智慧市政大未來 主題二
TRANSCRIPT
-
GoogleMe.
Steven
1st 5th6th 3rd 1st 1st TheHoneynetProjectTaiwanChapter,Leader CloudSecurityAllianceTaiwanChapter,FounderandDirectorofResearch TaiwanComputerSecurityIncidentResponseTeam,ManagerandResearchFellow http://blog.yilang.org Facebook:Yi-LangTsai
34 InformationSecurity()LinuxGuideNetAdmin80
RHCECCNACCAICEHCHFIACIAITILFoundationISO27001LACISO20000LACBS10012
LACCSASTARAuditing
http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://www.redhat.com/training/http://images.google.com.tw/imgres?imgurl=http://www.nhtconsulting.com/CHFI.gif&imgrefurl=http://www.nhtconsulting.com/chfi.htm&h=174&w=267&sz=4&hl=zh-TW&start=6&usg=__F4sZETqlsBWXUVjsoNFKWy6GkP4=&tbnid=Za4KKwmxGBl_LM:&tbnh=74&tbnw=113&prev=/images?q=CHFI&gbv=2&hl=zh-TW
-
4
-
6000IP 3,000 CVE Exploit-Code Zone-hvulreport
-
6
-
()
-
9
-
4
()
-
90% (BYOD)
-
GoogleDriveDropbox
-
13
-
(CSA,CloudSecurityAlliance)RSAConference2009
72,00030075 20111114 v3.0
CSA
14
-
CSAGlobalWorkingGroup
15
Anti-Bot BigData CloudControlsMartix
CloudDataGovernance CloudVulnerabilities CloudAudit
CloudCISC CloudTrust CloudTrustProtocol
ConsensusAssessments EnterpriseArchitecture FinancialServices
HealthInformation
Management
IncidentManagementand
ForensicsInnovation
InternetofThings Legal Mobile
OpenAPI OpenCertification PrivacyLevelAgreement
Quantum-safeSecurity SecurityasaService SecurityGuidance
SmallBusiness SoftwareDefinedPerimeter Telecom
TopThreats Virtualization
*29 https://cloudsecurityalliance.org/research/#groups
-
CSA14
(CloudArchitecture)(CloudComputingArchitecturalFramework)
(GoverningintheCloud)(GovernanceandEnterpriseRiskManagement)
(LegalIssues:ContractsandElectronicDiscovery)
(ComplianceandAuditManagement)
(InformationManagementandDataSecurity)
(InteroperabilityandPortability)
16
(OperatingintheCloud) (TraditionalSecurity,BusinessContinuity,andDisasterRecovery)
(DataCenterOperations)
(IncidentResponse) (ApplicationSecurity) (EncryptionandKeyManagement)
(Identity,Entitlement,andAccessManagement)
(Virtualization) (SecurityasaService)
Security Guidance for Critical Areas of Focus in Cloud Computing V3.0https://cloudsecurityalliance.org/group/security-guidance/
-
APT
17
-
18
-
GoogleSmartCar
19
-
20
NetworkIntrusionDetectionSystem
DistributedHoneynetSystem
SIEM
DDoS
Hackers
NetworkWorms
DetectingKnownnetworkattacksbysignaturesandpatterns.
CollectingUnknownnetworkthreatsandmalwaresamplesforfurtheranalysis.
EventCorrelationandincidentidentification
Phishingemails
-
21
-
Ransomware2005
2013
CryptoL0ckerCryptoWallCTBLockerCERBER
22
-
MBRMFT(PETYA)
23
-
24
http://news.softpedia.com/news/hackers-demand-3-6-million-from-hollywood-hospital-following-cyber-attack-500408.shtml
4017,000
-
25
-
26
-
321
27
-
28
-
Cerbera CERBERRaaS
Attention!Attention!Attention!Yourdocuments,photos,databasesandotherimportantfileshavebeenencrypted!
29
-
: +
0800-030598
30
-
/ GoogleChromeFacebook iPhone CAPTCHA !
31
-
32
-
GoPro
33
-
WiFi
34
-
35
-
36
-
37
-
SQLInjection
38
-
GooglePlayangrybird
39
-
40
-
41
http://insecam.org/
-
-
42http://www.insecam.org/
-
-
43http://www.insecam.org/
-
-
44http://www.insecam.org/
-
EX:24.989600,121.318700
45
-
46