Industry News
News
Home » News » Details
News
The evolution of network information security attack and defense
        The era of web security issues far beyond the early adopters of stand-alone security issues. For a variety of network applications has become extremely frequent attacks and destruction, security measures are constantly developing.
        Expansion of network bandwidth, IT applications, rich, expansive development of the Internet users, making the network and information platform of attack between fans and security the most intense stage of the struggle. the era of web security issues far beyond the early adopters of stand-alone security issues. For a variety of network applications has become extremely frequent attacks and destruction, security measures are constantly developing.
Introduce new attacks
        Overseas media have predicted in 2009, following the trend of network security attack and defense: malicious software continues to rage; phishing attacks intensified; Web2.0 sites into breeding grounds for malicious software; hackers increasing diversity of types of services provided; online virus became and a target for hackers; integrated security solutions will become widely accepted; internal security threats will become more severe; financial institutions to strengthen safety management; cloud security to the general trend.
        Huawei Security Center also predicted: the web pages linked to the horse as a means of malicious software has become the source of economic crime; spam, spam, SPIT further flooding; DDOS attacks, increasing the scope; P2P business impact of wireless and fixed network broadband applications; more intimate and low-medium-sized botnet zombies become mainstream; cloud security technology to enhance security capabilities; storage devices become the primary means of information leakage for media control and encryption requirements increase; internal security and document security management without delay; for the rapid development of professional equipment attack.
        Recently, the major types of security attacks have the following four development directions.
Malicious destruction of larger software
        Black was born underground industry chain, Trojans, worms, botnets and other malicious software on the user's influence, already more than the traditional impact of the virus, which for web malware attacks becomes the new hot spot. In the new era, these malicious software attacks have also been a lot of changes.
        Trojan Attack Technology: Web page linked to horse as fast attacker Trojan implanted in the user's machine in the most common means, but also become the greatest impact on network security attacks.
        Worm attack techniques: In addition to the traditional network worms, for Email, IM, SNS and other applications of the business more and more worms. For example, the worm through the multi-packed models to enhance the concealment, similar to the spread of P2P communication mode to the rapid expansion of the scope of damage.
        Botnet technology: in command and control mechanism, botnets by the IRC protocol to the HTTP protocol and the transfer of various P2P protocols, and constantly enhance concealment and robustness; attack mode with low frequency and sharing, making the zombies spread more subtle; through enhanced authentication and channel encryption mechanism, the multi-bot and deformation state of confusion, making the detection of botnets, tracking and analysis more difficult.
P2P applications give rise to new security problems
        BT, eDonkey and other P2P software is widely used in convenience to the user, but also bring risks to the network application. P2P technology to maximize the bandwidth occupied by the network bandwidth is facing serious challenges. Provide bandwidth services for carriers, in order to properly optimize bandwidth, and the rational use of P2P technology.
        P2P software itself has become the target of many attackers. Mainstream to the center of P2P software and open, making the P2P node can easily become a weak point, the use of P2P worms or Hidden Trojans as a new attack.
Emerging wireless terminal attack
        Wireless end-users has surpassed fixed-line subscribers, reaching billions. With 3G, WiMAX, LTE and other wireless broadband technology, rapid development, PDA, wireless data cards, smart phones and other forms of mobile terminals, the main objective of a hacker attack.
        Attacks against the wireless terminal in addition to traditional means of attack, but also has its own particularity. Such as the operating system for mobile virus attacks, Trojan horse attack against the wireless business, a malicious radio garbage phone, MMS-based applications, worms, spam SMS / MMS, mobile phone thieves, SIM card copying and transmission protocol for wireless hacking and so on.
Various forms of data leakage
        Data leakage has gradually become the most security concerns. New media, e-mail, communities and other new communications tool for the application of the attacks against the data reveals a lot of new features. For example, U disk, USB port, removable hard disk, infrared, Bluetooth and other transmission equipment, carry or rumor important and sensitive information; for electronic devices (eg PC), reconstruction of electromagnetic information, real-time access to important data; implanted Trojan, steal the host medium data or peripherals; intercepted communication in the public network or wireless transmission of data Email, access to sensitive information.
        In addition to these attacks, the gradual application of new information technologies, also produced a number of new attack methods. For example, virtualization technology for the attacks, the attacks against the security-specific hardware and software for wired / wireless communication equipment, attack, distributed DDOS attack of all sizes, all kinds of web application attacks.
Means of protection against each
        The face of new security risks, there must be innovative information security technology to confront it. To this end, information security technology from the traditional anti-virus software, intrusion detection, firewall, integrated security gateway (UTM) technology, to reliable technology, cloud security technology, deep packet inspection, control and endpoint security web security technology and other new information security technology development.
Trusted Technology
        Reliable technology is a systems engineering, network systems to provide end-to-the credibility of the overall security environment, including trusted computing, trusted and reliable network technology, object technology.
        The idea is that trusted computing hardware platform through the introduction of the credibility of the terminal structure, enhance the end-system security. PC, server, mobile terminals are trusted computing entity. Trusted computing platform based on Trusted Computing Module (TPM) as the core, the CPU, operating system, applications and network infrastructure equipment for the integrated complete architecture.
        Object technology through the establishment of a credible multi-dimensional credit assessment center, the spread in the network objects in the standard assessment of credibility, the credibility to get the object and determine whether the network communication. IP address, email, web pages, web addresses, etc. are credible objects of the entity. Object technology in the trusted, credible reputation to build a correct evaluation system is the key factor. Due to different factors and the object of the assessment criteria for assessing relatively large difference between the current assessment of the credibility of the object for different systems are usually separate building. The most common credit rating system, there are two, namely, email and web reputation credit assessment system evaluation system.
        Trusted network security capabilities through the integration of the network capabilities for secure network architecture design, to protect the overall network security capabilities. A variety of network equipment and network element is a trusted network entity. The goal is to build a trusted network the whole network security, survivability and control. In the trusted network model, each object is established between the interdependent and mutually-controlled trust, the credibility of the object and other individuals as the basis for object interactions. A typical model of a centralized trusted network, distributed, local trusted network.
        Reliable technology to ensure that all operations through authorization and authentication; all network elements, equipment and the need to spread the object is trusted to ensure that the entire network between the various elements within the system of strict trust; effective solution to end-user authentication and authentication network element, the invasion and the presence of malicious code, malicious software and hardware configuration changes and network objects fraud and other issues; fine-grained control of user terminal network access.
Cloud security technology
        Cloud technology is an emerging security technology that will be the desktop / edge device as the core security capabilities, transfer to the network / data center as the core security capabilities, and full use of the advantages of centralized scheduling, greatly increasing Users enjoy the security services of simplicity, convenience and efficiency. At present, the cloud-based security technology can be divided into two categories: the security of cloud computing capabilities, the cloud-based virtualization security technology.
        Cloud computing for the long-term balance between safety and efficiency in the development of security technology has brought great changes, new security technology for greater impact. Cloud-based security technology to improve the UTM, and the credit assessment system processing efficiency and accuracy, has obvious advantages. In addition, cloud computing can also reasonably deal with other security technologies (such as online antivirus, Information Security   Assessment Center SOC, distributed IPS, etc.) has a large amount of historical information, a large number of databases, and distributed processing of information.
Another cloud is the core security technology virtualization, cloud and clients through a combination of providing a new type of information network security defense.     
        Cloud-based virtualized security services model, the security capabilities on the "cloud" side, on-demand to the client. The security core competencies, completely safe from the cloud center. Currently there are two major cloud security models: cloud-based security model security gateway, and host-based security model security cloud. When the "cloud" safe time comes, the original of host security software (such as AV software), or border security gateway (such as firewalls), the overall role of the field of network security will become smaller, while the cloud-based center will greatly enhance the security capabilities, which may change the field of security inherent in nearly 20 years of industry chain and business model.
Deep packet inspection technology 
        Deep packet inspection (DPI technology) in addition to the quintuple header information detected and analyzed, but also on the packet payload, message association and other objects to monitor and achieve the depth of the message identification. DPI technology enables network operators to optimize the allocation of network bandwidth, network security and attacks on the depth of the refinement of operating the network business, a positive role in promoting.
        DPI technology enables business applications stream packet content detection, and can detect the source of the data path, so the security technology in combination with DPI technology will greatly enhance the protection capacity. DPI technology enables in-depth analysis of abnormal flow, in-depth exploration botnet source and target, the depth of abnormal behavior detection, support to prevent worms, Trojan horses, and viruses.
        In addition, wireless and fixed broadband networks for integrated multi-service bearer of the demand, the need for data network operators to implement detailed operation. DPI technology to adapt to this demand. DPI technology can efficiently identify a variety of network services, and application traffic monitoring, collection, analysis, statistics, etc., so that operators can offer differentiated services to different applications. DPI also provides flow-based technology, bandwidth, and market multi-dimensional refinement of billing models, and trusted to protect business-critical traffic quality of service, the large flow of business (e.g. P2P) to effectively ease, the maximum level to optimize service bandwidth, order to effectively achieve the refinement of business management.
        In addition, DPI technical support for the operation of data (such as business flows, user behavior, etc.) for mining, but also for product marketing and customer base segmentation strategy, provide strong support. 
Web security technology
        Underground hacker industrial chain of survival and development, making the attackers are increasingly focusing on attacks on web applications. A typical web application security technology has the following main categories. 
        Established a web-based web firewall security access control security mechanism, through the pages visitors access restrictions and validation, to enhance the security of web system. web firewall implementation in two ways, namely, web-based server software and web-based gateway firewall hardware firewall.
        URL filtering implementation and management of non-performing URL filtering. The face of a huge number of bad sites, URL filtering, URL key requirement is the complete library, as well as the URL of efficient matching algorithms.
In addition to traditional anti-spam technology white list, black list, filter mail based on rules, as well as the source of authentication technology, but also introduces the content fingerprint analysis, assessment of new technologies such as e-mail reputation. In addition, bad image processing image spam techniques, handling advertising junk voice mail voice technology, but also gradually been applied.
        Web page linked to horse against a lot of web security gateway technology, gateway anti-virus and software has been applied, they provide pages linked to horse killing, controlling access to pages linked to the horse's ability. Of course, in addition to using the network security tools, update patches, uninstall insecure plug-in, disable scripting and ActiveX controls to run, the implementation of web credibility assessments, etc., can also enhance the Web page linked to the horse to prevent.
        In addition to these technologies, for web viruses, phishing, spyware and other web attacks with other prevention techniques, but also to some extent to ensure the security of web applications.
Endpoint security management and control techniques
        The traditional firewall, intrusion detection, anti-virus and other security devices, to a certain extent, solve the external enterprise information system security issues. But the internal data leakage and human attacks, has become the main security risks at the present stage. Internal security risk control is the core of the terminal behavior control. Common endpoint security control technologies include: access control terminal, the terminal behavior control technology, document security technology.
        Terminal access control technology is state-to-end security checks to ensure that access to the network terminal, to the business requirements of security level, to avoid endangering the entire network terminal unsafe, and unhealthy terminal security fixes. Access control for wireless terminal, the remote access device control, fine-grained control particle size, and the use of existing network equipment to achieve security control across the network, the access control technology trends. 
        Behavior control technology can check the terminal application software installation, monitoring, terminal services running on the process and control the terminal's USB / IR / Bluetooth interface and peripherals to control the application of reasonable access to the network, and record the file on the terminal operation situation. Behavior control technology enables businesses to develop information security policies by the end user to understand and implement on the terminal, to avoid the weaknesses of the terminal as network attacks and information leakage channels.
        Document security technology to prevent information leakage, implemented in two ways. Drive-level encryption technology file filter driver for a particular file encryption / decryption, provided to the corresponding file editing / reading tools is still clear, and can implement any type of file protection. Application layer encryption technology to deal with specific file formats (such as Office, WordPro), no driver development files. Both technologies are provided through the editor interface to achieve a specific file type read / write / edit / print permissions.
Home      |      Business      |      News      |      Partners       |      Recruitment      |      About Us      |      Contact Us      |      Privacy
Copyright © 2011 Cetron Network Technology Co.,Ltd
: