沉静的力量可信的保障 quiet strength trusted assurance · 2019-03-29 · the world-class...

1

沉静的力量可信的保障Quiet Strength Trusted Assurance沉静的力量可信的保障Quiet Strength Trusted Assurance

2

Liu Heng CTO & VP [email protected] (010)62119678-123

Security Wetware & Security Operation

mailto:[email protected]

3

Agenda

Security Wetware (Basic Concept)Offensive Wetware (Attack Technology)Defensive Wetware (M2S Service)

4

IT system=software + hardware + wetwareWetware is a hacker slang, as known as liveware、meatware

Wetware means：

1）Human beings (programmers, operators, administrators) attached to a computer system, as opposed to the system’s hardware or software.

2）The human nervous system

Without software, hardware is useless；if computer hardware and software exist together, neither of them can do anything without an operator ；Therefore wetware is essential element

http://www.catb.org/~esr/jargon/html/index.html

http://dictionary.reference.com/search?q=wetware

http://encyclopedia.lockergnome.com/s/b/Wetware

Security Wetware（Basic Concept）

http://www.catb.org/~esr/jargon/html/index.html

http://dictionary.reference.com/search?q=wetware

http://encyclopedia.lockergnome.com/s/b/Wetware

5


Security System

Computing System

6


7

People is always creating and using tools


Wetware

Hardware

software

8

Global international communication，complex giant system

Who is the master？Wetware！

Security Wetware（Basic Concept)

9

In the year of 2001，we first brought up the concept “Security People”. People creates、people uses、people manages、people attacks. The core of network security must be PEOPLE.


Wetware！

10

The world-class security expert Bruce Schneier said：“Security is not a product ，it’s a process” （ 2000）

“The attacker is a part of a security system, and the system must take that attacker into account to remain secure” _ Bruce Schneier: Beyond Fear（2004）


11

The world famous hacker Mitnick described in his new book：“Security is not a technology problem，it’s a people and management problem”，“People is the worst weakness of security”（2003）


12


Mission

Environment System Architecture

RationaleStakeholder Architectural Description

Concern Viewpoint View

LibraryViewpoint Model

fulfills 1..*

influences

inhabits

has an

has 1..*

is important to 1..*

is addressed to 1..*

providesdescribed by 1

has 1..*Identifies1..

selects 1..* organized by1..*

participates in

conforms to

participates in1 ..*

aggregates 1..*consists of 1..*

used to cover1..*

identifies 1..*

has source0..1 establishes methods

for 1..*

•IEEE STD 1471-2000 framework shows

•People is a part of system

13

"We cannot solve problems by using the same kind of thinking we used when we created them."

The Essence of Survival:Some wise words to remember...


“There are many things my father taught me here in this room. He taught me :

Hold your friends close, but your enemies closer.”

_Michael Corleone:The Godfather, Part II

14

Offensive wetware，the newest network attack technology


Defensive wetware，effective network defending technology

15

Agenda


16

Hackers gradually become professional, shaped and younger.

Offensive Wetware (Attack Technology)

Being a hacker is easy，I can do it also！

17


Attack knowledge into the open

18

Attack “Client-Side”If server security is good, attacks shift in focus to Client-Side and wetwareAttack IE/OUTLOOK/FOXMAIL/QQ/MSNReleased and unreleased overflow attack codes for QQ and MSN. By using these ,it’s easy to get privilege

– “Half-life 2”codes stolen: Hacker hacked Neville’s email


19

Commercial， BugSave activities

More hackers find bugs without publication（keep them as products and sell them to buyers ）Vulnerabilities and codes can be sold– Exploitable unpublicized

attack codes，priced 100 thousand~300 thousand.

Administrators and software companies even don’t know these vulnerabilities，and easy to be used


$

20

Damages “visualization”“Zombie Net”，as known as Botnet

– Since October 2004,music websites in continuous 3 months，over 60 thousand servers，had been damaged with 7 million yuan RMB.


21

GO Deep into “Kernel”


22

Database Attacks （converse engineering）


23


CMA and Bots（groupware network）

Co-ordinated MalwareAttack (CMA)

24


Application Attacks

25


Injections（further）

26


MS and Phishing

27


4th generation Rootkits

28


Router and switch attacks

29


Attacks difficult to deal with

Difficult to detectDifficult to analyzeSpread rapidly Tools are confidentialLimited Response tools

30

Agenda


31

New generation security trend=people oriented real-time security processSecurity as a service becomes mainstreamWetware becomes the key point

Defensive Wetware（M2S Service）

The developing process of Security Management

Phase I

Physical SecurityFocus on physical protection including computer center and data confidentialityFaults: Slow response, short of protection methods on electronic information

Phase II

Security Products

Focus on vulnerability and intrusion, implement firewalls anti-virus and IDS productsFaults: Only protect known security threats, not real-time

Phase III Real-time Security ProcessFull protection, real-time detection and expert response system

32


Defensive wetware faces more challenges • Information Security Management• Internal audit、Internal control• Sox/Cobit• ITIL/FISMA• COSO/Base II• SAS 70

Corporate Governance Corporate Governance

Business & Security Management OrganizationBusiness & Security Management Organization

Security SolutionsSecurity Solutions

PrivacyPrivacy IdentityIdentityManagementManagement

ApplicationApplicationIntegrityIntegrity

InfrastructureInfrastructureSecuritySecurity

BusinessBusinessContinuityContinuity

Business Business ProcessesProcesses

Security Security Management Management

ProcessesProcesses

IT IT Management Management

ProcessesProcesses

Compliance and MonitoringCompliance and Monitoring

Business Aligned Security Policies, Standards and StrategiesBusiness Aligned Security Policies, Standards and Strategies

Architecture and StandardsArchitecture and Standards

Corporate Governance Corporate Governance

Business & Security Management OrganizationBusiness & Security Management Organization











Business Business ProcessesProcesses


ProcessesProcesses


ProcessesProcesses

Business Business ProcessesProcessesBusiness Business ProcessesProcesses


ProcessesProcesses


ProcessesProcesses


ProcessesProcesses


ProcessesProcesses

Compliance and MonitoringCompliance and Monitoring

Business Aligned Security Policies, Standards and StrategiesBusiness Aligned Security Policies, Standards and StrategiesBusiness Aligned Security Policies, Standards and StrategiesBusiness Aligned Security Policies, Standards and Strategies

Architecture and StandardsArchitecture and StandardsArchitecture and StandardsArchitecture and Standards

33


Venustech brings up a brand-new security service M2S based on wetware

全心(People)

全程(Process)

全能(Technology)

People

TechnologyProcess

MMS（Managed Monitoring Service） M2,Sfocuses on Venustech professional monitoring technology and serviceMSS（Managed Security Service） M,2Sincarnates the joint of Venustech and international general trusteeship security serviceManagement To Security M to SClarifies the conception” Achieve security through management ” advocated by Venustech

34


M2S original motivitiesClient is the coreAims at problem solution

35


Expert Consulting

36

Expert Consulting


37


Managed Monitoring

38


紧急响应小组数据处理分析

中心

安全专家

防火墙其它安全相关系统、设备等

主机系统认证系统

数据收集合预处理系统

计算机安全事故紧急处理过程

监控中心

客户网络

Managed Monitoring

39


Integration Optimization

40


Implementation Exception

Network Optimization and System Harden Solution

Risk Evading Solution Based on Venustech Criterion and System Feature

Submit Implementation Solution Application

Client Affirm

System Harden Synchronized Record

Field Training

Second Assessment Affirm

Final Report

Activate Risk Evading Solution/Recovery

Continue

Modify Solution

Abort

Implementation

New Harden Solution

Everything OK

Security Harden Process

Integration Optimization

41


Knowledge Education

42


Knowledge Education

43


Alerts and Responses

44



– OS Recovery

– Service Application Recovery

– Trace Intrusion– Entrap Intrusion

•Intrusion Analysis •Disaster Recovery •Intrusion Trace and Entrap•Consultation Optimization

QQ：：Emergency ResponsesEmergency Responses————Only Fire FightingOnly Fire Fighting？？

– Info Tamper– Vicious

Resource Consumption

– Virus Burst

– System Harden

– Perimeter Optimization

– Code security analysis

– System security evaluation

– Security Policy Consultation

45



46



Knowledge Education Integration Optimization

Managed Monitoring

Expert Consulting

M2S Service

47


Agenda

48沉静的力量；可信的保障沉静的力量；可信的保障Quiet Strength;Trusted Assurance

沉静的力量可信的保障 quiet strength trusted assurance · 2019-03-29 · the world-class...

Documents