\u1ea2nh minh h\u1ecda: foxbusiness<\/i>\u200b<\/div>\n\u0110i\u1ec1u g\u00ec v\u1eeba x\u1ea3y ra t\u1ea1i \u0111i\u1ec3m n\u00f3ng US\u2011EAST\u20111?<\/b>\u200b<\/h2>\n
R\u1ea1ng s\u00e1ng ng\u00e0y 20\/10\/2025 theo gi\u1edd M\u1ef9, t\u1ee9c kho\u1ea3ng 11h – 16h theo gi\u1edd Vi\u1ec7t Nam, h\u00e0ng lo\u1ea1t d\u1ecbch v\u1ee5 Internet to\u00e0n c\u1ea7u b\u1ea5t ng\u1edd \u201c\u0111\u00f3ng b\u0103ng\u201d do m\u1ed9t s\u1ef1 c\u1ed1 nghi\u00eam tr\u1ecdng xu\u1ea5t ph\u00e1t t\u1eeb khu v\u1ef1c US-EAST-1 (B\u1eafc Virginia) c\u1ee7a Amazon Web Services (AWS).<\/p>\n
\u0110\u00e2y l\u00e0 v\u00f9ng h\u1ea1 t\u1ea7ng tr\u1ecdng y\u1ebfu nh\u1ea5t c\u1ee7a AWS, n\u01a1i t\u1eadp trung kh\u1ed1i l\u01b0\u1ee3ng d\u1ecbch v\u1ee5 n\u1ec1n t\u1ea3ng kh\u1ed5ng l\u1ed3. Ch\u1ec9 m\u1ed9t tr\u1ee5c tr\u1eb7c nh\u1ecf c\u0169ng \u0111\u1ee7 k\u00e9o theo h\u00e0ng lo\u1ea1t d\u1ecbch v\u1ee5 c\u1ed1t l\u00f5i c\u1ee7a AWS nh\u01b0 EC2 (m\u00e1y ch\u1ee7 \u1ea3o) v\u00e0 DynamoDB (c\u01a1 s\u1edf d\u1eef li\u1ec7u NoSQL) b\u1ecb t\u00ea li\u1ec7t, d\u1eabn \u0111\u1ebfn hi\u1ec7u \u1ee9ng domino tr\u00ean to\u00e0n h\u1ec7 sinh th\u00e1i.<\/p>\n
H\u1eadu qu\u1ea3 l\u00e0 h\u00e0ng tri\u1ec7u ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng th\u1ec3 truy c\u1eadp v\u00e0o c\u00e1c \u1ee9ng d\u1ee5ng ph\u1ed5 bi\u1ebfn g\u1ed3m: Snapchat, Fortnite, Duolingo, Canva, Wordle, Slack, monday.com, Zoom c\u00f9ng nhi\u1ec1u ng\u00e2n h\u00e0ng v\u00e0 d\u1ecbch v\u1ee5 c\u00f4ng nh\u01b0 Lloyds, Barclays, Bank of Scotland, HMRC, Vodafone\u2026<\/p>\n
Theo th\u00f4ng b\u00e1o tr\u00ean trang tr\u1ea1ng th\u00e1i d\u1ecbch v\u1ee5 c\u1ee7a AWS, h\u1ec7 th\u1ed1ng \u0111ang g\u1eb7p s\u1ef1 c\u1ed1 v\u1ec1 DNS \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn DynamoDB – d\u1ecbch v\u1ee5 c\u01a1 s\u1edf d\u1eef li\u1ec7u \u0111\u00f3ng vai tr\u00f2 n\u1ec1n t\u1ea3ng cho nhi\u1ec1u \u1ee9ng d\u1ee5ng kh\u00e1c trong h\u1ec7 sinh th\u00e1i AWS.<\/p>\n
DNS (Domain Name System) l\u00e0 h\u1ec7 th\u1ed1ng ch\u1ecbu tr\u00e1ch nhi\u1ec7m chuy\u1ec3n \u0111\u1ed5i t\u00ean mi\u1ec1n th\u00e0nh \u0111\u1ecba ch\u1ec9 IP, cho ph\u00e9p tr\u00ecnh duy\u1ec7t v\u00e0 c\u00e1c \u1ee9ng d\u1ee5ng k\u1ebft n\u1ed1i \u0111\u1ebfn \u0111\u00fang m\u00e1y ch\u1ee7 \u0111\u1ec3 t\u1ea3i v\u00e0 x\u1eed l\u00fd d\u1eef li\u1ec7u. Khi l\u1edbp ph\u00e2n gi\u1ea3i DNS n\u00e0y g\u1eb7p tr\u1ee5c tr\u1eb7c, c\u00e1c \u1ee9ng d\u1ee5ng kh\u00f4ng th\u1ec3 x\u00e1c \u0111\u1ecbnh v\u1ecb tr\u00ed c\u1ee7a d\u1ecbch v\u1ee5 DynamoDB d\u1eabn \u0111\u1ebfn l\u1ed7i k\u1ebft n\u1ed1i, gi\u00e1n \u0111o\u1ea1n truy xu\u1ea5t d\u1eef li\u1ec7u v\u00e0 t\u1eeb \u0111\u00f3 k\u00edch ho\u1ea1t hi\u1ec7u \u1ee9ng lan truy\u1ec1n sang h\u00e0ng lo\u1ea1t d\u1ecbch v\u1ee5 ph\u1ee5 thu\u1ed9c kh\u00e1c trong chu\u1ed7i h\u1ea1 t\u1ea7ng AWS.<\/p>\n
Gi\u1ea3i ph\u1eabu nguy\u00ean nh\u00e2n k\u1ef9 thu\u1eadt<\/b>\u200b<\/h2>\n
D\u01b0\u1edbi \u0111\u00e2y l\u00e0 t\u00f4i t\u1ed5ng h\u1ee3p l\u1ea1i theo m\u00f4 h\u00ecnh nguy\u00ean nh\u00e2n – h\u1ec7 qu\u1ea3, \u01b0u ti\u00ean c\u00e1c kh\u1ea3 n\u0103ng c\u00f3 b\u1eb1ng ch\u1ee9ng gi\u00e1n ti\u1ebfp r\u00f5 r\u00e0ng.<\/p>\n
L\u01b0u \u00fd: AWS hi\u1ec7n ch\u01b0a c\u00f4ng b\u1ed1 b\u00e1o c\u00e1o \u0111i\u1ec1u tra chi ti\u1ebft ngo\u00e0i tr\u1ea1ng th\u00e1i th\u00f4ng b\u00e1o c\u1ee7a h\u00e3ng, v\u00ec v\u1eady c\u00e1c ph\u00e2n t\u00edch n\u00e0y d\u1ef1a tr\u00ean d\u1ea5u hi\u1ec7u k\u1ef9 thu\u1eadt quan s\u00e1t \u0111\u01b0\u1ee3c v\u00e0 c\u00e1c ti\u1ec1n l\u1ec7 \u0111\u00e3 t\u1eebng x\u1ea3y ra. N\u1ebfu c\u00f3 b\u1ea3n \u0111i\u1ec1u tra r\u00f5 r\u00e0ng th\u00ec m\u1ecdi nguy\u00ean nh\u00e2n d\u01b0\u1edbi \u0111\u00e2y l\u00e0 gi\u1ea3 thuy\u1ebft m\u00e0 t\u00f4i suy \u0111o\u00e1n.<\/i><\/p>\n
1. L\u1ed7i t\u1ea1i t\u1ea7ng \u0111i\u1ec1u khi\u1ec3n m\u1ea1ng ho\u1eb7c DNS (Control Plane\/Route 53)<\/b><\/p>\n
T\u1ea5t nhi\u00ean r\u1ed3i, gi\u1ea3 thuy\u1ebft c\u00f3 kh\u1ea3 n\u0103ng cao nh\u1ea5t l\u00e0 s\u1ef1 c\u1ed1 trong qu\u00e1 tr\u00ecnh ph\u00e2n gi\u1ea3i t\u00ean mi\u1ec1n (DNS) \u0111\u1ebfn c\u00e1c \u0111i\u1ec3m cu\u1ed1i c\u1ee7a DynamoDB.<\/p>\n
Khi DNS g\u1eb7p tr\u1ee5c tr\u1eb7c, c\u00e1c d\u1ecbch v\u1ee5 ph\u1ee5 thu\u1ed9c kh\u00f4ng th\u1ec3 t\u00ecm \u201c\u0111\u1ecba ch\u1ec9\u201d ch\u00ednh x\u00e1c \u0111\u1ec3 truy c\u1eadp d\u1eef li\u1ec7u khi\u1ebfn h\u00e0ng lo\u1ea1t \u1ee9ng d\u1ee5ng g\u1eb7p l\u1ed7i.<\/p>\n
Trong ki\u1ebfn tr\u00fac vi d\u1ecbch v\u1ee5 (microservices), ch\u1ec9 m\u1ed9t l\u1ed7i \u1edf Route 53 ho\u1eb7c l\u1edbp \u0111i\u1ec1u ph\u1ed1i m\u1ea1ng n\u1ed9i b\u1ed9 (network control plane) c\u0169ng c\u00f3 th\u1ec3 lan nhanh sang c\u00e1c th\u00e0nh ph\u1ea7n nh\u01b0 Load Balancer (ELB) hay API Gateway d\u1eabn t\u1edbi t\u1ef7 l\u1ec7 l\u1ed7i 5xx t\u0103ng \u0111\u1ed9t bi\u1ebfn, ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng \u0111\u0103ng nh\u1eadp \u0111\u01b0\u1ee3c v\u00e0 c\u00e1c t\u00e1c v\u1ee5 kh\u1edfi t\u1ea1o t\u00e0i nguy\u00ean (EC2, ECS) b\u1ecb ngh\u1ebdn.<\/p>\n
\u2192 X\u00e1c su\u1ea5t \u01b0\u1edbc t\u00ednh: 70 – 80%<\/i><\/p>\n
2. L\u1ed7i trong qu\u00e1 tr\u00ecnh tri\u1ec3n khai c\u1ea5u h\u00ecnh t\u1ef1 \u0111\u1ed9ng<\/b><\/p>\n
AWS v\u1eadn h\u00e0nh h\u1ea1 t\u1ea7ng theo m\u00f4 h\u00ecnh \u201cinfrastructure as code\u201d (IaC), ngh\u0129a l\u00e0 c\u00e1c thay \u0111\u1ed5i v\u1ec1 m\u1ea1ng, b\u1ea3o m\u1eadt hay \u0111i\u1ec1u ph\u1ed1i \u0111\u1ec1u \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt t\u1ef1 \u0111\u1ed9ng qua c\u00e1c pipeline.<\/p>\n
N\u1ebfu m\u1ed9t b\u1ea3n c\u1ea5u h\u00ecnh sai (v\u00ed d\u1ee5: quy t\u1eafc \u0111\u1ecbnh tuy\u1ebfn VPC, IAM policy hay c\u00e0i \u0111\u1eb7t m\u1ea1ng) \u0111\u01b0\u1ee3c tri\u1ec3n khai r\u1ed9ng, n\u00f3 c\u00f3 th\u1ec3 g\u00e2y \u201cl\u1ec7ch pha\u201d gi\u1eefa t\u1ea7ng \u0111i\u1ec1u khi\u1ec3n v\u00e0 t\u1ea7ng d\u1eef li\u1ec7u khi\u1ebfn d\u1ecbch v\u1ee5 \u0111\u1ee9t qu\u00e3ng h\u00e0ng lo\u1ea1t.<\/p>\n
\u2192 X\u00e1c su\u1ea5t \u01b0\u1edbc t\u00ednh: 15 – 20%<\/i><\/p>\n
3. B\u1ea5t \u1ed5n trong qu\u00e1 tr\u00ecnh nh\u00e2n b\u1ea3n d\u1eef li\u1ec7u<\/b><\/p>\n
D\u00f9 kh\u00f4ng ph\u1ea3i nguy\u00ean nh\u00e2n g\u1ed1c, s\u1ef1 b\u1ea5t nh\u1ea5t t\u1ea1m th\u1eddi gi\u1eefa c\u00e1c b\u1ea3n sao d\u1eef li\u1ec7u c\u00f3 th\u1ec3 l\u00e0m h\u1eadu qu\u1ea3 th\u00eam nghi\u00eam tr\u1ecdng. Khi truy c\u1eadp \u0111\u1ebfn c\u00e1c endpoint kh\u00f4ng \u1ed5n \u0111\u1ecbnh, h\u1ec7 th\u1ed1ng sinh ra l\u1ed7i time-out, m\u1ea5t phi\u00ean \u0111\u0103ng nh\u1eadp ho\u1eb7c ng\u1eaft lu\u1ed3ng x\u00e1c th\u1ef1c khi\u1ebfn ng\u01b0\u1eddi d\u00f9ng th\u1ea5y \u1ee9ng d\u1ee5ng \u201c\u0111\u01a1\u201d ngay t\u1eeb b\u01b0\u1edbc kh\u1edfi \u0111\u1ed9ng.<\/p>\n
\u2192 X\u00e1c su\u1ea5t \u01b0\u1edbc t\u00ednh: 5 – 10% <\/i><\/p>\n
4. \u1ea2nh h\u01b0\u1edfng gi\u00e1n ti\u1ebfp t\u1eeb l\u01b0u l\u01b0\u1ee3ng b\u1ea5t th\u01b0\u1eddng ho\u1eb7c \u0111\u1ed1i t\u00e1c h\u1ea1 t\u1ea7ng<\/b><\/p>\n
M\u1eb7c d\u00f9 AWS v\u00e0 c\u00e1c c\u01a1 quan an ninh m\u1ea1ng \u0111\u1ec1u ph\u1ee7 nh\u1eadn kh\u1ea3 n\u0103ng t\u1ea5n c\u00f4ng m\u1ea1ng quy m\u00f4 l\u1edbn, kh\u00f4ng th\u1ec3 lo\u1ea1i tr\u1eeb ho\u00e0n to\u00e0n kh\u1ea3 n\u0103ng m\u1ed9t ngu\u1ed3n l\u01b0u l\u01b0\u1ee3ng b\u1ea5t th\u01b0\u1eddng (CDN, API ho\u1eb7c nh\u00e0 cung c\u1ea5p DNS th\u1ee9 ba) g\u00e2y hi\u1ec7u \u1ee9ng d\u1ed3n t\u1ea3i, k\u00edch ho\u1ea1t l\u1ed7i s\u1eb5n c\u00f3 trong h\u1ec7 th\u1ed1ng.<\/p>\n
K\u1ecbch b\u1ea3n n\u00e0y hi\u1ebfm g\u1eb7p h\u01a1n nh\u01b0ng v\u1eabn c\u00f3 th\u1ec3 g\u00f3p ph\u1ea7n khu\u1ebfch \u0111\u1ea1i s\u1ef1 c\u1ed1, \u0111\u1eb7c bi\u1ec7t khi k\u1ebft h\u1ee3p v\u1edbi l\u1ed7i DNS ban \u0111\u1ea7u.<\/p>\n
\u2192 X\u00e1c su\u1ea5t \u01b0\u1edbc t\u00ednh: <5%<\/i><\/p>\nThi\u1ec7t h\u1ea1i kh\u00f4ng th\u1ec3 \u0111o \u0111\u1ea1c b\u1eb1ng con s\u1ed1<\/b>\u200b<\/h2>\n
V\u1edbi vai tr\u00f2 l\u00e0 nh\u00e0 cung c\u1ea5p h\u1ea1 t\u1ea7ng \u0111\u00e1m m\u00e2y cho h\u01a1n 90% c\u00e1c c\u00f4ng ty Fortune 100, AWS \u0111\u01b0\u1ee3c xem nh\u01b0 x\u01b0\u01a1ng s\u1ed1ng c\u1ee7a c\u00f4ng ngh\u1ec7 doanh nghi\u1ec7p to\u00e0n c\u1ea7u. V\u00ec th\u1ebf, thi\u1ec7t h\u1ea1i t\u1eeb s\u1ef1 c\u1ed1 l\u1ea7n n\u00e0y v\u01b0\u1ee3t xa m\u1ee9c kh\u00f3 ch\u1ecbu t\u1ea1m th\u1eddi c\u1ee7a ng\u01b0\u1eddi d\u00f9ng, n\u00f3 ph\u01a1i b\u00e0y m\u1ee9c \u0111\u1ed9 ph\u1ee5 thu\u1ed9c kh\u1ed5ng l\u1ed3 c\u1ee7a th\u1ebf gi\u1edbi s\u1ed1 v\u00e0o m\u1ed9t n\u1ec1n t\u1ea3ng duy nh\u1ea5t k\u00e8m c\u00e1i gi\u00e1 c\u00f3 th\u1ec3 l\u00ean \u0111\u1ebfn h\u00e0ng t\u1ef7 USD tr\u00ean to\u00e0n c\u1ea7u, d\u00f9 kh\u00f4ng ai c\u00f3 th\u1ec3 x\u00e1c \u0111\u1ecbnh ch\u00ednh x\u00e1c con s\u1ed1 \u0111\u00f3.<\/p>\n
Theo c\u00e1c \u01b0\u1edbc t\u00ednh trong ng\u00e0nh, nh\u1eefng gi\u00e1n \u0111o\u1ea1n Internet quy m\u00f4 l\u1edbn g\u00e2y ra t\u1ed5n th\u1ea5t h\u00e0ng t\u1ef7 \u0111\u00f4 la m\u1ed7i n\u0103m, bao g\u1ed3m m\u1ea5t doanh thu, s\u1ee5t gi\u1ea3m n\u0103ng su\u1ea5t v\u00e0 thi\u1ec7t h\u1ea1i uy t\u00edn d\u00e0i h\u1ea1n. M\u1ed9t kh\u1ea3o s\u00e1t n\u0103m 2024 d\u1eabn tr\u00ean trang DataCentre Magazine cho th\u1ea5y:<\/p>\n
- \n
- 76% doanh nghi\u1ec7p to\u00e0n c\u1ea7u \u0111ang v\u1eadn h\u00e0nh \u1ee9ng d\u1ee5ng tr\u00ean n\u1ec1n t\u1ea3ng AWS<\/li>\n
- 48% l\u1eadp tr\u00ecnh vi\u00ean t\u00edch h\u1ee3p AWS v\u00e0o quy tr\u00ecnh ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m<\/li>\n<\/ul>\n
Trong b\u1ed1i c\u1ea3nh \u0111\u00f3, c\u00e2u h\u1ecfi kh\u00f4ng c\u00f2n l\u00e0 \u201cLi\u1ec7u AWS c\u00f3 th\u1ec3 s\u1eadp hay kh\u00f4ng?\u201d m\u00e0 l\u00e0 \u201cM\u1ee9c \u0111\u1ed9 t\u00e0n ph\u00e1 s\u1ebd l\u1edbn \u0111\u1ebfn \u0111\u00e2u khi \u0111i\u1ec1u \u0111\u00f3 x\u1ea3y ra?\u201d.<\/p>\n
T\u1eeb l\u0103ng k\u00ednh an ninh m\u1ea1ng c\u1ee7a t\u00f4i, s\u1ef1 c\u1ed1 AWS ng\u00e0y 20\/10\/2025 l\u00e0 minh h\u1ecda cho kh\u00e1i ni\u1ec7m Single Point of Failure (SPOF) – m\u1ed9t \u0111i\u1ec3m l\u1ed7i c\u00f3 th\u1ec3 k\u00e9o s\u1eadp c\u1ea3 h\u1ec7 th\u1ed1ng.<\/p>\n
Trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y, DNS g\u1eb7p tr\u1ee5c tr\u1eb7c t\u1ea1i m\u1ed9t n\u00fat h\u1ea1 t\u1ea7ng tr\u1ecdng y\u1ebfu, khi\u1ebfn h\u00e0ng lo\u1ea1t d\u1ecbch v\u1ee5 t\u00ea li\u1ec7t d\u00f9 d\u1eef li\u1ec7u th\u1ef1c t\u1ebf v\u1eabn c\u00f2n nguy\u00ean v\u1eb9n. Vi\u1ec7c t\u1eadp trung h\u1ea1 t\u1ea7ng v\u00e0o c\u00e1c \u201csi\u00eau v\u00f9ng\u201d nh\u01b0 US-EAST-1 c\u00e0ng khu\u1ebfch \u0111\u1ea1i r\u1ee7i ro, m\u1ee9c \u0111\u1ed9 li\u00ean th\u00f4ng d\u00e0y \u0111\u1eb7c c\u1ee7a \u0111i\u1ec7n to\u00e1n \u0111\u00e1m m\u00e2y khi\u1ebfn ph\u1ea1m vi \u1ea3nh h\u01b0\u1edfng r\u1ed9ng v\u00e0 s\u00e2u h\u01a1n nhi\u1ec1u.<\/p>\n
S\u1ef1 c\u1ed1 n\u00e0y c\u0169ng kh\u00f4ng ph\u1ea3i c\u00e1 bi\u1ec7t. Trong nhi\u1ec1u n\u0103m, c\u00e1c \u0111\u1ee3t gi\u00e1n \u0111o\u1ea1n l\u1edbn c\u1ee7a AWS \u0111\u1ec1u xoay quanh v\u00f9ng US-EAST-1 v\u00e0 ch\u1ec9 m\u1edbi n\u0103m 2024, th\u1ebf gi\u1edbi t\u1eebng s\u1ed1c v\u1edbi s\u1ef1 v\u1ee5 CrowdStrike Incident ng\u00e0y 19\/7\/2024<\/a>. C\u1ea3 hai v\u1ee5 vi\u1ec7c \u0111\u1ec1u cho th\u1ea5y chu\u1ed7i cung \u1ee9ng s\u1ed1 to\u00e0n c\u1ea7u \u0111ang ph\u1ee5 thu\u1ed9c nguy hi\u1ec3m v\u00e0o s\u1ed1 \u00edt nh\u00e0 cung c\u1ea5p l\u00f5i, k\u00e9o theo r\u1ee7i ro lan truy\u1ec1n m\u00e0 nhi\u1ec1u t\u1ed5 ch\u1ee9c v\u1eabn ch\u01b0a l\u01b0\u1eddng tr\u01b0\u1edbc \u0111\u01b0\u1ee3c.<\/p>\n
G\u1ee3i \u00fd c\u1ee7a t\u00f4i v\u00e0 bi\u1ebft \u0111\u00e2u \u0111\u1ea5y \u0111\u01b0\u1ee3c th\u1ebf h\u1ec7 chuy\u00ean gia tr\u1ebb “gi\u1ea3i ph\u1eabu” t\u01b0\u1eddng t\u1eadn h\u01a1n n\u1eefa, r\u1eb1ng khi ch\u00fang ta \u0111ang ph\u1ee5 thu\u1ed9c s\u00e2u v\u00e0o tam tr\u1ee5 \u0111\u00e1m m\u00e2y nh\u01b0 AWS, Microsoft, Google, tr\u00e1ch nhi\u1ec7m c\u1ee7a k\u1ef9 s\u01b0 c\u00f4ng ngh\u1ec7, chuy\u00ean gia v\u1eadn h\u00e0nh v\u00e0 ng\u01b0\u1eddi l\u00e3nh \u0111\u1ea1o n\u00ean ch\u1ee7 \u0111\u1ed9ng h\u01b0\u1edbng \u0111\u1ebfn ph\u00e2n t\u00e1n r\u1ee7i ro, thay v\u00ec \u0111\u1ee3i \u0111\u1ebfn s\u1ef1 c\u1ed1 k\u1ebf ti\u1ebfp \u0111\u1ec3 gi\u1eadt m\u00ecnh nh\u00ecn l\u1ea1i.<\/p>\n
N\u1ebfu c\u00f3 th\u00eam th\u00f4ng tin m\u1edbi v\u1ec1 v\u1ee5 vi\u1ec7c, t\u00f4i s\u1ebd ti\u1ebfp t\u1ee5c c\u1eadp nh\u1eadt cho anh em trong c\u00e1c b\u1ea3n ph\u00e2n t\u00edch ti\u1ebfp theo!<\/b><\/i><\/p>\n