In 2011, the cyber security community could be called to keep up with frequent incidents. One of the most eye-catching is the continuous data leakage incidents, phone privacy and security issues and many major APT (advanced continuous threat) attacks.
Website database information leaks explodes Internet users’ security panic has caused a lot of attention recently because of the leakage of user data in domestic mainstream professional and technical websites, social platforms, e-commerce and e-government websites, including CSDN, Renren, Tianya and Dangdang.com. Many Internet companies such as Lilynet, followed by rumors of data leakage from multiple bank users.
In 2011, we saw too many data leakage incidents. The hacking incident that Sony began in April directly led to the information of 77 million customers on its online PlayStation network, including the theft of credit card accounts, with a loss of US$170 million; for Citibank and Best Buy E-mails of millions of consumers, such as Epsilon, an e-mail marketing company that provides advertising services for well-known companies, were stolen. (Related Topics: Major Hidden Attacks in the First Half of 2011) If these data leakage cases that occurred mainly in foreign countries did not make us feel painful, then the data leakage incidents that occurred at the end of the year with many domestic Internet users caused us to generate information security for the Internet. Serious doubts.
In addition, some websites do not take proper security measures for user information, and even use key texts to save key information such as user passwords. These information leakage events have sounded an alarm for the protection of website security and database security. The biggest victims of these information leakage incidents are users, because the change of passwords caused by these incidents also makes people strongly question the security of the website and endanger the development of the Internet.
From similar incidents in foreign countries, the expansion and upgrading of data leakage in South Korea directly led to the abolition of the Internet's real name system in South Korea. (Related Articles: South Korea will revise its network real name system to deal with leaks)
Mobile phone security has become a hot topic and this also harms the privacy of the majority of users and there are many mobile phone security issues. The smart phone won a milestone victory in 2011 and became the mainstream. Once mobile phone giant Nokia has switched to Microsoft to develop a smart machine (in 2912, it is expected to be launched). However, smart phones have been criticized in the security field. In March 2011, when Google discovered 50 Android applications as malicious programs, it was forced to remove these applications from its Android Market. In December, Google removed 22 applications that were found to contain fraudulent software from its mobile application store, Android Market. Mobile phone malware presents a rapid growth trend.
The CarrierIQ incident that broke out in December 2011 also caused public concern and suspicion. Many mainstream mobile operators in the United States preloaded the software provided by CarrierIQ in the 141 million mobile phones of users such as Apple, HTC, and Samsung. The software defaults. Running in the background, it can record the keystroke behavior of all buttons on the hardware and software, monitor all sending and receiving messages, and record Internet behavior. (Related Articles: CarrierIQ Incident Alarmed US Congress)
Similarly, the United Kingdom’s “The News of the Worldâ€, which was shut down in July 2011 for eavesdropping scandals, condemned the 168-year-old newspaper for eavesdropping on mobile phones for crime victims, celebrities, and politicians. (Related article: "The News of the World" eavesdropping scandal was shut down and mobile phone security became the focus)
In fact, the security of mobile phones not only makes the general public feel a headache, but it is also a major security risk for enterprises. Because more and more employees use their mobile phones to access personal information, they also use mobile phones to access corporate business information. How to manage these mobile devices to achieve the same security and efficiency, and prevent the company's key data leakage has become a business must consider.
APT inspires the company's security nerves. In March 2011, RSA (the top international security vendor, many large corporations and government agencies used RSASecureID as authentication credentials) was attacked by APT, some SecurID technical information and customer information were stolen, and many later used SecurID as authentication. The companies that established the VPN network, including US defense outsourcing companies including Lockheed Martin and Northrop, have been attacked and important data have been stolen. There is also a super factory virus for the Iranian nuclear power plant, targeting ShadyRAT attacks by the U.S. government, the UN, the Red Cross, weapons manufacturers, energy companies, and financial companies. (Related Articles: APT Attack Research and Enterprise Defensive System Defects Analysis)
An Advanced Persistent Threat (APT) is an advanced persistent threat, or an attack targeted at a specific target. It is an entire process of targeted execution of a series of targeted attacks in order to obtain important information from an organization or even a country. One of the things that makes APT hard to prevent is that it is not 100% safe. Attackers can always find the loopholes. (Related Articles: Best Practices for Companies to Cope with APT) Due to its strong destructive nature, some people have even raised it to the height of the national cyber war. The APT attack makes network security the same as the security in the real environment. It has attracted the attention of large enterprises and government organizations. How to construct a solid network security defense system has also caused a lot of discussion in the industry.
In 2011, cyber security vendors also made innovations in security products and concepts based on insights into changes in the entire IT environment. The hottest keywords mentioned by vendors in 2011 are the concepts of next-generation firewalls, cloud computing security services, and information security systems.
The next-generation firewall authoritative IT research and consulting firm Gartner gave the most recognized definition of next-generation firewalls in 2009 to describe the changing needs of firewall products in response to attacks, business processes, and the changing use of IT. The inevitable stage of experience. According to Gartner, the next-generation firewall (NGFW) is a versatile, integrated, wire-speed network security processing platform that includes all standard functions, namely common network functions such as network address translation (NAT), packet filtering, and stateful packets. The detection function, and application identification, control and visualization are its important core features. Many network security companies, including Barracuda, Neusoft, Scorpio, SonicWALL, Juniper, PaloAlto, CheckPoint, and Evergate Networks, have successively introduced next-generation firewall products, which were promoted in 2011. (Related Articles: Juniper and PaloAlto: Legal Proceedings for Next-Generation Firewalls)
Security Threat Defense System In order to deal with threats, enterprises need to establish a complete security threat defense system, and use such a system or analysis model to build a solid defense barrier, blocking out attacks as much as possible.
As APT attacks have become increasingly rampant, many security vendors have also proposed their own information security system concepts. At the 2011 RSA Conference, RSA chairman Arthur W. Kovilo put forward a high-end defense strategy in response to high-end threats, namely the establishment of advanced security systems, emphasizing that advanced security systems should be based on risks (understanding their existing loopholes and The value of assets that may be attacked), flexibility (ability to incorporate advanced, continuous monitoring techniques), ability to analyze in conjunction with specific contexts (intelligent analysis of data using big data technology). (Related article: 2011 RSA Security Conference: RSA Chairman Discusses Strategies to Address High-End Threats). However, big data technology is still in its infancy. The construction of such an advanced security system still needs time.
ArtGilliland, senior vice president of corporate information security at Symantec, proposed to analyze the possible threats to the company from the typical steps of a cyber attack and possible security threats (as shown in the figure below), and to build a complete defense system. Therefore, in the access link, the defense policy is mainly to perform admission control and block risk access points from connecting to the company intranet. Unfortunately, access to corporate intranets, such as mobile devices, through the home Internet, is a risky access point for the security department, but in order to ensure the flexibility of the business, this risk access must be allowed. In the process of attacking intrusions and stealing information, the most important thing is to protect the company's critical and sensitive information. For this reason, enterprises need to know the location of sensitive information storage, track the entire process of data movement and use, and encrypt it to prevent it from being illegally acquired and destroyed. If the attack is successful, you need to develop a contingency plan that includes backup and data and system recovery, and how the media and the public explain it, the faster the response, the less damage it will incur. (Related Articles: How to Build a Complete Security Threat Defense System)
The word cloud security is often referred to. One refers to security in the cloud computing environment and the other applies cloud computing technology to the security domain. The security issues in the cloud environment mainly include the technical and management issues under the virtualized environment; the cloud service model brings about the separation of ownership management and use rights, and how to define the different responsibilities between users and service providers will be a big problem. In addition, the cloud platform gathers a large number of user applications and data resources. How these resources are safely isolated is a security issue that needs to be considered in the cloud environment. (Related Articles: Bit Observing: Diverging through the Clouds of Cloud Computing Security) These security issues have basically put forward corresponding solutions, which are also being promoted by many network security vendors and third-party organizations.
In terms of anti-virus, Trend Micro is currently the biggest player in virtualization security. Together with VMware, it has developed antivirus-free agentless security for virtual machines and integrates seamlessly with virtualization. This strategy was proposed by VMware and aims to solve the problem that traditional agent-based anti-virus software will affect machine performance when scanning a virtualized environment. However, Symantec does not fully agree with VMware's agentless security approach, saying that 'without an agent, it cannot completely solve the virus prevention'. (VMware aggressively expands its virtualized and secure partner ecosystem)
In terms of providing virtualized traffic visibility, many vendors have already introduced corresponding solutions. For example, NetOptics' Phantom virtual tap can monitor the traffic between virtual machines (VMs) on a single physical server, providing comprehensive visibility into the traffic between virtual machines on the hypervisor stack.
For the application of cloud computing technologies to the security field, that is, to implement security functions in the cloud service model, more and more security vendors are gradually moving their security products to the cloud and delivering them through the service model. In 2012, there will be more and more secure cloud services.
By sorting out key security incidents and security concepts in 2011, we discovered that the entire cyber security field is becoming deeper with the degree of informatization, presenting increasingly complex security threats and increasing security demands. Combined with changes in new IT environments such as mobile, social media, IT consumerization, virtualization, and cloud computing, the entire security technology and solutions need to be constantly updated. Perhaps this is the reason why secure cloud services will be popular because it Make professional people do professional work, and provide corresponding security protection in real time as the security situation changes without having to replace equipment and systems.
Standing at the new starting point in 2012, let us look forward to new developments in data security, virtualization security, secure cloud services, and threat defense systems.
Website database information leaks explodes Internet users’ security panic has caused a lot of attention recently because of the leakage of user data in domestic mainstream professional and technical websites, social platforms, e-commerce and e-government websites, including CSDN, Renren, Tianya and Dangdang.com. Many Internet companies such as Lilynet, followed by rumors of data leakage from multiple bank users.
In 2011, we saw too many data leakage incidents. The hacking incident that Sony began in April directly led to the information of 77 million customers on its online PlayStation network, including the theft of credit card accounts, with a loss of US$170 million; for Citibank and Best Buy E-mails of millions of consumers, such as Epsilon, an e-mail marketing company that provides advertising services for well-known companies, were stolen. (Related Topics: Major Hidden Attacks in the First Half of 2011) If these data leakage cases that occurred mainly in foreign countries did not make us feel painful, then the data leakage incidents that occurred at the end of the year with many domestic Internet users caused us to generate information security for the Internet. Serious doubts.
In addition, some websites do not take proper security measures for user information, and even use key texts to save key information such as user passwords. These information leakage events have sounded an alarm for the protection of website security and database security. The biggest victims of these information leakage incidents are users, because the change of passwords caused by these incidents also makes people strongly question the security of the website and endanger the development of the Internet.
From similar incidents in foreign countries, the expansion and upgrading of data leakage in South Korea directly led to the abolition of the Internet's real name system in South Korea. (Related Articles: South Korea will revise its network real name system to deal with leaks)
Mobile phone security has become a hot topic and this also harms the privacy of the majority of users and there are many mobile phone security issues. The smart phone won a milestone victory in 2011 and became the mainstream. Once mobile phone giant Nokia has switched to Microsoft to develop a smart machine (in 2912, it is expected to be launched). However, smart phones have been criticized in the security field. In March 2011, when Google discovered 50 Android applications as malicious programs, it was forced to remove these applications from its Android Market. In December, Google removed 22 applications that were found to contain fraudulent software from its mobile application store, Android Market. Mobile phone malware presents a rapid growth trend.
The CarrierIQ incident that broke out in December 2011 also caused public concern and suspicion. Many mainstream mobile operators in the United States preloaded the software provided by CarrierIQ in the 141 million mobile phones of users such as Apple, HTC, and Samsung. The software defaults. Running in the background, it can record the keystroke behavior of all buttons on the hardware and software, monitor all sending and receiving messages, and record Internet behavior. (Related Articles: CarrierIQ Incident Alarmed US Congress)
Similarly, the United Kingdom’s “The News of the Worldâ€, which was shut down in July 2011 for eavesdropping scandals, condemned the 168-year-old newspaper for eavesdropping on mobile phones for crime victims, celebrities, and politicians. (Related article: "The News of the World" eavesdropping scandal was shut down and mobile phone security became the focus)
In fact, the security of mobile phones not only makes the general public feel a headache, but it is also a major security risk for enterprises. Because more and more employees use their mobile phones to access personal information, they also use mobile phones to access corporate business information. How to manage these mobile devices to achieve the same security and efficiency, and prevent the company's key data leakage has become a business must consider.
APT inspires the company's security nerves. In March 2011, RSA (the top international security vendor, many large corporations and government agencies used RSASecureID as authentication credentials) was attacked by APT, some SecurID technical information and customer information were stolen, and many later used SecurID as authentication. The companies that established the VPN network, including US defense outsourcing companies including Lockheed Martin and Northrop, have been attacked and important data have been stolen. There is also a super factory virus for the Iranian nuclear power plant, targeting ShadyRAT attacks by the U.S. government, the UN, the Red Cross, weapons manufacturers, energy companies, and financial companies. (Related Articles: APT Attack Research and Enterprise Defensive System Defects Analysis)
An Advanced Persistent Threat (APT) is an advanced persistent threat, or an attack targeted at a specific target. It is an entire process of targeted execution of a series of targeted attacks in order to obtain important information from an organization or even a country. One of the things that makes APT hard to prevent is that it is not 100% safe. Attackers can always find the loopholes. (Related Articles: Best Practices for Companies to Cope with APT) Due to its strong destructive nature, some people have even raised it to the height of the national cyber war. The APT attack makes network security the same as the security in the real environment. It has attracted the attention of large enterprises and government organizations. How to construct a solid network security defense system has also caused a lot of discussion in the industry.
In 2011, cyber security vendors also made innovations in security products and concepts based on insights into changes in the entire IT environment. The hottest keywords mentioned by vendors in 2011 are the concepts of next-generation firewalls, cloud computing security services, and information security systems.
The next-generation firewall authoritative IT research and consulting firm Gartner gave the most recognized definition of next-generation firewalls in 2009 to describe the changing needs of firewall products in response to attacks, business processes, and the changing use of IT. The inevitable stage of experience. According to Gartner, the next-generation firewall (NGFW) is a versatile, integrated, wire-speed network security processing platform that includes all standard functions, namely common network functions such as network address translation (NAT), packet filtering, and stateful packets. The detection function, and application identification, control and visualization are its important core features. Many network security companies, including Barracuda, Neusoft, Scorpio, SonicWALL, Juniper, PaloAlto, CheckPoint, and Evergate Networks, have successively introduced next-generation firewall products, which were promoted in 2011. (Related Articles: Juniper and PaloAlto: Legal Proceedings for Next-Generation Firewalls)
Security Threat Defense System In order to deal with threats, enterprises need to establish a complete security threat defense system, and use such a system or analysis model to build a solid defense barrier, blocking out attacks as much as possible.
As APT attacks have become increasingly rampant, many security vendors have also proposed their own information security system concepts. At the 2011 RSA Conference, RSA chairman Arthur W. Kovilo put forward a high-end defense strategy in response to high-end threats, namely the establishment of advanced security systems, emphasizing that advanced security systems should be based on risks (understanding their existing loopholes and The value of assets that may be attacked), flexibility (ability to incorporate advanced, continuous monitoring techniques), ability to analyze in conjunction with specific contexts (intelligent analysis of data using big data technology). (Related article: 2011 RSA Security Conference: RSA Chairman Discusses Strategies to Address High-End Threats). However, big data technology is still in its infancy. The construction of such an advanced security system still needs time.
ArtGilliland, senior vice president of corporate information security at Symantec, proposed to analyze the possible threats to the company from the typical steps of a cyber attack and possible security threats (as shown in the figure below), and to build a complete defense system. Therefore, in the access link, the defense policy is mainly to perform admission control and block risk access points from connecting to the company intranet. Unfortunately, access to corporate intranets, such as mobile devices, through the home Internet, is a risky access point for the security department, but in order to ensure the flexibility of the business, this risk access must be allowed. In the process of attacking intrusions and stealing information, the most important thing is to protect the company's critical and sensitive information. For this reason, enterprises need to know the location of sensitive information storage, track the entire process of data movement and use, and encrypt it to prevent it from being illegally acquired and destroyed. If the attack is successful, you need to develop a contingency plan that includes backup and data and system recovery, and how the media and the public explain it, the faster the response, the less damage it will incur. (Related Articles: How to Build a Complete Security Threat Defense System)
The word cloud security is often referred to. One refers to security in the cloud computing environment and the other applies cloud computing technology to the security domain. The security issues in the cloud environment mainly include the technical and management issues under the virtualized environment; the cloud service model brings about the separation of ownership management and use rights, and how to define the different responsibilities between users and service providers will be a big problem. In addition, the cloud platform gathers a large number of user applications and data resources. How these resources are safely isolated is a security issue that needs to be considered in the cloud environment. (Related Articles: Bit Observing: Diverging through the Clouds of Cloud Computing Security) These security issues have basically put forward corresponding solutions, which are also being promoted by many network security vendors and third-party organizations.
In terms of anti-virus, Trend Micro is currently the biggest player in virtualization security. Together with VMware, it has developed antivirus-free agentless security for virtual machines and integrates seamlessly with virtualization. This strategy was proposed by VMware and aims to solve the problem that traditional agent-based anti-virus software will affect machine performance when scanning a virtualized environment. However, Symantec does not fully agree with VMware's agentless security approach, saying that 'without an agent, it cannot completely solve the virus prevention'. (VMware aggressively expands its virtualized and secure partner ecosystem)
In terms of providing virtualized traffic visibility, many vendors have already introduced corresponding solutions. For example, NetOptics' Phantom virtual tap can monitor the traffic between virtual machines (VMs) on a single physical server, providing comprehensive visibility into the traffic between virtual machines on the hypervisor stack.
For the application of cloud computing technologies to the security field, that is, to implement security functions in the cloud service model, more and more security vendors are gradually moving their security products to the cloud and delivering them through the service model. In 2012, there will be more and more secure cloud services.
By sorting out key security incidents and security concepts in 2011, we discovered that the entire cyber security field is becoming deeper with the degree of informatization, presenting increasingly complex security threats and increasing security demands. Combined with changes in new IT environments such as mobile, social media, IT consumerization, virtualization, and cloud computing, the entire security technology and solutions need to be constantly updated. Perhaps this is the reason why secure cloud services will be popular because it Make professional people do professional work, and provide corresponding security protection in real time as the security situation changes without having to replace equipment and systems.
Standing at the new starting point in 2012, let us look forward to new developments in data security, virtualization security, secure cloud services, and threat defense systems.
Release Date:2012/1/18 11:58:42
Imitation spreading bird Feather Bird Ornament garden living room bonsai decorative bird feather handicraft bird.The collected feathers of many birds are applied with scissors, tweezers, scalpels, magnifying glasses and other objects used for surgery to connect the shape and color of the feathers, so as to carve out the above carved handicrafts with the theme of birds, or birds flying in the air, or birds perching on the branches, so that the small feathers can also become a spectacular handicraft.Simulation bird, fat bird, feather bird, magnetic bird, fridge, foam bird prop, mold, landscape decoration, fake bird.
Holiday Supplies,Halloween Supplies,Carnival Products,Bulk Holiday Supplies
Xintong Craft Gift Co.,LTD , https://www.ychcraft.com