Upload
clifford-evans
View
252
Download
0
Embed Size (px)
Citation preview
McAfee Confidential—Internal Use Only
电子商务交易安全威胁分析和对策
2023年4月18日 星期二
McAfee Confidential—Internal Use Only04/18/232
直接影响到公司和个人的收益互联网安全
威胁在演变
安全威胁直接影响到机构和个人的经济收益
• 据估算,每年电子商务因客户缺乏信任而导致取消交易的损失高达 $20 亿美金
• 恶意代码数量增长• Botnet 演进趋势• APT 攻击趋势
McAfee Confidential—Internal Use Only
Reported Institution Data Breached
Dec 2010 McDonald’s1.3 million consumers data records including name, add, phone, birth date and gender
Dec 2010 Honda/Acura 3rd party marketing firm SilverPop- 4.9 million accounts
July 2010UCSF Medical
CenterEmployee used colleagues’ SSNs, PII to fill out hundreds of surveys and redeem Amazon.com vouchers
July 2010Buena Vista University
PII for applicants, students, staff, and donors going back to 1987 stolen from BVU database
June 2010 Univ. of Maine Hackers stole PII/clinical data for 3,500 students
June 2010 Digital River, Inc. Hackers (and possibly insiders) copy 200,000 personal records
Mar 2010 TSA Terminated developer placed malware in terrorism suspect DB
Feb 2010 CeridianAttack yielded SSNs and bank account data for 27,000 employees of 1,900 companies from payroll processor
Jan 2010Iowa Racing & Gaming Comm.
Hacker gained access to database containing PII of more than 80,000 employees
Dec 2009 Rock You SQL injection resulted in breach of 32 million user passwords
Nov 2009 T-Mobile Employee sold millions of customer records to rival carriers
Aug 2009 Heartland 130 Million+ credit/debit card records
Source: Privacy Rights Clearinghouse
安全威胁直接影响到机构和个人的经济收益
McAfee Confidential—Internal Use Only
安全威胁直接影响到机构和个人的经济收益Company Breach
Sonyhttp://arstechnica.com/gaming/news/2011/04/sony-looking-into-compensating-psn-users-fbi-gets-involved.ars
Outsider hack reported over 70 million user records stolen
New Zealand Dept. of Internal Affairshttp://www.securitynewsdaily.com/new-zealand-government-sites-attacked-0640/
Outsider Denial of Service via outsider hack into the database via sql injection
Vodafone Australiahttp://news.softpedia.com/news/Vodafone-Australia-Shuts-Down-Dealer-over-Dubious-Practices-179994.shtml
Internal employees at Communications Direct Pty Ltd and Vodafone fired and over unauthorized access to Vodafone customer records
Dell Australiahttp://www.theage.com.au/technology/security/dell-australia-customer-details-stolen-in-major-global-data-breach-20110407-1d4yd.html
Marketing database provider Epsilon breach – 40 Billion emails stolen worldwide
South Korea Hyundai Capitalhttp://www.reuters.com/article/2011/04/11/us-korea-regulator-hyundai-idUSTRE73A0DJ20110411
Outsider hack of the financial arm of Hyundai stealing over 400,000 customer records
Monster.comhttp://help.monster.com/besafe/jobseeker/index.aspx
Outsider hack stealing user-ids, passwords, email addresses, phone numbers and demographic data
Hondahttp://blog.alertsec.com/2011/01/japanese-automaker-honda-data-breach-affects-4-9-million-customers/
Outsider hack of 4.9 Million customer records
KDDI Japanhttp://datalossdb.org/incidents/315-japan-telecom-carrier
Outsider hack of 5 Million credit card records
McAfee Confidential—Internal Use Only
安全还是不安全?
April 18, 20235
McAfee Confidential—Internal Use Only
电子商务交易安全环节
April 18, 20236
• 数据中心及周边系统• 交易终端• 交易过程
McAfee Confidential—Internal Use Only
数据中心安全设计参考框架
April 18, 20237
McAfee Confidential—Internal Use Only
数据中心安全设计参考框架
April 18, 20238
McAfee Confidential—Internal Use Only
服务器虚拟化环境下的安全防护
Hypervisor
Traditional IPS
Physical Server
Network Security Platform (IPS)
Next Gen Firewall
Note: McAfee FW does not support inter-VM Communications (VMotion)
同一物理机上虚拟机之间的安全隔离同一物理机上虚拟机之间的安全隔离
9
McAfee Confidential—Internal Use Only
服务器虚拟化环境下的安全防护
April 18, 202310
Traditional IPSNetwork Security Platform (IPS)
对虚拟服务器的安全加固和变更控制对虚拟服务器的安全加固和变更控制
Hypervisor
Physical Server
Next Gen FirewallToPs for Servers
McAfee Confidential—Internal Use Only
服务器虚拟化环境下的安全防护
April 18, 202311
Traditional IPSNetwork Security Platform (IPS)
对虚拟化系统上运行的数据库提供安全保护对虚拟化系统上运行的数据库提供安全保护
Hypervisor
Physical Server
Next Gen FirewallToPs for Servers DAM
McAfee Confidential—Internal Use Only
服务器虚拟化环境下的安全防护
April 18, 202312
Traditional IPSNetwork Security Platform (IPS)
HypervisorHypervisor感知的病毒防范感知的病毒防范
Hypervisor
Physical Server
Next Gen FirewallToPs for Servers DAM Move AV for Servers
McAfee Confidential—Internal Use Only
高级持续性威胁( APT )攻击示意
Internet
USERS &
PARTNERS
SaaS
BRANCH OFFICE
CORPORATE LAN
McAfee Confidential—Internal Use Only
交易终端的安全性
April 18, 202314
真正的挑战
McAfee Confidential—Internal Use Only
传统的基于特征的恶意代码防御技术
File Properties Property Values
Detection Name Sample 1
Length 94134 bytes
MD5 B075a2b81336caedcccdec336811f461
SHA1 772e79026bef86044e308d290d4d4fdf1167091c
Sample submitted and
processed
Add to cloud
Add to local virus
signature file
New sample
April 18, 202315
McAfee Confidential—Internal Use Only
传统的基于特征的恶意代码防御技术
File Properties Property Values
Detection Name Sample 1
Length 94134 bytes
MD5 B075a2b81336caedcccdec336811f461
SHA1 772e79026bef86044e308d290d4d4fdf1167091c
Sample submitted and
processed
Add to cloud
Add to local virus
signature file
April 18, 202316
McAfee Confidential—Internal Use Only
交易终端的安全性
April 18, 202317
• 硬件辅助的安全防护
– 防止 Rootkit
• 动态白名单技术– 防范未知威胁
• 外设控制– 防止非法 U 盘等
外设• Internet 网站安全
信誉– 防止误访问恶意
站点
• 可管理性???
McAfee Confidential—Internal Use Only
交易过程的安全性
April 18, 202318
McAfee Confidential—Internal Use Only
其它方面:用户的信心• McAfee SECURE ™
– 主要为在线交易相关站点提供安全性证明– 在超过五十个国家中拥有数万客户– 有 8 万多个站点拥有 McAfee SECURE 的可信标志– 互联网零售商前 500 家中超过一半采用该服务– 为商家增加的交易量平均为 12%– 多语言支持 - 英语、日语、中文、西班牙、匈牙利、德语
McAfee Confidential—Internal Use Only
全世界的无产阶级,联合起来!
McAfee Labs
MFE Products
Other feeds & analysisServers FirewallsEndpoints Appliances
File Reputation Engine
Web Reputation Engine
Network Threat Information
IP and Sender Reputation Engine
Vulnerability Information
Global Threat Intelligence
EmailFirewallIPS DLPWeb AWLePO AV
McAfee Confidential—Internal Use Only
结语
April 18, 202321
“Companies spend millions of dollars on
firewalls and it's money wasted because none of these measures address the weakest link in the
security chain: the people who use and operate computer systems”
-Kevin Mitnick (Ex-hacker; spent 4 years prison for
hacking PacBell)