演章节内容下载-powerpointpresentati.ppt

网络安全挑战与应急处理 国家计算机网络应急技术处理协调中（CNCERT/CC） 运行部 主任 杜跃进 博士 2004年10月.广西 报告内容 网络安全威胁：从用户到网络 网络安全挑战：可否赢得这场比赛？ 网络安全的几个误区：错误的理解 正确理解应急处理：让网络安全成为运行的“过程” 经验与教训：迎接当前挑战的几大关键要素 国内外现状和趋势简介 网络安全不再是事不关己的故事 黑客到底有多黑？ 网络原子弹：10分钟之内让全世界瘫痪 伪装攻击：肆无忌弹 数字“特洛伊”：远古手段的现代演化 “钓鱼”活动：日益活跃的陷阱 “信息爆炸”的时代：垃圾邮件的“贡献” “禁毒”：全世界的持久战 盲区：损失多大？ 网络安全不再仅仅是终端的事 网络成为一种关键基础设施，网络的瘫痪带来严重影响 生产停顿；交易中断； 招生、科研、旅行、etc. 传统的很多概念受到挑战 防病毒不再是全部 别人的主机不安全，也会影响到自己 网管成为网络安全保障的前线 网络供应商需要为网络的安全运行提供保障 Etc. 为什么还不安全？ 领导重视了 资金到位了 设备购买了 方案论证了 可是………….. 关键是速度 Response ‘in time’ is the KEY : Challenges for being ‘in time’ The race Attackers： Vulnerability discovery Attacking code（malware） programming (a little bit testing, maybe) Release malware Defenders： Vulnerability discovery Information delivery Patch development Patch delivery Risk scan Attacking monitoring Malware analysis Propagation Control Patch tools delivery Infected computers recovery Upgrade adjustment/evaluation How fast are our enemies? Vulnerability discovered: at any time New attacking malware appear: few weeks after the vulnerability is published （still becoming shorter） NOW 0-DAY ATTACK appears 10 to 30 minutes is enough for a new worm to make the whole Internet congested (also might be shorter) What we are facing : The network we are going to protect : 87 million Netizens More than 36 million online computers More than 600,000 websites Nearly 54G international bandwidth （from CNNIC, 14th survey till June 30. 2004. each figure is increasing dramatically!） Thousands of vulnerabilities are reported each year (according to CERT/CC) People NEVER patch or upgrade in time (according to the reality. but maybe they should not be blamed) The whole world is connected, attacking might come from any corner at any time We NEVER have enough qualified security staff (do you have a superman who knows everything and never need a rest?) …… Do we have any chances to win? 一些主要的误区 要是用户都及时打补丁…… 买了更好的产品，可以高枕无忧了…… 找个高手，解决问题…… 内外网隔离，还怕什么？ …… 正确理解应急响应 安全是一个动态的过程 “动态”的问题： 网络和系统的组