Network security
The current Internet applications have penetrated into all aspects of life, such as WeChat, QQ, virtual reality, Didi Travel, shared riding, etc. However, the vigorous development of various applications has also brought security risks, making network security incidents have become today’s international One of the hot topics that the world pays most attention to.
Cybersecurity incident
The scope of network security incidents is very wide, such as viruses, vulnerabilities, phishing software, Trojan horse attacks, etc...
Security incident case
1. Yahoo had more than 1.5 billion user information leaked in 2016. At the same time, phishing emails, email scams, email leaks and other issues frequently occurred
2. The 2016 "Mailgate" incident, and the 2016 presidential candidate's Mailgate incident exposed by hackers indirectly led to the candidate's failure in the U.S. election. This attack used the data stored on the private server System vulnerabilities and software vulnerabilities, and finally succeeded in stealing confidential government mail.
3. Windows extortion virus in 2017. In May 2017, Windows extortion virus spread across the world. Infected users are mainly in the intranet environment of enterprises and universities. Common files such as documents, pictures and materials of the Zhongzhao system will be virus Encryption, the virus uses the RSA asymmetric algorithm. Without a private key, it cannot decrypt files, and then extorts users for high bitcoin ransoms. The endless network security incidents make us feel that network security has never been so close to us as it is today. , And these cases are just the tip of the iceberg for the security threats in today's networks.
Hackers have launched a full range of attacks against users, applications, computers, and networks
. Attack methods against user behaviors often use the lack of security awareness of the majority of users, and the confidential information such as account passwords is not protected or executed. Vulnerabilities such as secure terminal operation.
This type of attack is characterized by simple technical means, various types of attacks, and the scope of the attack covers all information system users, so it is loved by attackers and is usually their first choice for attack.
From phishing sites for online shopping, to the disclosure of user passwords for database crash attacks, to the endless emergence of telecommunications fraud, these are typical cases of user attacks.
When the attack on the user behavior is invalid, the attacker will then try to attack the application, such as injection attacks and web page modification.
The process is that the attacker targets the security vulnerabilities of the application, steals the data of the application or uses the application to perform Malicious operations, such as SQL injection attacks and OpenSSL heart bleeding attacks
The large number of spam emails we receive every day and many e-commerce customer information leaks are typical cases of application attacks
Attacks against computer hosts, such as Trojan horses, system vulnerabilities, and computer viruses
Attackers need to target different types of operating systems, take advantage of the vulnerabilities and security risks of the operating system itself, and use professional attack tools such as Trojan horses, worms, viruses, etc., to achieve or destroy the operating system.
"Panda Burning Incense", "Gray Pigeon" and "Extortion Virus", these familiar names are all typical cases of computer attacks.
Of course, the attacker still has one last killer trick, such as denial of service attacks and man-in-the-middle attacks.
The process is that the attacker aims at the security flaws of the protocol itself to achieve the purpose of stealing network data and interrupting normal services, such as the flooding attack used by the TCP protocol SYN itself.
Through the attacks on conventional cyber security threats, I believe that everyone has a comprehensive understanding of technical security. However, security is not a purely technical issue. We need to look at it as a whole. The so-called no rules can’t make a circle, we also need a set A comprehensive information security management system, ISO27000 is an information security management system widely recognized internationally
It is a typical risk management-based management system that periodically passes risk assessments, internal audits, effectiveness measurements, and management reviews to ensure that ISMS enters a conscience cycle, achieve self-improvement, and review major cybersecurity incidents that have occurred in recent years , It is not difficult to find that hackers are not only concerned about the theft of various core data, critical infrastructure, governments, financial institutions, and the energy industry have become new targets for hacker attacks.
There are more and more political hacking operations supported by the state, and it is a foregone conclusion that network security has risen to a national level
Global information-based developed countries have introduced their own security laws and regulations and related security management agencies. The information security management system and standards are the overall planning of enterprise security high-rise buildings. After we understand the management system and standards, how to plan in the enterprise Implement a security program?
Best practice solutions for enterprise information security
We divide the system into 5 levels. The first is the physical layer. The physical layer includes facilities such as communication lines, physical hardware equipment, and computer room racks. To ensure the security of the physical layer, it is necessary to ensure the reliability of the communication lines. For the safety of equipment replacement and disassembly and the ability to deal with a series of natural disasters, physical layer security is the foundation of all security and should not be underestimated. On the basis of physical layer security is network layer security.
A comprehensive network layer security solution requires comprehensive consideration of a series of security factors such as network layer identity authentication, access control, data transmission, remote access, intrusion, and network viruses. Network layer security is the most important way to realize the safe transmission of data and information. The key link is also the part that we need to consider comprehensively when planning.
When data enters the operating system through the network layer, the realization of security is concentrated on the operating system layer. For the vulnerabilities and defects of operating systems such as Windows, Linux, and Unix, how to plan identity authentication, access control, vulnerability detection and repair is the top priority The most important thing is that the security of the operating system is the key node for data storage and processing. We need to strengthen the system to prevent problems before they happen.
In addition to the previous levels, at present, the biggest threat in the network is application layer security. Application layer security mainly revolves around various applications and services, focusing on Web service security, mail system security, and self-developed applications. In terms of security, its core is to resist malicious attacks such as viruses, cross-site scripting, and data tampering.
With the rapid development of the mobile Internet, the importance of application layer security has become more and more prominent. Finally, information security is not a mere technical solution. An enterprise’s control over the entire network is also very important. At the management level, our security work is reflected in Develop a strict safety management system, clarify the division of safety responsibilities and the reasonable configuration of personnel roles. These tasks can greatly reduce other levels of safety hazards. Comprehensive defense and planning can enable our company to meet actual needs. Information security defense-in-depth system. At this point, we started from the analysis of the current situation of cyber threats to fully understand the information security management system and security standards, and explained the importance of the security defense-in-depth system to enterprise security
As you gain knowledge, please also think further about how we can implement security solutions at all levels through related security products.