mcafee confidential—internal use only 电子商务交易安全威胁分析和对策...

McAfee Confidential—Internal Use Only

电子商务交易安全威胁分析和对策

2023年4月18日星期二

McAfee Confidential—Internal Use Only04/18/232

直接影响到公司和个人的收益互联网安全

威胁在演变

安全威胁直接影响到机构和个人的经济收益

• 据估算，每年电子商务因客户缺乏信任而导致取消交易的损失高达 $20 亿美金

• 恶意代码数量增长• Botnet 演进趋势• APT 攻击趋势


Reported Institution Data Breached

Dec 2010 McDonald’s1.3 million consumers data records including name, add, phone, birth date and gender

Dec 2010 Honda/Acura 3rd party marketing firm SilverPop- 4.9 million accounts

July 2010UCSF Medical

CenterEmployee used colleagues’ SSNs, PII to fill out hundreds of surveys and redeem Amazon.com vouchers

July 2010Buena Vista University

PII for applicants, students, staff, and donors going back to 1987 stolen from BVU database

June 2010 Univ. of Maine Hackers stole PII/clinical data for 3,500 students

June 2010 Digital River, Inc. Hackers (and possibly insiders) copy 200,000 personal records

Mar 2010 TSA Terminated developer placed malware in terrorism suspect DB

Feb 2010 CeridianAttack yielded SSNs and bank account data for 27,000 employees of 1,900 companies from payroll processor

Jan 2010Iowa Racing & Gaming Comm.

Hacker gained access to database containing PII of more than 80,000 employees

Dec 2009 Rock You SQL injection resulted in breach of 32 million user passwords

Nov 2009 T-Mobile Employee sold millions of customer records to rival carriers

Aug 2009 Heartland 130 Million+ credit/debit card records

Source: Privacy Rights Clearinghouse

安全威胁直接影响到机构和个人的经济收益


安全威胁直接影响到机构和个人的经济收益Company Breach

Sonyhttp://arstechnica.com/gaming/news/2011/04/sony-looking-into-compensating-psn-users-fbi-gets-involved.ars

Outsider hack reported over 70 million user records stolen

New Zealand Dept. of Internal Affairshttp://www.securitynewsdaily.com/new-zealand-government-sites-attacked-0640/

Outsider Denial of Service via outsider hack into the database via sql injection

Vodafone Australiahttp://news.softpedia.com/news/Vodafone-Australia-Shuts-Down-Dealer-over-Dubious-Practices-179994.shtml

Internal employees at Communications Direct Pty Ltd and Vodafone fired and over unauthorized access to Vodafone customer records

Dell Australiahttp://www.theage.com.au/technology/security/dell-australia-customer-details-stolen-in-major-global-data-breach-20110407-1d4yd.html

Marketing database provider Epsilon breach – 40 Billion emails stolen worldwide

South Korea Hyundai Capitalhttp://www.reuters.com/article/2011/04/11/us-korea-regulator-hyundai-idUSTRE73A0DJ20110411

Outsider hack of the financial arm of Hyundai stealing over 400,000 customer records

Monster.comhttp://help.monster.com/besafe/jobseeker/index.aspx

Outsider hack stealing user-ids, passwords, email addresses, phone numbers and demographic data

Hondahttp://blog.alertsec.com/2011/01/japanese-automaker-honda-data-breach-affects-4-9-million-customers/

Outsider hack of 4.9 Million customer records

KDDI Japanhttp://datalossdb.org/incidents/315-japan-telecom-carrier

Outsider hack of 5 Million credit card records


安全还是不安全？

April 18, 20235


电子商务交易安全环节

April 18, 20236

• 数据中心及周边系统• 交易终端• 交易过程


数据中心安全设计参考框架

April 18, 20237


数据中心安全设计参考框架

April 18, 20238


服务器虚拟化环境下的安全防护

Hypervisor

Traditional IPS

Physical Server

Network Security Platform (IPS)

Next Gen Firewall

Note: McAfee FW does not support inter-VM Communications (VMotion)

同一物理机上虚拟机之间的安全隔离同一物理机上虚拟机之间的安全隔离

9



April 18, 202310

Traditional IPSNetwork Security Platform (IPS)

对虚拟服务器的安全加固和变更控制对虚拟服务器的安全加固和变更控制

Hypervisor

Physical Server

Next Gen FirewallToPs for Servers



April 18, 202311


对虚拟化系统上运行的数据库提供安全保护对虚拟化系统上运行的数据库提供安全保护

Hypervisor

Physical Server

Next Gen FirewallToPs for Servers DAM



April 18, 202312


HypervisorHypervisor感知的病毒防范感知的病毒防范

Hypervisor

Physical Server

Next Gen FirewallToPs for Servers DAM Move AV for Servers


高级持续性威胁（ APT ）攻击示意

Internet

USERS &

PARTNERS

SaaS

BRANCH OFFICE

CORPORATE LAN


交易终端的安全性

April 18, 202314

真正的挑战


传统的基于特征的恶意代码防御技术

File Properties Property Values

Detection Name Sample 1

Length 94134 bytes

MD5 B075a2b81336caedcccdec336811f461

SHA1 772e79026bef86044e308d290d4d4fdf1167091c

Sample submitted and

processed

Add to cloud

Add to local virus

signature file

New sample

April 18, 202315


传统的基于特征的恶意代码防御技术

File Properties Property Values

Detection Name Sample 1

Length 94134 bytes

MD5 B075a2b81336caedcccdec336811f461

SHA1 772e79026bef86044e308d290d4d4fdf1167091c

Sample submitted and

processed

Add to cloud

Add to local virus

signature file

April 18, 202316


交易终端的安全性

April 18, 202317

• 硬件辅助的安全防护

– 防止 Rootkit

• 动态白名单技术– 防范未知威胁

• 外设控制– 防止非法 U 盘等

外设• Internet 网站安全

信誉– 防止误访问恶意

站点

• 可管理性？？？


交易过程的安全性

April 18, 202318


其它方面：用户的信心• McAfee SECURE ™

– 主要为在线交易相关站点提供安全性证明– 在超过五十个国家中拥有数万客户– 有 8 万多个站点拥有 McAfee SECURE 的可信标志– 互联网零售商前 500 家中超过一半采用该服务– 为商家增加的交易量平均为 12%– 多语言支持 - 英语、日语、中文、西班牙、匈牙利、德语


全世界的无产阶级，联合起来！

McAfee Labs

MFE Products

Other feeds & analysisServers FirewallsEndpoints Appliances

File Reputation Engine

Web Reputation Engine

Network Threat Information

IP and Sender Reputation Engine

Vulnerability Information

Global Threat Intelligence

EmailFirewallIPS DLPWeb AWLePO AV


结语

April 18, 202321

“Companies spend millions of dollars on

firewalls and it's money wasted because none of these measures address the weakest link in the

security chain: the people who use and operate computer systems”

-Kevin Mitnick (Ex-hacker; spent 4 years prison for

hacking PacBell)

mcafee confidential—internal use only 电子商务交易安全威胁分析和对策...

Documents