腾讯云ssh用户身份验证_为什么用户身份验证对于基于云的系统必不可少

腾讯云ssh用户身份验证

As businesses move more of their services on to web-accessible, cloud-based platforms, the need for robust security grows increasingly important. One key element of this security is controlling who has access to your data and applications. To strengthen security, reduce risk and improve compliance, it is essential that only authorised users get access to a company’s system and that authentication is required before that access is granted.

随着企业将更多的服务转移到可访问Web的基于云的平台上，对强大安全性的需求变得越来越重要。 此安全性的一个关键要素是控制谁有权访问您的数据和应用程序。 为了增强安全性，降低风险并提高合规性，至关重要的是只有授权用户才能访问公司的系统，并且在授予访问权限之前必须进行身份验证。

云认证说明 (Cloud authentication explained)

Cloud authentication is the means of verifying that someone logging in to a cloud-based platform is the person they claim to be. It is a way of preventing stolen usernames and passwords being used to log in to the system. The user’s identity is authenticated by cross-referencing information stored on a database with information held by the user, such as PIN numbers, biometric data or the use of secret questions. If the information provided by the user is identical to that stored in the database, authentication takes place and access is granted.

云身份验证是一种验证登录到基于云的平台的人就是他们声称的人的方法。 这是一种防止被盗的用户名和密码用于登录系统的方法。 通过将存储在数据库中的信息与用户持有的信息(例如PIN码，生物特征数据或秘密问题的使用)进行交叉引用来验证用户的身份。 如果用户提供的信息与数据库中存储的信息相同，则进行身份验证并授予访问权限。

Authentication isn’t just required for people. Companies may also require external machine access to carry out automated services, such as cron-jobs, remote backups, auto updates and remote system monitoring. In these instances, too, it is crucial that external apps are authorised so that hacking bots disguised as genuine apps don’t slip through the security net. Authentication in these areas can be done through the use of digital certificates and APIs.

身份验证不仅是人们需要的。 公司还可能要求外部计算机访问权限以执行自动化服务，例如cron作业，远程备份，自动更新和远程系统监视。 在这些情况下，同样重要的是，必须授权外部应用程序，以使伪装成真正应用程序的黑客程序不会通过安全网。 这些领域的认证可以通过使用数字证书和API来完成。

认证与授权 (Authentication and authorisation)

Authorisation is the granting of permissions for individuals to access different parts of a system. It is not desirable, in any organisation, for every user to have the same permissions. Access to sensitive data, for example, might be restricted to only certain staff.

授权是授予个人访问系统不同部分的权限。 在任何组织中，都不希望每个用户都具有相同的权限。 例如，对敏感数据的访问可能仅限于某些人员。

One of the advantages of authentication is that it helps prevent unauthorised users from accessing data they do not have the authority to see. In particular, it will stop employees who have forgotten their own passwords being able to log in using their colleague’s account details and gaining access to all the areas they have permission to use.

身份验证的优点之一是，它有助于防止未经授权的用户访问他们无权查看的数据。 特别是，这将使忘记密码的员工无法使用其同事的帐户详细信息登录，并获得对他们有权使用的所有区域的访问权限。

为什么身份验证如此重要 (Why authentication is so important)

Preventing unauthorised access to cloud-based systems is vital. Hacked companies face enormous consequences: operational downtime, significant fines, potential lawsuits, reputational damage, industrial espionage and ransom. Customers can suffer just as much as companies too, with financial information being sold on the darknet and sensitive data being leaked across the internet. Lose personal data under GDPR and you could face a fine of up to €20 million or 4% of global annual turnover.

防止未经授权访问基于云的系统至关重要。 被黑客入侵的公司将面临巨大的后果：运营中断，大量罚款，潜在的诉讼，声誉受损，工业间谍活动和赎金。 客户可能遭受与公司同样的痛苦，金融信息在暗网上出售，敏感数据通过互联网泄漏。 根据GDPR丢失个人数据，您可能会面临高达2000万欧元的罚款或全球年营业额的4％。

Authentication is a process which protects web-based systems from hackers and without it, your entire system is vulnerable. Cybercriminals use seriously advanced software that can crack usernames and passwords and they also use other techniques to phish for credentials from employees. Authentication provides an extra layer of security, using information that hackers can’t use. In this way, they are prevented from getting access.

身份验证是一个保护基于Web的系统免受黑客攻击的过程，没有它，您的整个系统就很容易受到攻击。 网络罪犯使用严重的高级软件，可以破解用户名和密码，并且还使用其他技术来仿冒员工的凭据。 身份验证使用黑客无法使用的信息，提供了额外的安全保护。 这样，可以防止它们获得访问权限。

实用认证 (Practical authentication)

One challenge for businesses that use cloud-based systems is how to balance ease of use with strict security. Strong security is essential, but it can also be a hassle for users who need a quick and convenient way to log on. There is a range of different methods which can be used, here are two of the most common.

使用基于云的系统的企业面临的挑战之一是如何在易用性和严格的安全性之间取得平衡。 强大的安全性是必不可少的，但对于需要快速便捷的登录方式的用户而言，这也可能会带来麻烦。 可以使用多种不同的方法，这是最常用的两种方法。

两因素和多因素身份验证 (Two factor and multifactor authentication)

To increase security, many organisations require two-factor authentication. This consists of a password plus one additional piece of information. Multifactor authentication requires a password and up to four other methods of verification.

为了提高安全性，许多组织都需要两因素身份验证。 这由密码和一条附加信息组成。 多因素身份验证需要密码和最多四种其他验证方法。

There are four ways that a user’s ID can be authenticated, these are:

可以通过四种方式对用户ID进行身份验证，它们是：

1. Asking for something the user knows, such as a PIN, date of birth or the answer to a secret question.

1.询问用户知道的信息，例如PIN，出生日期或秘密问题的答案。

2. Using something the user has in their possession: customers may be required to get a code from a card reader or be sent a code to their smartphone.

2.使用用户拥有的东西：可能要求客户从读卡器中获取代码或将代码发送到他们的智能手机。

3. Biometric data: the user may have to provide biometric data such as a fingerprint, photograph or retina scan.

3.生物特征数据：用户可能必须提供生物特征数据，例如指纹，照片或视网膜扫描。

4. Location data: smartphone GPS data and computer Mac addresses can also be used to verify the location of the user.

4.位置数据：智能手机GPS数据和计算机Mac地址也可用于验证用户的位置。

需要“强身份验证” (The need for ‘strong authentication’)

The term ‘strong authentication’ is used to describe systems where authentication is robust enough to guarantee its security. What ‘robust enough’ means, however, depends upon the needs of the system, how critical its apps are, how sensitive the data it holds and the type of organisation it belongs to.

术语“强身份验证”用于描述身份验证足够强大以保证其安全性的系统。 但是，“足够强大”的含义取决于系统的需求，其应用程序的关键程度，所保存数据的敏感度以及所属组织的类型。

Some organisations may be adequately protected by two-factor authentication, however, for those with high-security requirements, multifactor authentication is the standard practice.

一些组织可能受到两因素身份验证的充分保护，但是，对于那些具有较高安全性要求的组织，多因素身份验证是标准做法。

Many companies are now using smart card technology for authentication. Here, biometric data, passwords and other vital information is stored on a smart card and the card is used by inserting it into a reader and inputting a PIN. Contactless cards can also be used by tapping against an RFID reader. Lots of organisations use the same card to grant physical access to the company’s premises.

现在，许多公司正在使用智能卡技术进行身份验证。 在这里，生物特征数据，密码和其他重要信息存储在智能卡上，并且通过将其插入读取器并输入PIN来使用该卡。 非接触式卡也可以通过敲击RFID读取器来使用。 许多组织使用同一张卡授予对公司场所的物理访问权限。

结论 (Conclusion)

Authentication is essential for organisations wanting to keep their systems and data secure, especially when it based in the cloud and can be accessed over the internet. To ensure your system is well protected, you should, as a minimum, use two-factor authentication. However, if you hold sensitive personal data or run critical applications online, then multifactor authentication may be the safest option.

身份验证对于希望保持其系统和数据安全的组织至关重要，尤其是当它们基于云并且可以通过Internet访问时。 为了确保系统受到良好的保护，至少应使用两因素身份验证。 但是，如果您保存敏感的个人数据或在线运行关键应用程序，则多因素身份验证可能是最安全的选择。

If you are looking to migrate your system to the cloud, check out our enterprise level, cloud hosting solutions.

如果您希望将系统迁移到云，请查看我们的企业级云托管解决方案 。

翻译自: https://www.eukhost.com/blog/webhosting/why-user-authentication-is-essential-for-cloud-based-systems/

腾讯云ssh用户身份验证