Thursday, July 29, 2010

DDOS DDOS tracking the introduction and


銆愬璇汇?澶氭暟鐨勮拷韪妧鏈兘鏄粠鏈?帴杩憊ictim鐨勮矾鐢卞櫒寮?锛岀劧鍚庡紑濮嬫鏌ヤ笂娴佹暟鎹摼锛岀洿鍒版壘鍒版敾鍑绘祦閲忓彂璧锋簮銆?br />
Chain-level test (Link Testing)

澶氭暟鐨勮拷韪妧鏈兘鏄粠鏈?帴杩憊ictim鐨勮矾鐢卞櫒寮?锛岀劧鍚庡紑濮嬫鏌ヤ笂娴佹暟鎹摼锛岀洿鍒版壘鍒版敾鍑绘祦閲忓彂璧锋簮銆?Ideally, this process can be recursive implementation of the attack until you find the source. This technique assumed attack remains active until the completion of tracking, it is difficult after the attack, intermittent attacks or attacks on the track adjustment to track. Including the following two chain-level testing:

1銆両nput debugging

Many routers offer Input debugging features, which allow administrators to filter certain number of exit data packets, and can decide who can reach the entrance.杩欑鐗规?灏辫鐢ㄦ潵浣渢raceback锛氶鍏堬紝victim鍦ㄧ‘瀹氳鏀诲嚮鏃讹紝瑕佷粠鎵?湁鐨勬暟鎹寘涓弿杩板嚭鏀诲嚮鍖呮爣蹇椼? Through these signs in the upper reaches of the outlet manager configuration suitable Input debugging. This filter will reflect the relevant input port, the filtration process can continue in the upper class, until to reach the original source. Of course, a lot of this work by hand, some foreign ISP tools for the joint development of their network can automatically follow-up.

浣嗘槸杩欑鍔炴硶鏈?ぇ鐨勯棶棰樺氨鏄鐞嗚姳璐广? Multiple ISP links and cooperation with them will take time. Therefore, this approach requires a lot of time, and almost impossible.

2, Controlled flooding

Burch and Cheswick proposed method.杩欑鏂规硶瀹為檯涓婂氨鏄埗閫爁lood鏀诲嚮锛岄?杩囪瀵熻矾鐢卞櫒鐨勭姸鎬佹潵鍒ゆ柇鏀诲嚮璺緞銆?First of all, there should be an upper road map, when under attack, they can start from the victim's upstream routers in accordance with road map on the upstream routers to control the flood, because the data packets with attack-initiated packet router also shared, thus increasing the possibility of the router packet loss. Through this continued up along the road map for, we can close the source of attacks launched.

This idea is very creative but also very practical, but there are several drawbacks and limitations. The biggest drawback is that this approach is itself a DOS attack, it will also carry out some of the trust path DOS, this shortcoming is also difficult procedure.鑰屼笖锛孋ontrolled flooding瑕佹眰鏈変竴涓嚑涔庤鐩栨暣涓綉缁滅殑鎷撴墤鍥俱? Burch and Cheswick also pointed out that this approach could be used for DDOS attacks on the track. This method can only be effective on the ongoing situation in the attack.

CISCO router is CEF (Cisco Express Forwarding) is actually a kind of chain-level test, that is, to use CEF up to the final source, then the link on the router had to use CISCO routers, and support CEF. Must be Cisco 12000 or 7500 series router has. (Do not know how, do not check the latest CISCO document), but the use of this feature is very cost resources.

In the CISCO router (ip source-track support for the router) the IP source tracking in order to achieve the following steps:

1, when the purpose was found to be attacked, opened on the router the destination address of the track, enter the command ip source-track.

2銆佹瘡涓狶ine Card涓鸿杩借釜鐨勭洰鐨勫湴鍧?垱寤虹壒瀹氱殑CEF闃熷垪銆傚浜巐ine card鎴栬?绔彛閫傞厤鍣ㄧ敤鐗瑰畾鐨凙SIC浣滃寘杞崲锛孋EF闃熷垪鐢ㄤ簬灏嗗寘缃叆line card鎴栬?port adapter鐨凜PU銆?br />
3, each line card CPU collect information to track the purpose of communication

4, the timing data generated by export to the router. Be realistic summary of the flow of information, enter the command: show ip source-track summary. Each input interface to display more detailed information, enter the command show ip source-track

5, statistical tracking of IP addresses is a breakdown. This can be used to analyze the upstream router. You can close the current router IP source tracker, enter the command: no ip source-track. And then re-open at the upstream router on this feature.

6, repeat steps 1 through 5, until you find the attack source.

This almost answers securitytest to mention the bar.

Logging

Through this method to record the main data packet router, and then through the data collection techniques to determine the path packets through. While this approach can be used to track the data after the attacks, it also has obvious disadvantages, such as may require significant resources (or sampling), and to deal with large amounts of data synthesis.

ICMP tracking

This approach mainly rely on self-generated ICMP router tracking information. Each router has a very low probability (for example: 1 / 200000), the contents of the packet will be copied to an ICMP message in the package, and contains the information near the source address of the router. When the flood attacks beginning, victim can use ICMP messages to reconstruct the attacker path. In this way comparison with the above description, there are many advantages, but there are some disadvantages.姣斿锛欼CMP鍙兘琚粠鏅?娴侀噺涓繃婊ゆ帀锛屽苟涓旓紝ICMP杩借釜娑堟伅杩樿鍚宨nput debugging鐗规?锛堝皢鏁版嵁鍖呭悓鏁版嵁鍖卛nput绔彛鍜?鎴栬?瑕佸埌杈剧殑MAC鍦板潃鍏宠仈鐨勮兘鍔涳級鐩稿叧锛屼絾鏄紝鍙兘涓?簺璺敱鍣ㄥ氨娌℃湁杩欐牱鐨勫姛鑳姐? At the same time, this approach also must be a way to deal with an attacker could send a forged ICMP Traceback message. In other words, we can approach this way, used in conjunction with other tracking mechanisms to allow more effective. (IETF iTrace)

杩欏氨鏄痽awl璇寸殑IETF鐨勫伐浣滅粍鐮旂┒鐨勫唴瀹癸紝褰撴椂鎴戠粰Bellovin鎻愬嚭涓?簺鎰忚锛屼絾鏄病鏈夊緱鍒扮瓟妗堛? For example:

1, although a random 1 / 20000 to track packages sent, but the package for forgery TRACEBACK cases, the efficiency of the router will have some effect.

2, track packages, and can not solve the counterfeit problem of authentication. To determine whether it is fake because the package, you must go to certification, and increased workload.

3, even with NULL authentication, also serve the purpose of (a certified case). And will not be much affected.

4, itrace purpose is to deal with the original DOS source of the problem of deception, but now the design seems to make us more concerned about the path and not the source. Is the path is more than the source of our problem to solve DOS useful?

绛夌瓑锛岃繕鏈変竴鍫嗛棶棰橈紝閮芥槸鎴戣寰梚Trace灏嗕細闈复鐨勫緢闅惧鐞嗙殑闂銆?br />
Packet Marking

The technology concept (because there is no practical) is to the existing agreement on the basis of changes, and changes very little, not like the idea of iTrace, think better than iTrace.杩欑杩借釜鎶?湳鏈夊緢澶氱粏鑺傜爺绌讹紝褰㈡垚澶氱鏍囪绠楁硶锛屼絾鏄渶濂界殑杩樻槸缁忚繃鍘嬬缉鐨勮竟缂樺彇鏍风畻娉曘?

Principle of this technique is a change in IP header, in which the identification heavy domain. That is, if not used to the identification domain, then this field is defined as the tag.

The 16bit of idnetification into: 3bit the offset (allows 8 slice), 5bit the distance, and the edge of 8bit slice. 5bit the distance allows 31 routes, which for the current network is already enough.

Marking and path reconstruction algorithm is:

Marking procedure at router R: let R'' = BitIntereave(R, Hash(R)) let k be the number of none-overlappling fragments in R'' for each packet w let x be a random number from [0..1) if xlet o be a random integer from [0..k-1] let f be the fragment of R'' at offset o write f into w.frag write 0 into w.distance wirte o into w.offset else if w.distance=0 then let f be the fragment of R'' at offset w.offset write f?w.frag into w.frag increment w.distance Path reconstruction procedure at victim v: let FragTbl be a table of tuples(frag,offset,distance) let G be a tree with root v let edges in G be tuples(start,end,distance) let maxd:=0 let last:=v for each packet w from attacker FragTbl.Insert(w.frag,w.offset,w.distance) if w.distance>maxd then maxd:=w.distance for d:=0 to maxd for all ordered combinations of fragments at distance d construct edge z if d!=0 then z:= z?last if Hash(EvenBits(z))=OddBits(z) then insert edge(z,EvenBits(z),d) into G last:=EvenBits(z); remove any edge(x,y,d) with d!=distance from x to v in G extract path(Ri..Rj) by enumerating acyclic paths in G聽

Under laboratory conditions only victim of such markers can be caught from 1000 to 2500 package will be able to reconstruct the entire path, and should be said that the result is good, but not put to practical, mainly manufacturers and ISP router support needed .

Ip traceback's been almost a practical technology and laboratory techniques, or inanimate, on the main these, although there are other.

For a long time did not engage in a DDOS against it, and the domestic like product have a black hole, previously know some foreign, such as floodguard, toplayer, radware so.鍙梥ecuritytest鎻愮ず锛屽張浜嗚В鍒皉iverhead鐨勶紝鎴戝氨绔嬪埢鐪嬩簡鐪嬩粬浠殑鐧界毊涔︺?

Bigfoot made since the previous main ip traceback subject, securitytest also went to the defense. DDOS problem for ip traceback and Mitigation is not the same, ip traceback main track, mainly because of DDOS spoof, which is difficult to determine the real source of attack, and if the attack is easy to find the real source, not just to deal with DDOS, attacks against the other is also helpful, such as legal issues.鑰孧itigation鏄粠鍙楀鑰呯殑瑙掑害锛屽洜涓簐ictim涓?埇鏄病鏈夎兘鍔涘幓璋冩煡鏁翠釜缃戠粶锛屾壘鍑簊ource锛岃?涓旓紝鍗充究鑳藉鎵惧埌source锛屼篃寰楁湁娉曞緥鎴栬?涓?簺娌熼?鐨勬墜娈垫潵璁﹕ource鍋滀笅鏉ワ紙鏀诲嚮鐨剆ource骞朵笉鏄痵ource鐨勬敾鍑昏?锛夛紝杩欑鎰忓懗鐫?ぇ閲忕殑娌熼?銆佽法ISP銆佽法杩囩瓑绫讳技鐨勯潪鎶?湳闂锛屾墍浠ワ紝閫氬父寰堥毦澶勭悊銆?But from the victim's point of view, have to be a solution, so we need to Mitigation.

杩欏張姝eソ鏄垜浠ュ墠鐮旂┒鐨勮寖鍥达紝鎵?互锛屽張浼氳鍑轰竴澶у爢銆傚浜嶮itigation锛屽叾瀹烇紝鎶?湳鐨勬牴鏈氨鏄鑳戒粠浼楀鐨勬祦閲忎腑灏嗘敾鍑诲寘鍜屽悎娉曞寘鍒嗙鍑烘潵锛屾妸鏀诲嚮鍖呮姏寮冩帀锛岃鍚堟硶鍖呴?杩囧氨鎬т簡銆?This is not, so the actual use of technology is to identify how the attack packets as possible, but as small as possible to affect the normal package. This is again to analyze the DDOS (or DOS) of the methods and principles. Basic has the following forms:

1, the system hole formation DOS. This feature fixed, detection and prevention are also easy to

2, protocol attacks (some deal with system-related, some related with the agreement). Such as SYN FLOOD, debris, etc..鐗瑰緛杩樺ソ璇嗗埆锛屾娴嬪拰闃插尽鐩稿瀹规槗銆?Such as SYN COOKIE, SYN CACHE, debris can be discarded. Such as land attack, smurf, teardrop, etc.

3, bandwidth FLOOD. Waste flow plug-bandwidth, feature poor recognition, defense is not easy

4, the basic legal FLOOD. More difficult than three, such as distribution of Slashdot.

Real DDOS, usually combining a variety of ways. For example SYNFLOOD, may also be bandwidth FLOOD.

The main factors that affect the defense is to see whether the features available, such as 1,2 relatively easy to solve, some of the basic does not affect the use of the FLOOD, it can well be abandoned, such as ICMP FLOOD. However, the attack packets if contracting tools to better package disguised as legitimate, it is difficult to identify out.

Mitigation methods in general is:

1, Filter. For obvious characteristics, such as some worms, the router can handle that. Of course, the filter is the ultimate solution, as long as the identification of the attack packets, it is to filter out these packets.

2, random packet loss. Associated with the random algorithm, a good algorithm can make the legitimate packets are less affected

3, SYN COOKIE, SYN CACHE other specific defensive measures. For some regular means of defense and attack filtering. For example ICMP FLOOD, UDP FLOOD. SYN COOKIE are all to avoid spoof, at least there are three TCP handshake, so better to judge SPOOF

4, passive neglect. It can be said to be deceived is also a way to confirm that. The normal connection fails will try again, but the attackers generally do not try.鎵?互鍙互涓存椂鎶涘純绗竴娆¤繛鎺ヨ姹傝?鎺ュ彈绗簩娆℃垨鑰呯涓夋杩炴帴璇锋眰銆?br />
5, take the initiative to send a RST. Against SYN FLOOD, such as on a number of IDS.褰撶劧锛屽疄闄呬笉鏄湁鏁堢殑銆?br />
6, statistical analysis and fingerprints. It would have been the main content, but in the end the algorithm into a dead end, because the main problem is an algorithm. Through statistical analysis point of view to get the fingerprint, and then to abandon the attack fingerprint package is also a anomaly detection technology. Very simple, but it is not easy to affect the legal package, and will not become a random packet loss. 锛堝叾瀹炲綋鏃惰?铏戝お杩囧鏉傦紝闈炲緱瑕佽缁嗗垎鏋愬嚭鏀诲嚮鍖呭拰鍚堟硶鍖咃紝瀹為檯涓嶉渶瑕侊紝鍙杩囨护鎺夎冻澶熺殑鏀诲嚮鍖咃紝鍗充究璁╂敾鍑诲寘閫氳繃锛屼絾鍙涓嶉?鎴怐OS灏卞彲浠ヤ簡銆傦級杩欎篃鏄緢澶氱爺绌惰?鐮旂┒鐨勪富瑕佽棰橈紝鐩殑涔熷氨鏄瘑鍒敾鍑诲寘銆?br />
Now back to securitytest mentioned riverhead. On the riverhead of the technology, I have just learned from their white paper on, but based on my analysis methods did not exceed the above-mentioned range.

riverhead's core program is the detection of Detection, transfer Diversion and mitigation Mitigation, which is to detect attacks, and then transferred to the traffic guard on their products, and then guard for Mitigation.

瀹冪殑瀹炵幇姝ラ锛屽氨鏄細

鍥犱负娌℃湁鍥撅紝鎵?互鍏堝畾涔変竴涓嬶紝鎵嶈兘璇存竻妤氾細

# Source close to distributed denial of service for the remote router routers

# Close to the victim's router to router proximal

#Riverhead鐨凣uard璁惧闄勫睘瀹夎鐨勮矾鐢卞櫒涓?闄勫睘璺敱鍣?br />
Defense steps

1, first detected in a DDOS place and understand the victim

2銆丟uard鍙戦?BGP閫氬憡鍒拌繙绔矾鐢卞櫒锛堝湪victim鐨凚GP閫氬憡璁剧疆鍓嶇紑锛屽苟寰楀埌姣斿師濮婤GP閫氬憡鏇撮珮鐨勪紭鍏堟潈锛夛紝琛ㄧず浠庤繙绔矾鐢卞櫒鍒皏ictim鏈夋柊鐨勮矾鐢憋紝骞朵笖璺敱鍒癎uard鐨刲oopback interface锛屾墍鏈夊埌victim鐨勯兘缁忚繃闄勫睘璺敱鍣ㄨ浆绉诲埌浜咷uard涓?br />
3, Guard inspection flow, and remove one of the attack traffic, and then forwarded to the traffic safety sub router, in the back victim

The core is the Guard, technology is described in the MVP architecture white paper (Multi-Verification Process), which is five levels below

Filter (Filtering): This module contains the static and dynamic DDOS filtering.闈欐?杩囨护锛屾嫤鎴猲on-essential娴侀噺锛屽彲浠ユ槸鐢ㄦ埛瀹氫箟鐨勶紝鎴栬?鏄痳iverhead榛樿鎻愪緵鐨勩? Dynamic filtering is based on the details of behavior analysis and flow analysis, by increasing the flow of the recognition of suspicious or malicious traffic blocking has been confirmed to be real-time updates

Anti-cheat (Anti-Spoofing): This module verify whether the packet into the system to be deceived. Guard uses a unique, patented source verification mechanism to prevent cheating. Also adopted a mechanism to confirm the legitimate flow of legitimate data packets to be discarded to eliminate

Anomaly detection (Anomaly Recognition): The module monitors all anti-cheat has not been filtered and discard the flow module, the flow records with the normal baseline behavior, it is found abnormal.鍩烘湰鍘熺悊灏辨槸閫氳繃妯″紡鍖归厤锛屽尯鍒潵鑷猙lack-hat鍜屽悎娉曢?璁箣闂寸殑涓嶅悓銆?The principle used to identify the attack source and type, and proposed guidelines for interception of such traffic.

寮傚父妫?祴鍖呮嫭锛?鏀诲嚮娴侀噺閫熺巼澶у皬 鍖呭ぇ灏忓拰绔彛鐨勫垎甯?鍖呭埌杈炬椂闂寸殑鍒嗗竷 骞跺彂娴侀噺鏁?楂樼骇鍗忚鐗瑰緛 鍑恒?鍏ョ殑閫熺巼 娴侀噺鍒嗙被锛?婧怚P 婧愮鍙?鐩殑绔彛 鍗忚绫诲瀷 杩炴帴閲忥紙姣忓ぉ銆佹瘡鍛級

鍗忚鍒嗘瀽锛圥rotocol Analysis锛夛細鏈ā鍧楀鐞嗗紓甯告娴嬩腑鍙戠幇鐨勫彲鐤戠殑搴旂敤鏂归潰鐨勬敾鍑伙紝姣斿http鏀诲嚮銆?Protocol analysis also detected a number of agreements misconduct.

Traffic restrictions (Rate Limiting): mainly those who consume too many resources dealing with the source of traffic.

So, in fact the most important content is in the statistical analysis of anomaly detection, but it seems not much to see from the above special place, but must have a good algorithm. Such as FILTER, actually deal with some very familiar features of obvious attacks, anti-cheating is against syn flood like this, perhaps also a syn cookie module, but may have more patented technologies. Protocol analysis should in fact is relatively weak, but can be common agreement on some specific attacks, protocol error detection and identification of some acts simply agreed to check that this is very simple. Traffic restrictions are that a random packet loss, the most helpless way, so the final level.

Because this product is mainly for Mitigation, not ip traceback. But can be determined or there are important issues, such as:

1銆佸浣曞浠樼湡姝g殑bandwidth flood銆?If the router is gigabit, but attacks have accounted for 90% of the traffic, only to shed 10% of the legitimate use, the router has first started with random packet loss of the Guard. (No way, this is the bottleneck of all defense technology)

2, the real attack. The real attack is difficult or not identifiable.姣斿锛屽熀鏈窡姝e父褰㈠紡涓?牱鐨勶紝濡傛灉鍜岀粺璁℃暟鎹緢鎺ヨ繎锛岄偅涔堝緢闅惧尯鍒嚭鏉ャ? Some attacks, such as reflective of the e-mail attacks, it is perfectly legal, but very hard to classify them.








相关链接:



Convert .flac to mp3



Swf file



Ninth Zhongguancun Computer Festival was OFFICIALLY opened



How to convert m4v to mp4



Simple Site ADMINISTRATION



Review Password Managers



Issuing 3G licenses will be postponed to the end of 2007



LIU: a play from the acting to the private equity fund non-plague



"Two-way referral" good medical care Recovery mode



Produced Using Flash MX Components Quiz



Iphone Video Format



JSP tag library analysis



TechTarget BtoB Magazine named "Media 50" ranked sixth



CES Show for the first time to advertise IN Facebook and YouTube



FTP CLIENTS Directory



Monday, July 12, 2010

Some live for BI to! But Mo take BI as "the Bible"


CEO said, I have to business right decisions.

CFO said, I want to see how many accounts can receive.

CMO said, I want to know how to sell which products.

So many people of so many requirements, in the end is not the complete BI?

CEO: a board to beat

M Group is the reorganization by the old state-owned telecom operators, can be said that the telecommunications industry giant. High-level cadres are mostly from the Secretary, the Director and other "officials" change comes, not from the official standard momentary brain way of thinking changed.

Each group meeting will be almost a complaining, each business division's general manager is hard to blame the market development, product design and development is too slow, and with one voice to the group scrambled to technology, capital and talent. Gradually, the group's veterans are afraid to meet, because in addition to noise, there is no way to form a unified idea, let alone in step. Each of the major decisions in addition to several group vice president of compromise about the views of the decision beyond the superficial, that is, group president have the final say.

President of the group recently found that both new product development, investment in new business, organizational restructuring, had her second child in the U group in the industry leading step by step, or even every time she is still brewing a new business, U Group pioneered, accounting for make the first move. This is very surprising to M group president and wonder.

By chance, U know, president, M group is digging its own top-notch technical personnel. Could it be the other party is engaged in "spy"?

M Group, U come from the dug-paid group vice president of information and intelligence office was informed that the secret of each other through business intelligence system to support the president's decision. More importantly, the current, U Group has business units to share data, information and knowledge, and even have the "armed to the general staff" of the evidence, no wonder the vice president of intelligence assessment, if the M Group is still racking our brains decision-making "fire by rubbing sticks" phase, then the other party has achieved a smart decision, "satellite into space" level.

The development of enterprises is constantly making a decision. CEO as a business decision and the supreme leader, requiring a decision of the matter is many large enterprises to the Board on the strategic direction Jian Yi, small to enterprise resources to Zheng He to take corresponding Cuoshijiyu to achieve the tactical 灞傞潰.

With the expansion of business scale and the deterioration of the external competitive environment, CEO to make the right decision more difficult. The reason is the increase in the number of departments make all kinds of complex information scattered in different departments which are not shared, enterprise-level increase also makes the continued distortion of true information. The CEO of the energy is limited, a critical error message is enough to put decision-making CEO brink of failure, or even ruin a business.

How to build an accurate, fast, multi-dimensional, automated business intelligence system is the desire of each CEO.

Specific to the CEO of the BI requirements, they are most concerned about is the BI system can truly support the business at a crucial moment, investment, marketing, production, and other major decisions. The highest stage of BI is able to help at every level to think and CEO decision-making. These include:

1. Customers. Who is the quality of potential new customers, the kind of special treatment to them; how to retain existing customers and let it repeat purchase; how customers full service on all cross-selling, with more profit.

2. Products and services. How through the combination of innovation and resources to develop new products competitors have not, and the maximum value to products; skinny dog and a cash cow business, how to achieve the business with "East West, light does not shine."

3. Supply chain. How to organize the process so that lower consumption of resources, more responsive; how to find the best path to product and service delivery to the customer hands, spend less money to do more.

4. Competition. Who can be included in the list of competitors, opponents are doing, their threat to themselves what kind of action do to beat each other to exert pressure and even each other.

5. Union. When the enterprise capabilities is not enough, how to find the fit of its development partners, their own weaknesses and strengths are, where the other party, how to complement each other, build strong-strong alliance or complement each other.

6. Investment. Which is a sunset business to stop the sale or conversions, which do the next sunrise industry investment and how to avoid financial risks.

7. Market. What kind of means who let customers buy expectations, how to make the user how to enjoy themselves rather than turn to competitors, why would business disaster improper public relations crisis.

8. Policy: Government rules of the game is not about to or already changing, and how better on their own.

9. Staff Appraisals: Why companies give employees a sense of belonging and strong driving force more than the lure of material; what kind of methods and mechanisms on the performance of the staff more willing to "spring forward to a high enough enough."

CFO: have a bone to receive

Storage supermarket operators in the 100 4 thousand types of commodities, with operating area of 10,000 square meters of large scale storage supermarket 10. Great leadership is then "old department store", used indigenous launched, failing to work, playing cards by drinking to maintain feelings of loyalty in the buddy decided to display goods.

Group management in order to meet the needs of very early on the ERP system, the main function is data collection and basic management functions. But, with the data of the ocean, the chief accountant is difficult to sort out a clue Zhang Jinsong. The group has now grown up, in particular, with 10 chains, to maintain the daily operation of the financial sector barely make do, to provide financial information to support decision-making no-brainer.

To the implementation of ERP in the Fuji group cyclone technology companies, recommended in the 100 on the BI system is to better analyze data, provide a basis for decision-making. This said the Zhang Jinsong's hearts. With this system, the financial analysis to improve a lot. The Group's financial data, such as gross profit, gross margin, dynamic sales rate, turnover rate, amount of funds used ratio, inventory levels, he can be from a different point of view of some, can always draw some meaningful conclusions. And as long as the little mouse can get the data you want, without specialized technical guidance, realize the financial support for the decision.

The birth of large amounts of data every day, has long been a vast accumulation of data. How to dig out from these data, valuable information for decision-making support is the CFO of a challenge.

BI analysis of the direct call in advance to set a good method to judge and improve the value of financial data, and sought after by the CFO. BI best start in the telecommunications, finance, retail and other industry analysis of consumer behavior on a wide range of applications, gradually CFO for the analysis of financial data, in the enterprise fund operations, liabilities, inventory management, market share analysis has played an important effect.

CFO of primary concern is funding operations. BI can be time, institutions, and other dimensions of capital inflow, outflow, and management status. BI in the banking industry a wide range of applications is to analyze the sources of funding costs, capital structure, capital surplus and deficiency, capital availability, position calculations, capital utilization and benefit analysis. BI shorten the response time of the anomaly, for the reasonable development of credit policies to support and optimize capital allocation.

In the enterprise, channels flat is an irreversible trend, which increased the CFO of accounts receivable management, workload and difficult. Accounts receivable related to the data should be Henduo, such as arrears of time, time, discounts, credit rating, etc., the information provider with the management of the channel increases. Use of the BI system, with effective management and analysis, accelerating rate of capital return.

More frequent mergers and acquisitions, CFO's responsibility is to be invested in the financial analysis to determine investment value. Some cosmetic results of the invested enterprise, BI fire a pair of eyes to the CFO Venus.

Main business profit margins, return on total assets such as good corporate indicators, the analysis by BI, you can easily find low cost in mind trick. Some corporate debt ratio is relatively high, the general analysis will be that there is no investment value. The BI liquidity asset turnover and gross margin according to other indicators, analysis of assets and liabilities within a few years, the rate will return to safe levels, which can have a more comprehensive judgments.

Inventory management to ensure timely supply of raw materials, timely supply and product sales, as well as semi-reasonable turnover. Through BI, CFO can combine purchasing, sales, production, finance and other basic data, inventory finance to do in-depth analysis. Materials by a certain time income, place and situation analysis of the balance, by doing the analysis and processing of goods sluggish, so as to achieve optimization and inventory adjustments and reserves the right items. CFO thus reducing the capital stock on the occupancy rate, increased turnover rate, thus saving money.

For market share, previously almost exclusively sales thing. Now CFO of the various data associated with BI analysis, we can get the profit contribution of different markets, so as to sales for the implementation of the different target markets to develop products differentiated services and provide a basis for a reasonable price, thereby increasing market share, also increased the CFO's influence.

CMO: there are goods to sell

Success Stories: U.S. Red Robin burger chain to buy a BI system, from the marketing department to track marketing campaigns for business results. A result, Red Robin soon found himself wasting too much money to buy a white sauce, this sauce, but the fact is no one to eat. As a result, Red Robin decided to develop one's own sauce, not out to buy. There is also an ice cream maker, always hear customers complain about the product, while product quality is no problem, did not know the reason. Finally the marketing department on the BI system, the analysis that the problem lies in the product packaging, since packaging of fruit ice cream place greater number of pictures, but the actual product is not so much, this factor has led to customer dissatisfaction. Later, after changing the packaging, customer complaints also stopped.

Competitive advantage in size, to some extent depends on its data collection and analysis, development and implementation of policy decisions by both the amount of time. No BI systems company, a lot of time will be spent on data collection and analysis of these two steps, only very little time spent on the development and implementation of the decision-making. The company has a BI system, just the opposite, because the rational allocation of resources, decision-making efficiency would be very high, the results achieved are very different. The CMO (Enterprise Marketing Director) is concerned, CMO need BI product sales analysis, marketing analysis, customer behavior analysis can play an effective supporting role.

In product sales, CMO want BI to the Japanese sales curve, curve on sales, product list, best-selling product, niche product, product ABC, time sales, payment methods for analysis. Through this analysis, CMO can control the product sales of slow moving products effective means. One interesting example. Safeway UK supermarkets found that some goods put on the shelf for a long time, selling very slowly, one month to sell 12 supermarkets that are unsalable products, decided to brought down. But then analyzed by business intelligence technology, found that people who buy these products, also buy a lot of things, constitute 25% of supermarket revenues. This case, buy unsalable products and buy other products is a correlation, when the so-called niche product away, the next customer will not come. Therefore, the final Safeway supermarket did not win the so-called niche product to.

In marketing, BI enables companies to find more effective ways to promote. This customer is able to accept advertising? Such promotions have much effect? Choose what kind of media at nothing with half the times? Promotional activities in the market easily put hundreds of million or even 10 million yuan of funds, it is difficult to figure out how much improved performance. This is because too many factors leading to performance improvement, and may be the price, advertising, training sales staff, and may be selling season, weaker competitors, among which the combination of too much. BI allows data CMO want to speak, of the factors which played a key role in helping to make the next step of the decision CMO. Had a mobile phone manufacturers want to cut prices, and further promotion of a high-end phone models, but through the BI technical analysis, we found the target customers to buy such a phone less price sensitive, but rather they have this phone as a status and a symbol of quality, price reduction was not beneficial if the temerity of the mobile phone sales.

Customer behavior, CMO hopes BI, analysis focused on customers (potential customers, cross-selling, incremental sales and customer retention, etc.), while for the customers provide the basis for the development of market activities. For example in the telecommunications field, you can call customer behavior De analysis, development of discount policy of Shi Jian, location and client-oriented groups, and other markets Huodong of Yao Su. Domestic telecom operators in the highly competitive mobile market is obvious, they have launched a service for different groups of packages. But the frequent introduction of the package who is used to bring real benefits? How can an early understanding of customer preferences, and then launch a more targeted customers like the service packages? Using the recently introduced package customers are male or a woman, in what age, in the end, what kind of people we welcome this package? These issues need BI to be analyzed.

Press Notes

Mo take BI when the Bible

What is the relationship of beer and diapers? The BI field in the most often used as an example of the supermarket case, aptly illustrates how complex BI data to find rules to link the two seemingly incomparable things, and the resulting pairs The importance of business management.

That is not to throw everything BI, managers can rest easy out?

Of course not. While BI can help managers make decisions, can help managers determine market prospects, financial condition, product design, etc. The one from a point of view the absence of any laws, but many look at some data, stripping silk cocoon can find one of the pumping problem, but it is not omnipotent.

One reason is that not everything depends on BI data to judge. The accuracy of the data or not, many companies have to draw a question mark end. Data collection is complete, accurate, and whether there are problems during processing, which have a direct impact on BI systems to judge.

The second reason is the scientific modeling. The same data, due to the different model, may come to different conclusions. A simple example is how much safety stock setting right in the end, which itself needs Kuguan staff, dispatchers in accordance with their years of experience make judgments, not simply copy on the can. Many BI systems DEMO is done before the test line is this.

The third reason is the most important reason is, BI is still only reference given in the conclusion, not the final conclusion, the matter of determination and implementation continues to be some wisdom. Do not let the computer complete control of the human brain, do not let the Matrix appears in reality.






相关链接:



X-Cloner MP4 Converter



Ever CD RM OGG To AMR Creator



Converting Mp4 To Avi



Bliss M4P VQF to M3U Editing



mp4 To avi



Windows 7 rmvb



Report Audio Video TOOLS



APPLE CD WAVE Music to M4A Maker



Youtube Movie To DVD Software



Review Education



Mkv To Vob



Youtube To PPC Help



Professional CDA RA MP3 to WMA Convert



Youtube to Xbox 360 Store