GoogleMe.

Steven

1st 5th6th 3rd 1st 1st TheHoneynetProjectTaiwanChapter,Leader CloudSecurityAllianceTaiwanChapter,FounderandDirectorofResearch TaiwanComputerSecurityIncidentResponseTeam,ManagerandResearchFellow http://blog.yilang.org Facebook:Yi-LangTsai

34 InformationSecurity()LinuxGuideNetAdmin80

RHCECCNACCAICEHCHFIACIAITILFoundationISO27001LACISO20000LACBS10012

LACCSASTARAuditing

http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://images.google.com.tw/imgres?imgurl=http://www.nhtconsulting.com/CHFI.gif&imgrefurl=http://www.nhtconsulting.com/chfi.htm&h=174&w=267&sz=4&hl=zh-TW&start=6&usg=__F4sZETqlsBWXUVjsoNFKWy6GkP4=&tbnid=Za4KKwmxGBl_LM:&tbnh=74&tbnw=113&prev=/images?q=CHFI&gbv=2&hl=zh-TW

4

6000IP 3,000 CVE Exploit-Code Zone-hvulreport

6

()

9

4

()

90% (BYOD)

GoogleDriveDropbox

13

(CSA,CloudSecurityAlliance)RSAConference2009

72,00030075 20111114 v3.0

CSA

14

CSAGlobalWorkingGroup

15

Anti-Bot BigData CloudControlsMartix

CloudDataGovernance CloudVulnerabilities CloudAudit

CloudCISC CloudTrust CloudTrustProtocol

ConsensusAssessments EnterpriseArchitecture FinancialServices

HealthInformation

Management

IncidentManagementand

ForensicsInnovation

InternetofThings Legal Mobile

OpenAPI OpenCertification PrivacyLevelAgreement

Quantum-safeSecurity SecurityasaService SecurityGuidance

SmallBusiness SoftwareDefinedPerimeter Telecom

TopThreats Virtualization

*29 https://cloudsecurityalliance.org/research/#groups

CSA14

(CloudArchitecture)(CloudComputingArchitecturalFramework)

(GoverningintheCloud)(GovernanceandEnterpriseRiskManagement)

(LegalIssues:ContractsandElectronicDiscovery)

(ComplianceandAuditManagement)

(InformationManagementandDataSecurity)

(InteroperabilityandPortability)

16

(OperatingintheCloud) (TraditionalSecurity,BusinessContinuity,andDisasterRecovery)

(DataCenterOperations)

(IncidentResponse) (ApplicationSecurity) (EncryptionandKeyManagement)

(Identity,Entitlement,andAccessManagement)

(Virtualization) (SecurityasaService)

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0https://cloudsecurityalliance.org/group/security-guidance/

APT

17

18

GoogleSmartCar

19

20

NetworkIntrusionDetectionSystem

DistributedHoneynetSystem

SIEM

DDoS

Hackers

NetworkWorms

DetectingKnownnetworkattacksbysignaturesandpatterns.

CollectingUnknownnetworkthreatsandmalwaresamplesforfurtheranalysis.

EventCorrelationandincidentidentification

Phishingemails

21

Ransomware2005

2013

CryptoL0ckerCryptoWallCTBLockerCERBER

22

MBRMFT(PETYA)

23

24

http://news.softpedia.com/news/hackers-demand-3-6-million-from-hollywood-hospital-following-cyber-attack-500408.shtml

4017,000

25

26

321

27

28

Cerbera CERBERRaaS

Attention!Attention!Attention!Yourdocuments,photos,databasesandotherimportantfileshavebeenencrypted!

29

: +

0800-030598

30

/ GoogleChromeFacebook iPhone CAPTCHA !

31

32

GoPro

33

WiFi

34

35

36

37

SQLInjection

38

GooglePlayangrybird

39

40

41

http://insecam.org/

-

42http://www.insecam.org/

-

43http://www.insecam.org/

-

44http://www.insecam.org/

EX:24.989600,121.318700

45

46