CS 259D 介绍

作者 Leo

  • 信息安全的目标
  • 攻击
    • 攻击者及动机
    • 漏洞
    • 攻击类别
    • 基本攻击步骤
    • 攻击工具
    • Advance Persistent Threats: APT
  • 防御
    • 安全探测
    • 风险管理:控制
    • 预防措施
    • 纵深防御
    • 反应式防御
  • 信息安全中的数据挖掘
    • 为什么要大数据
    • 恶意软件大爆炸
    • 检测分类
      • 信息来源
      • 分析策略
      • 时间
      • 活动方式
      • 持续性
  • 参考资料

世界上只有两种公司: 被攻击过的和即将被攻击的。 即便如此,也可以合并为一类:被攻击过的和将再次被攻击的。

联邦调查局局长 Robert Mueller

信息安全的目标

  • C-I-A 三原则
    • 保密性
      • 不得未经授权就披露信息
    • 完整性
      • 不得未经授权就修改信息
    • 可用性
      • 不得未经授权就禁用信息
  • 其他
    • 隐私
    • 真实性
    • 不可否认
    • 问责
    • 可审计

攻击

攻击者及动机

  • 脚本小子
    • 好奇心驱动
  • 网络犯罪分子
    • 利益驱动
    • 典型的人口统计资料:东欧,巴西
  • 民族国家的黑客
    • 权力驱动
    • 典型的人口统计资料:东亚,中东
  • 黑客行动主义者
    • 意识形态驱动
    • 典型的人口统计:北美,西欧
  • 网络雇佣兵
    • 受雇攻击
  • 业内人士
    • 受到不满

漏洞

  • 后门
    • Kleptographic 攻击
    • Rootkit
  • 拒绝服务 (DoS)
    • 资源枯竭
    • 攻击放大器(例如,设计不佳的FTP,DNS)
    • 应用程序或操作系统漏洞
  • 窃听
    • 听网络上的私人通信
    • 监测硬件电磁传输
  • 漏洞
    • 控制计算机系统,提权或者 Dos 攻击
    • 使用木马,病毒
  • 社会工程学
    • 人类:安全上最薄弱的环节

攻击类别

  • 探测
    • 信息收集(1:1,1:m,m:1,m:n 模式)
    • IPSweep,portsweep,nmap 等
  • Denial of Service (DoS)
    • TCP SYN flood,Ping of Death,smurf,neptune 等
  • 远程到本地攻击 (R2L)
    • 蛮力/字典攻击,缓冲区溢出,未经验证的输入攻击
    • 社会工程,木马
  • 用户到根攻击 (U2R)
    • Buffer overflow,rootkit 等
  • 感染
    • 木马/蠕虫/病毒
    • 传播攻击

基本攻击步骤

  • 准备
    • 收集信息:有效的IP地址和端口,操作系统,软件类型和版本
  • 漏洞
  • 留下
    • 后门
  • 清理
    • 重新启动崩溃的守护进程,清理注册表/日志文件
  • 可变顺序和持续时间
    • 攻击者的技能水平
    • 要利用的漏洞类型
    • 先验知识
    • 攻击者的起始位置

攻击工具

  • 信息收集
    • 嗅探:捕获穿越网络的数据包
      • Tcpdump,Ethereal,Gulp,Net2pcap,Dsniff 等
    • 网络映射/扫描/指纹识别:主机/ IP /端口,协议详细信息
      • Nmap,Amap,Vmap,Ttlscan,P0f,Xprobe,Queso 等
  • 发起攻击
    • 木马
      • Danger,NukeNabbler,AIMSpy,NetSpy 等
    • DoS 攻击
      • Targa,Burbonic,HOIC,LOIC 等
    • 数据包构造工具
      • Packeth,Packit,Packet Excalibur,Nemesis,Tcpinject,Libnet,SendIP 等
    • 应用层工具
      • Code Red Worm,Nimda Worm,AppDDoS,RefRef 等
    • 用户攻击工具
      • Ntfsdos,Yaga 等

Advance Persistent Threats: APT

  • 针对高价值资产的针对性攻击
  • 低和缓慢
  • 避免警报
    • 使用被盗的用户凭证
    • 0-day 漏洞
    • 在网络中不活跃
    • 进展缓慢:运行数月或数年
    • 超越当下的 IDS 的有限的时间窗口
  • 多级别
    • 漏洞
    • 命令与控制
    • 侧向运动
    • 突破口
  • 典型的目标
    • 窃取知识产权 (IP)
    • 获得敏感的客户数据
    • 访问战略业务信息
      • 财务收益,丑闻,勒索,数据投毒,非法内幕交易,扰乱组织的业务
  • 攻击者
    • 资金雄厚
    • 技术高超
    • 目标明确
    • 针对特定组织的特定数据

防御

安全探测

  • 第一代:入侵检测系统(IDS)
    • 无法做到 100% 的保护/预防
    • 分层安全
  • 第二代:安全信息和事件管理(SIEM)
    • 关联来自不同入侵检测传感器的警报
    • 向安全分析员提供可处理的信息
  • 第三代:大数据安全分析
    • 上下文智能安全
    • 长期相关性

风险管理:控制

  • 行政管理
    • 政策,准则
      • 密码政策
      • 支付卡行业数据安全标准 (PCIDSS)
      • Principle of least privilege
  • 物理
    • 门,锁等
    • 职责分离原则
  • 逻辑
    • 使用的软件和数据

预防措施

  • 协议
    • 安全套接字层(SSL):源认证
  • 基于主机的保护
    • 安全的操作系统,修补
  • 访问控制
    • 标识:用户名
    • 身份验证:你知道/有的东西
    • 授权:文件权限,Kerberos,需要知道的原则
  • 防火墙
    • 控制网络间的流通信(例如从/到互联网)
  • 安全设计
    • 最小特权原则,代码审查,单元测试,纵深防御
  • 安全编码
    • 缓冲区溢出,格式化字符串漏洞,代码/命令注入

纵深防御

  • 分层的方法
    • 将系统划分出网络区域
    • 将防火墙放在区域的边界上
    • ISP 和防火墙之间的边界路由器用于过滤流量
    • 切换每个区域,降低嗅探效果
    • 加密
  • 最后一层防线
    • 检测

反应式防御

  • 例子
    • 已知恶意可执行文件的防病毒签名
    • 过滤不需要的电子邮件
    • 针对受损网站的网页过滤器
    • 沙盒隔离恶意行为
  • 入侵/泄露时间与问题被察觉的时间,二者时间差的的中位数在 300-400+ 天
  • 0-day 攻击的持续时间
    • 19天到30个月
    • 中位数8个月,平均10个月
  • 61% 的攻击由第三方发起
  • 企业不愿透露数据发生泄露
    • 只有 2%-30% 愿意披露
  • 网络边界模糊
    • 云服务
    • 手机/可穿戴设备
    • 合作伙伴业务

信息安全中的数据挖掘

为什么要大数据

  • 攻击形势
    • 攻击越来越复杂
    • 攻击变得容易
      • 对攻击者的知识要求降低
      • 攻击工具质量提高
    • 攻击者积极性高
      • 攻击者只需要成功一次,而防御则需要每一次都成功
  • 攻击机制不断进化/变异,当前的检测技术失效
    • 多态恶意软件
    • 0-day 攻击
    • APT
  • 网络边界模糊
    • 手机/可穿戴设备
    • 云服务
  • 大数据技术可以存储和分析更高容量和更多类型的数
  • 2010年 Verizon 数据泄露调查
    • 86% 的数据泄露情况,记录在日志中
    • 检测机制未能引发警报
  • 我们应如何感知数据?

恶意软件大爆炸

  • 2011年,新增了4.03亿个恶意软件变种
  • 2012年第一季度,迈克菲每天收集100,000个独特恶意软件样本
  • 2012年第三季度,迈克菲恶意软件签名数据库中有1亿多个样本
  • 实际上,样本签名无法跟上增长的速度

检测分类

信息来源

  • 基于主机
    • 系统调用,系统日志
  • 基于网络
  • 无线网络
  • 应用程序日志
    • 数据库日志,网络日志
  • IDS传感器警报
    • 较低级别的传感器警报

分析策略

  • 滥用检测
    • 前提
      • 拥有专家提供的攻击模式先验信息
      • 签名匹配
      • 使用标记数据集进行数据挖掘
    • 好处
      • 检测已知攻击的准确性高
    • 缺点
      • 对新型攻击无效
      • 每个新发现的攻击都需要更新签名
  • 异常检测
    • 前提
      • 建立正常行为的配置文件(用户,主机,网络)
      • 检测偏离正常的配置文件
    • 好处
      • 能检测到未知攻击
    • 缺点
      • 可能出现高误报率

时间

  • 实时
    • 分析实时数据(例如,会话数据)
    • 如果检测到攻击,立即发出警报
  • 脱机
    • 离线分析数据
    • 对取证有用

活动方式

  • 被动反应
    • 只产生警报
    • 优点:不影响当前环境
    • 缺点:警报可能会被忽视(例如,目标数据泄露)
  • 主动回应
    • 纠正(例如,重新配置防火墙)
    • 先发制人(例如,注销攻击者)
    • 优点:速度
    • 缺点:可能会变成DoS攻击

持续性

  • 持续监测
    • 连续实时分析
    • 及时收集有关行动的信息
    • 增加部署工作量
  • 定期分析
    • 定期拍摄环境快照
    • 降低安全性:两个快照之间的机会窗口可能被利用

参考资料

  • CS 259D Lecture 1

“CS 259D 介绍”的110个回复

  1. I just want to tell you that I am very new to weblog and certainly enjoyed your page. Almost certainly I’m want to bookmark your blog post . You surely have outstanding article content. With thanks for revealing your web site.

  2. Wow in actual fact a great post. I like this.I just passed this onto a colleague who was doing a little research on that. And he actually bought me lunch because I found it for him. Overall, Lots of great information and inspiration, both of which we all need!

  3. SweetWonderful blog! I found it while browsingsurfing aroundsearching on Yahoo News. Do you have any tipssuggestions on how to get listed in Yahoo News? I’ve been trying for a while but I never seem to get there! ThanksMany thanksAppreciate itCheersThank you

  4. Pretty component of content. I just stumbled upon your web site and in accession capital to assert that I get actually enjoyed account your weblog posts. Anyway I will be subscribing to your augment or even I achievement you access constantly fast.

  5. Very nice post. I just stumbled upon your weblog and wanted to say that I’ve really enjoyed browsing your blog posts. After all I will be subscribing to your feed and I hope you write again very soon!

  6. Great ¡V I should definitely pronounce, impressed with your web site. I had no trouble navigating through all tabs as well as related information ended up being truly easy to do to access. I recently found what I hoped for before you know it at all. Reasonably unusual. Is likely to appreciate it for those who add forums or something, web site theme . a tones way for your client to communicate. Nice task..

  7. Magnificent beat ! I would like to apprentice whilst you amend your internet site, how could i subscribe for a weblog site? The account helped me a appropriate deal. I had been just a little bit acquainted of this your broadcast provided brilliant transparent thought

  8. I¡¦ve been exploring for a little bit for any high-quality articles or blog posts in this kind of space . Exploring in Yahoo I eventually stumbled upon this web site. Studying this information So i am glad to express that I’ve a very good uncanny feeling I came upon exactly what I needed. I most undoubtedly will make sure to don¡¦t forget this website and provides it a glance on a constant basis.

  9. Nice read, I just passed this onto a friend who was doing a little research on that. And he just bought me lunch because I found it for him smile Therefore let me rephrase that: Thank you for lunch! “By nature, men are nearly alike by practice, they get to be wide apart.” by Confucius.

  10. I wish to point out my passion for your kindness supporting folks that should have help with this niche. Your very own dedication to passing the message around appears to be extremely effective and have always permitted those just like me to attain their targets. Your personal helpful help and advice signifies a whole lot a person like me and far more to my fellow workers. Many thanks; from everyone of us.

  11. I precisely wished to thank you so much again. I am not sure the things I would have accomplished without the type of recommendations shown by you directly on this area. It absolutely was an absolute troublesome situation in my position, however , noticing the very skilled technique you treated the issue made me to cry for contentment. I will be happy for the advice and as well , hope that you realize what an amazing job that you are putting in teaching others through your webblog. Most probably you have never encountered all of us.

  12. you are actually a good webmaster. The website loading pace is incredible. It sort of feels that you’re doing any distinctive trick. Furthermore, The contents are masterwork. you have done a fantastic job in this subject!

  13. Thank you, I have recently been looking for information about this topic for ages and yours is the greatest I’ve came upon till now. However, what in regards to the conclusion? Are you sure in regards to the source?

  14. RETSPRO reviews and other info are offered within our discussion boards. RETSPRO serves a fabulous network of developers and real estate agents who require the ultimate flexibility of their RETS output. RETS PRO rets plugin is the best software program suitable for any real estate website developer. RETSPRO was built especially for web-developers to deliver them with the tools to totally customize a website for any real estate industry clients.

  15. I in addition to my friends have already been checking the great things located on your web page and suddenly came up with a terrible suspicion I had not expressed respect to the site owner for those techniques. All of the people were definitely for this reason excited to read through all of them and already have clearly been taking pleasure in them. Appreciation for genuinely really considerate and also for considering this form of terrific areas millions of individuals are really wanting to learn about. My honest apologies for not expressing appreciation to you earlier.

  16. Its like you read my mind! You appear to know a lot about this, like you wrote the book in it or something. I think that you could do with a few pics to drive the message home a bit, but instead of that, this is wonderful blog. A fantastic read. I will definitely be back.

  17. Its like you read my mind! You appear to know a lot about this, like you wrote the book in it or something. I think that you could do with some pics to drive the message home a bit, but other than that, this is excellent blog. A fantastic read. I’ll definitely be back.

  18. I simply could not go away your web site prior to suggesting that I extremely loved the standard information an individual supply for your visitors? Is gonna be back often in order to check up on new posts.

  19. I like what you guys are up also. Such smart work and reporting! Carry on the superb works guys I have incorporated you guys to my blogroll. I think it’ll improve the value of my site :).

  20. Enjoyed reading through this, very good stuff, appreciate it. “Shared joys make a friend, not shared sufferings.” by Friedrich Wilhelm Nietzsche.

  21. A person necessarily help to make severely posts I would state. That is the first time I frequented your web page and to this point? I amazed with the research you made to make this particular submit incredible. Great activity!

  22. Its like you read my mind! You appear to know a lot about this, like you wrote the book in it or something. I think that you can do with some pics to drive the message home a bit, but instead of that, this is excellent blog. A fantastic read. I’ll certainly be back.

  23. I alwaysconstantlyevery time spent my half an hour to read this blogweblogwebpagewebsiteweb site’s articlespostsarticles or reviewscontent everydaydailyevery dayall the time along with a cupmug of coffee.

  24. I was recommended this blog by my cousin. I’m not sure whether this post is written by him as no one else know such detailed about my difficulty. You are incredible! Thanks!

  25. I like the valuable information you provide in your articles. I will bookmark your weblog and check again here frequently. I’m quite certain I’ll learn plenty of new stuff right here! Good luck for the next!

  26. I together with my guys ended up checking out the good tricks located on your website and then I got an awful suspicion I had not thanked the web site owner for them. The young boys came consequently thrilled to read through them and now have undoubtedly been enjoying them. Thank you for genuinely really considerate and also for deciding upon such cool useful guides most people are really desperate to understand about. My personal sincere regret for not expressing gratitude to earlier.

  27. This is very interesting, You’re a very skilled blogger. I have joined your rss feed and look forward to seeking more of your wonderful post. Also, I’ve shared your web site in my social networks!

  28. Very nice post. I just stumbled upon your weblog and wished to say that I’ve truly enjoyed surfing around your blog posts. After all I will be subscribing to your rss feed and I hope you write again soon!

  29. Great ¡V I should definitely pronounce, impressed with your website. I had no trouble navigating through all the tabs and related information ended up being truly easy to do to access. I recently found what I hoped for before you know it in the least. Reasonably unusual. Is likely to appreciate it for those who add forums or anything, web site theme . a tones way for your customer to communicate. Excellent task..

  30. I want to voice my appreciation for your kind-heartedness for persons that actually need assistance with this subject. Your special commitment to getting the solution all over has been surprisingly insightful and have all the time empowered regular people much like me to achieve their goals. Your personal important publication indicates a whole lot to me and additionally to my peers. Warm regards; from everyone of us.

  31. I actually wanted to compose a remark so as to express gratitude to you for those great tactics you are showing on this site. My long internet investigation has now been rewarded with excellent ideas to talk about with my family members. I ‘d declare that many of us site visitors actually are unequivocally fortunate to dwell in a remarkable network with many perfect people with great things. I feel quite fortunate to have used the site and look forward to really more exciting minutes reading here. Thanks again for a lot of things.

  32. What i do not realize is in reality how you are no longer really much more smartly-liked than you might be right now. You’re so intelligent. You understand thus significantly in relation to this subject, produced me personally believe it from numerous varied angles. Its like men and women aren’t fascinated except it¡¦s something to do with Woman gaga! Your individual stuffs excellent. Always care for it up!

  33. I like this web blog so much, saved to my bookmarks. “Respect for the fragility and importance of an individual life is still the mark of an educated man.” by Norman Cousins.

  34. you are in reality a just right webmaster. The website loading pace is amazing. It sort of feels that you are doing any unique trick. Furthermore, The contents are masterpiece. you’ve done a magnificent job on this matter!

  35. It’s going to be endfinishending of mine day, butexcepthowever before endfinishending I am reading this greatenormousimpressivewonderfulfantastic articlepostpiece of writingparagraph to increaseimprove my experienceknowledgeknow-how.

  36. you are in point of fact a just right webmaster. The website loading velocity is incredible. It sort of feels that you are doing any distinctive trick. Also, The contents are masterpiece. you’ve performed a fantastic job on this subject!

  37. Thanks, I’ve recently been looking for information about this subject for a while and yours is the greatest I have discovered till now. But, what concerning the conclusion? Are you certain concerning the supply?

  38. I needed to draft you the very small word to finally say thanks a lot as before about the pleasing ideas you have provided on this website. It’s simply shockingly generous of people like you to offer without restraint what numerous people could possibly have made available for an e-book to generate some cash for themselves, most importantly considering that you might have done it in case you wanted. The advice additionally worked like the good way to recognize that the rest have the same desire just as my personal own to see very much more regarding this matter. I am sure there are numerous more enjoyable times ahead for folks who scan through your blog.

  39. You could definitely see your enthusiasm in the work you write. The world hopes for more passionate writers such as you who are not afraid to mention how they believe. Always follow your heart. “Until you’ve lost your reputation, you never realize what a burden it was.” by Margaret Mitchell.

  40. obviously like your web site but you need to test the spelling on several of your posts. Many of them are rife with spelling issues and I to find it very troublesome to tell the reality nevertheless I’ll definitely come back again.

  41. Hello There. I found your blog using msn. This is an extremely well written article. I’ll make sure to bookmark it and return to read more of your useful information. Thanks for the post. I’ll certainly return.

  42. Thank you, I have recently been looking for info about this topic for ages and yours is the best I have found out till now. However, what in regards to the bottom line? Are you positive in regards to the source?

  43. I carry on listening to the news lecture about receiving free online grant applications so I have been looking around for the finest site to get one. Could you advise me please, where could i acquire some?

  44. I cling on to listening to the news bulletin lecture about receiving free online grant applications so I have been looking around for the top site to get one. Could you advise me please, where could i find some?

  45. Very interesting points you have noted , thankyou for putting up. “Death is Nature’s expert advice to get plenty of Life.” by Johann Wolfgang von Goethe.

  46. I truly wanted to write a word in order to say thanks to you for the precious instructions you are giving at this site. My time-consuming internet look up has now been honored with good knowledge to exchange with my close friends. I ‘d mention that many of us readers are really lucky to live in a great network with many outstanding individuals with beneficial tips and hints. I feel very much blessed to have encountered your entire webpage and look forward to so many more fun times reading here. Thank you again for everything.

  47. It is actually a nice and useful piece of info. I am happy that you shared this useful information with us. Please keep us informed like this. Thanks for sharing.

  48. Undeniably believe that which you said. Your favorite reason appeared to be on the net the simplest thing to be aware of. I say to you, I certainly get irked while people consider worries that they plainly do not know about. You managed to hit the nail upon the top and defined out the whole thing without having side effect , people could take a signal. Will probably be back to get more. Thanks

  49. Hey There. I found your blog using msn. This is a really well written article. I’ll make sure to bookmark it and return to read more of your useful information. Thanks for the post. I’ll certainly return.

  50. Thank you for the sensible critique. Me & my neighbor were just preparing to do a little research about this. We got a grab a book from our local library but I think I learned more clear from this post. I am very glad to see such wonderful info being shared freely out there.

发表评论

电子邮件地址不会被公开。 必填项已用*标注