谷成功的奧祕，我們來看看這三論的含義： 系統論、控制論、信息論三者是相互聯繫的，其中的概念、原理是相互滲透的，把三者作爲一個整體來看待，可以抽象出三條最基本的原理：反饋、有序、整體。"}]}]}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"控制論：是指的是任何系統只有通過反饋信息，才能實現控制，或者說沒有反饋信息的系統，要實現控制是不可能的。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"信息論：指的是任何系統只有開放，與外界有信息交換，纔有可能有序，或者說與外界無信息交換的封閉系統，要使之有序是不可能的。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"系統論：指的是任何系統都是有結構的，系統整體的功能不等於各孤立部分功能之和，或者說沒有結構的、反由孤立部分組成的系統是不可能的。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"三論是現代所有信息技術的基礎，從三論的含義能夠看到，在缺少有效控制、有效信息傳播和系統化結構的地方，存在不確定性，風險是不確定性的產物，而有風險的地方，就有安全。這是信息安全技術產生的根本原因。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":2,"normalizeStart":2},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"回溯風險的定義，風險=可能性*嚴重性。這是一切信息安全問題的定義。可能性和嚴重性都是實際業務場景的屬性，這也是我在上面反覆強調安全需求來自業務需求的深入分析這一原因，沒有場景，就沒有能夠落到紙面上的信息安全。換句話說，縱深防禦、安全評估、代碼審計、安全測試、滲透測試等等所有的技術都是降低風險可能性和嚴重性的手段，所有手段都有一個你要保護什麼場景的前提，這個前提不搞清楚，總是會有遺漏。場景是什麼？我再說一次，是對用戶羣體、設備/環境、操作、業務的分析。"}]}]}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"三、描述空洞，缺少靈魂"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我在入行時首先接觸到的是滲透測試、上線前的安全測試，我一直覺得自己非常幸運，一開始就碰到了信息安全最基本的攻防。後來我考慮，如果起點是防病毒、防火牆、IPS、WAF、服務器加固的策略編寫者、維護人員，只要這個人盡心盡責，努力理解規則的內涵與外延，應該也能夠奠定比較好的安全意識和基礎，快速成長爲架構師。 簡單依靠年頭、資歷，希望熬成架構師，就如同身體好的運動員想依靠球齡成爲球星一樣，很容易被替代。意識、經驗、善於總結的心思和好身體一樣，一個都不能少。"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以下圖爲例，我說這是我爲某電商平臺設計的安全架構，有什麼問題？如果我又說這是我爲某銀行交易系統設計的安全架構，它也沒什麼問題。"}]}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/73/734178881cb4827fa2c2682bbd348cd7.png","alt":null,"title":"","style":[{"key":"width","value":"50%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"它的問題在於空洞，所有信息技術的控制技術本來就是這幾個點，只有更深入的二級模塊、三級模塊、特色模塊，才能體現架構的價值。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在這裏給安全設計提供一些建議，供交流參考："}]},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"找一個深入瞭解的點，長期跟蹤下去，在這個領域做到親手幹過、親自看過、能夠看懂最新的發展和變化。——這是要培養你的安全意識和敏感性，我個人在從事企業信息安全建設工作的過程中，一直在跟滲透測試報告，因爲我自己幹過，能看懂，也希望瞭解最新的技術和危害，所以也會對報告提出這樣的要求。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"在出現新技術時，爲了加深理解當然大家都會查很多資料，我的一個方法是同類型技術對比，他們的差異往往是新技術的關鍵點。舉個例子，ABAC（Attribute Base Access Control） 基於屬性的權限控制到底是什麼意思，如果把它跟你用過的windows文件夾授權背後的自主訪問控制技術（Discretionary Access Control，DAC）、你在管理後臺用戶管理功能上配過的基於角色的權限控制根據（Role Base Access Control，RBAC）做比較，就容易理解了，他們的不同就是答案。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"多總結、借鑑有相通性的技術理念，讓他們成爲你安全設計的新武器。我在理解谷歌零信任安全架構時對架構中描述的移動終端、移動用戶持續鑑權印象深刻，後來接觸到ABAC，它是動態計算一個或一組屬性來是否滿足某種條件來進行授權判斷，發現這兩種理念其實是類似的。我上面說的場景分析方法也是從這些技術和理念中逐步形成的。正如喬布斯所言，"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"你在回頭看的時候才知道點點滴滴是如何串在一起的。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當然，除了這些之外，作爲一名架構師還需要文字能力、口頭表達能力、持續跟蹤最新技術和漏洞等，可以參考某些安全公司搞的技能樹，但一定要形成自己的特色技能樹。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"祝你我持續進步，共同成長。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}