In 2011, the cyber security community was able to claim constant and frequent incidents. One of the most eye-catching is the ever-expanding data leakage incident, the phone safety and security issues that have ignited the public and many major APT (advanced continuous threat) attacks.
Website database information leaks explodes Internet users’ security panic has caused a lot of attention recently because of the leakage of user data in domestic mainstream professional and technical websites, social platforms, e-commerce and e-government websites, including CSDN, Renren, Tianya and Dangdang.com. Many Internet companies such as Lilynet, followed by rumors of data leakage from multiple bank users.
In 2011, we saw too many data leakage incidents. The hacking incident that Sony began in April directly led to the information of 77 million customers in its online PlayStation network, including the theft of credit card accounts, which cost US$170 million; it was Citibank and Best Buy. E-mails of millions of consumers, such as Epsilon, an e-mail marketing company that provides advertising services for well-known companies, were stolen. (Related Topics: Major Hidden Attacks in the First Half of 2011) If these data leakage cases that occurred mainly in foreign countries did not make us feel painful, then the data leakage incidents that occurred at the end of the year with many domestic Internet users caused us to generate information security for the Internet. Serious doubts.
In addition, some websites do not take proper security measures for user information, and even save key information such as user passwords in the form of clear texts. These information leakage incidents have sounded an alarm for the company's protection of website security and database security. The biggest victims of these information leakage incidents are users, because the change of passwords caused by these incidents also makes people strongly question the security of the website and endanger the development of the Internet.
From similar incidents in foreign countries, the expansion and upgrading of data leakage in South Korea directly led to the abolition of the Internet's real name system in South Korea. (Related Articles: South Korea will revise its network real name system to deal with leaks)
Mobile phone security has become a hot topic and this also harms the privacy of the majority of users and there are many mobile phone security issues. The smart phone won a milestone victory in 2011 and became the mainstream. Once mobile phone giant Nokia switched to Microsoft to develop a smart machine (in 2912, it is expected to be launched). However, smart phones have been criticized in the security field. In March 2011, when Google discovered 50 Android applications as malicious programs, it was forced to remove these applications from its Android Market. In December, Google removed 22 applications that were found to contain fraudulent software from its mobile application store, Android Market. Mobile phone malware presents a rapid growth trend.
The CarrierIQ incident that broke out in December 2011 also caused public concern and suspicion. Many mainstream mobile operators in the United States preloaded the software provided by CarrierIQ in the 141 million mobile phones of users such as Apple, HTC, and Samsung. The software defaults. Running in the background, it can record the keystroke behavior of all buttons on the hardware and software, monitor all sending and receiving messages, and record Internet behavior. (Related Articles: CarrierIQ Incident Alarmed US Congress)
Similarly, the United Kingdom’s “The News of the Worldâ€, which was shut down in July 2011 for eavesdropping scandals, condemned the 168-year-old newspaper for eavesdropping on mobile phones for crime victims, celebrities, and politicians. (Related article: "The News of the World" eavesdropping scandal was shut down to focus on mobile security)
In fact, the security of mobile phones not only makes the general public feel a headache, but it is also a major security risk for enterprises. Because more and more employees use their mobile phones to access personal information, they also use mobile phones to access corporate business information. How to manage these mobile devices to achieve the same security and efficiency, and prevent the company's key data leakage has become a business must consider.
APT inspires the company's security nerves. In March 2011, RSA (the world's top security vendor, many large corporations and government agencies used RSASecureID as authentication credentials) was attacked by APT, some SecurID technical information and customer information were stolen, and many later used SecurID as authentication. The companies that established the VPN network - including Lockheed Martin and Northrop, and other US defense outsourcers - have been attacked successively and important data have been stolen. There is also a super factory virus for the Iranian nuclear power plant, targeting ShadyRAT attacks by the U.S. government, the UN, the Red Cross, weapons manufacturers, energy companies, and financial companies. (Related Articles: APT Attack Research and Enterprise Defensive System Defects Analysis)
An Advanced Persistent Threat (APT) is an advanced persistent threat, or an attack targeted at a specific target. It is an entire process of targeted execution of a series of targeted attacks in order to obtain important information from an organization or even a country. One of the things that makes APT hard to prevent is that it is not 100% safe. Attackers can always find the loopholes. (Related Articles: Best Practices for Companies to Cope with APT) Due to its strong destructive nature, some people have even raised it to the height of the national cyber war. The APT attack makes network security the same as the security in the real environment. It has attracted the attention of large enterprises and government organizations. How to construct a solid network security defense system has also caused a lot of discussion in the industry.
In 2011, cyber security vendors also made innovations in security products and concepts based on insights into changes in the entire IT environment. The hottest keywords mentioned by vendors in 2011 are the concepts of next-generation firewalls, cloud computing security services, and information security systems.
The next-generation firewall authoritative IT research and consulting firm Gartner gave the most recognized definition of next-generation firewalls in 2009 to describe the changing needs of firewall products in response to attacks, business processes, and the changing use of IT. The inevitable stage of experience. According to Gartner, the next-generation firewall (NGFW) is a versatile, integrated, wire-speed network security processing platform that contains all standard features, namely common network functions such as network address translation (NAT), packet filtering, and stateful packets. The detection function, and application identification, control and visualization are its important core features. Many network security companies, including Barracuda, Neusoft, Scorpio, SonicWALL, Juniper, PaloAlto, CheckPoint, and Evergate Networks, have successively introduced next-generation firewall products, which were promoted in 2011. (Related Articles: Juniper and PaloAlto: Legal Proceedings for Next-Generation Firewalls)
Security Threat Defense System In order to deal with threats, enterprises need to establish a complete security threat defense system, and use such a system or analysis model to build a solid defense barrier, blocking out attacks as much as possible.
As APT attacks have become increasingly rampant, many security vendors have also proposed their own information security system concepts. At the 2011 RSA Conference, RSA chairman Arthur. W. Covello proposed a high-end defense strategy to deal with high-end threats, that is, establish a high-level security system, emphasizing that advanced security systems should be based on risks (understanding their own existing loopholes and the value of assets that may be attacked), and have the flexibility to Combine advanced and continuous monitoring techniques, and analyze specific contexts (uses big data technology to intelligently analyze data). (Related article: 2011 RSA Security Conference: RSA Chairman Discusses Strategies to Address High-End Threats). However, big data technology is still in its infancy. The construction of such an advanced security system still needs time.
ArtGilliland, senior vice president of corporate information security at Symantec, proposed to analyze the possible threats of a company from the typical steps of a cyber attack and the possible existence of security threats (as shown below), and build a complete defense system. Therefore, in the access link, the defense policy is mainly to perform admission control and block risk access points from connecting to the company intranet. Unfortunately, access to corporate intranets, such as mobile devices, through the home Internet, is a risky access point for the security department, but in order to ensure the flexibility of the business, this risk access must be allowed. In the process of attacking intrusions and stealing information, the most important thing is to protect the company's critical and sensitive information. For this reason, enterprises need to know the location of sensitive information storage, track the entire process of data movement and use, and encrypt it to prevent it from being illegally acquired and destroyed. If the attack is successful, you need to develop a contingency plan that includes backup and data and system recovery, and how the media and the public explain it, the faster the response, the less damage it will incur. (Related Articles: How to Build a Complete Security Threat Defense System)
The word cloud security is often referred to. One refers to security in the cloud computing environment and the other applies cloud computing technology to the security domain. The security issues in the cloud environment mainly include the technical and management issues under the virtualized environment; the cloud service model brings about the separation of ownership management and use rights, and how to define the different responsibilities between users and service providers will be a big problem. In addition, the cloud platform gathers a large number of user applications and data resources. How these resources are safely isolated is a security issue that needs to be considered in the cloud environment. (Related Articles: Bit Observing: Diverging through the Clouds of Cloud Computing Security) These security issues have basically put forward corresponding solutions, which are also being promoted by many network security vendors and third-party organizations.
In terms of anti-virus, Trend Micro is currently the biggest player in virtualization security. Together with VMware, it has developed antivirus-free agentless security for virtual machines and integrates seamlessly with virtualization. This strategy was proposed by VMware and aims to solve the problem that traditional agent-based anti-virus software will affect machine performance when scanning a virtualized environment. However, Symantec did not completely agree with VMware's agentless security approach, saying that "without an agent, virus prevention cannot be completely resolved." (VMware aggressively expands its virtualized and secure partner ecosystem)
In terms of providing virtualized traffic visibility, many vendors have already introduced corresponding solutions. For example, NetOptics' Phantom virtual tap can monitor the traffic between virtual machines (VMs) on a single physical server, providing comprehensive visibility into the traffic between virtual machines on the hypervisor stack.
For the application of cloud computing technologies to the security field, that is, to implement security functions in the cloud service model, more and more security vendors are gradually moving their security products to the cloud and delivering them through the service model. In 2012, there will be more and more secure cloud services.
By sorting out key security incidents and security concepts in 2011, we discovered that the entire cyber security field is becoming deeper with the degree of informatization, presenting increasingly complex security threats and increasing security demands. Combined with changes in new IT environments such as mobile, social media, IT consumerization, virtualization, and cloud computing, the entire security technology and solutions need to be constantly updated. Perhaps this is the reason why secure cloud services will be popular because it Make professional people do professional work, and provide corresponding security protection in real time as the security situation changes without having to replace equipment and systems.
Standing at the new starting point in 2012, let us look forward to new developments in data security, virtualization security, secure cloud services, and threat defense systems.
Website database information leaks explodes Internet users’ security panic has caused a lot of attention recently because of the leakage of user data in domestic mainstream professional and technical websites, social platforms, e-commerce and e-government websites, including CSDN, Renren, Tianya and Dangdang.com. Many Internet companies such as Lilynet, followed by rumors of data leakage from multiple bank users.
In 2011, we saw too many data leakage incidents. The hacking incident that Sony began in April directly led to the information of 77 million customers in its online PlayStation network, including the theft of credit card accounts, which cost US$170 million; it was Citibank and Best Buy. E-mails of millions of consumers, such as Epsilon, an e-mail marketing company that provides advertising services for well-known companies, were stolen. (Related Topics: Major Hidden Attacks in the First Half of 2011) If these data leakage cases that occurred mainly in foreign countries did not make us feel painful, then the data leakage incidents that occurred at the end of the year with many domestic Internet users caused us to generate information security for the Internet. Serious doubts.
In addition, some websites do not take proper security measures for user information, and even save key information such as user passwords in the form of clear texts. These information leakage incidents have sounded an alarm for the company's protection of website security and database security. The biggest victims of these information leakage incidents are users, because the change of passwords caused by these incidents also makes people strongly question the security of the website and endanger the development of the Internet.
From similar incidents in foreign countries, the expansion and upgrading of data leakage in South Korea directly led to the abolition of the Internet's real name system in South Korea. (Related Articles: South Korea will revise its network real name system to deal with leaks)
Mobile phone security has become a hot topic and this also harms the privacy of the majority of users and there are many mobile phone security issues. The smart phone won a milestone victory in 2011 and became the mainstream. Once mobile phone giant Nokia switched to Microsoft to develop a smart machine (in 2912, it is expected to be launched). However, smart phones have been criticized in the security field. In March 2011, when Google discovered 50 Android applications as malicious programs, it was forced to remove these applications from its Android Market. In December, Google removed 22 applications that were found to contain fraudulent software from its mobile application store, Android Market. Mobile phone malware presents a rapid growth trend.
The CarrierIQ incident that broke out in December 2011 also caused public concern and suspicion. Many mainstream mobile operators in the United States preloaded the software provided by CarrierIQ in the 141 million mobile phones of users such as Apple, HTC, and Samsung. The software defaults. Running in the background, it can record the keystroke behavior of all buttons on the hardware and software, monitor all sending and receiving messages, and record Internet behavior. (Related Articles: CarrierIQ Incident Alarmed US Congress)
Similarly, the United Kingdom’s “The News of the Worldâ€, which was shut down in July 2011 for eavesdropping scandals, condemned the 168-year-old newspaper for eavesdropping on mobile phones for crime victims, celebrities, and politicians. (Related article: "The News of the World" eavesdropping scandal was shut down to focus on mobile security)
In fact, the security of mobile phones not only makes the general public feel a headache, but it is also a major security risk for enterprises. Because more and more employees use their mobile phones to access personal information, they also use mobile phones to access corporate business information. How to manage these mobile devices to achieve the same security and efficiency, and prevent the company's key data leakage has become a business must consider.
APT inspires the company's security nerves. In March 2011, RSA (the world's top security vendor, many large corporations and government agencies used RSASecureID as authentication credentials) was attacked by APT, some SecurID technical information and customer information were stolen, and many later used SecurID as authentication. The companies that established the VPN network - including Lockheed Martin and Northrop, and other US defense outsourcers - have been attacked successively and important data have been stolen. There is also a super factory virus for the Iranian nuclear power plant, targeting ShadyRAT attacks by the U.S. government, the UN, the Red Cross, weapons manufacturers, energy companies, and financial companies. (Related Articles: APT Attack Research and Enterprise Defensive System Defects Analysis)
An Advanced Persistent Threat (APT) is an advanced persistent threat, or an attack targeted at a specific target. It is an entire process of targeted execution of a series of targeted attacks in order to obtain important information from an organization or even a country. One of the things that makes APT hard to prevent is that it is not 100% safe. Attackers can always find the loopholes. (Related Articles: Best Practices for Companies to Cope with APT) Due to its strong destructive nature, some people have even raised it to the height of the national cyber war. The APT attack makes network security the same as the security in the real environment. It has attracted the attention of large enterprises and government organizations. How to construct a solid network security defense system has also caused a lot of discussion in the industry.
In 2011, cyber security vendors also made innovations in security products and concepts based on insights into changes in the entire IT environment. The hottest keywords mentioned by vendors in 2011 are the concepts of next-generation firewalls, cloud computing security services, and information security systems.
The next-generation firewall authoritative IT research and consulting firm Gartner gave the most recognized definition of next-generation firewalls in 2009 to describe the changing needs of firewall products in response to attacks, business processes, and the changing use of IT. The inevitable stage of experience. According to Gartner, the next-generation firewall (NGFW) is a versatile, integrated, wire-speed network security processing platform that contains all standard features, namely common network functions such as network address translation (NAT), packet filtering, and stateful packets. The detection function, and application identification, control and visualization are its important core features. Many network security companies, including Barracuda, Neusoft, Scorpio, SonicWALL, Juniper, PaloAlto, CheckPoint, and Evergate Networks, have successively introduced next-generation firewall products, which were promoted in 2011. (Related Articles: Juniper and PaloAlto: Legal Proceedings for Next-Generation Firewalls)
Security Threat Defense System In order to deal with threats, enterprises need to establish a complete security threat defense system, and use such a system or analysis model to build a solid defense barrier, blocking out attacks as much as possible.
As APT attacks have become increasingly rampant, many security vendors have also proposed their own information security system concepts. At the 2011 RSA Conference, RSA chairman Arthur. W. Covello proposed a high-end defense strategy to deal with high-end threats, that is, establish a high-level security system, emphasizing that advanced security systems should be based on risks (understanding their own existing loopholes and the value of assets that may be attacked), and have the flexibility to Combine advanced and continuous monitoring techniques, and analyze specific contexts (uses big data technology to intelligently analyze data). (Related article: 2011 RSA Security Conference: RSA Chairman Discusses Strategies to Address High-End Threats). However, big data technology is still in its infancy. The construction of such an advanced security system still needs time.
ArtGilliland, senior vice president of corporate information security at Symantec, proposed to analyze the possible threats of a company from the typical steps of a cyber attack and the possible existence of security threats (as shown below), and build a complete defense system. Therefore, in the access link, the defense policy is mainly to perform admission control and block risk access points from connecting to the company intranet. Unfortunately, access to corporate intranets, such as mobile devices, through the home Internet, is a risky access point for the security department, but in order to ensure the flexibility of the business, this risk access must be allowed. In the process of attacking intrusions and stealing information, the most important thing is to protect the company's critical and sensitive information. For this reason, enterprises need to know the location of sensitive information storage, track the entire process of data movement and use, and encrypt it to prevent it from being illegally acquired and destroyed. If the attack is successful, you need to develop a contingency plan that includes backup and data and system recovery, and how the media and the public explain it, the faster the response, the less damage it will incur. (Related Articles: How to Build a Complete Security Threat Defense System)
The word cloud security is often referred to. One refers to security in the cloud computing environment and the other applies cloud computing technology to the security domain. The security issues in the cloud environment mainly include the technical and management issues under the virtualized environment; the cloud service model brings about the separation of ownership management and use rights, and how to define the different responsibilities between users and service providers will be a big problem. In addition, the cloud platform gathers a large number of user applications and data resources. How these resources are safely isolated is a security issue that needs to be considered in the cloud environment. (Related Articles: Bit Observing: Diverging through the Clouds of Cloud Computing Security) These security issues have basically put forward corresponding solutions, which are also being promoted by many network security vendors and third-party organizations.
In terms of anti-virus, Trend Micro is currently the biggest player in virtualization security. Together with VMware, it has developed antivirus-free agentless security for virtual machines and integrates seamlessly with virtualization. This strategy was proposed by VMware and aims to solve the problem that traditional agent-based anti-virus software will affect machine performance when scanning a virtualized environment. However, Symantec did not completely agree with VMware's agentless security approach, saying that "without an agent, virus prevention cannot be completely resolved." (VMware aggressively expands its virtualized and secure partner ecosystem)
In terms of providing virtualized traffic visibility, many vendors have already introduced corresponding solutions. For example, NetOptics' Phantom virtual tap can monitor the traffic between virtual machines (VMs) on a single physical server, providing comprehensive visibility into the traffic between virtual machines on the hypervisor stack.
For the application of cloud computing technologies to the security field, that is, to implement security functions in the cloud service model, more and more security vendors are gradually moving their security products to the cloud and delivering them through the service model. In 2012, there will be more and more secure cloud services.
By sorting out key security incidents and security concepts in 2011, we discovered that the entire cyber security field is becoming deeper with the degree of informatization, presenting increasingly complex security threats and increasing security demands. Combined with changes in new IT environments such as mobile, social media, IT consumerization, virtualization, and cloud computing, the entire security technology and solutions need to be constantly updated. Perhaps this is the reason why secure cloud services will be popular because it Make professional people do professional work, and provide corresponding security protection in real time as the security situation changes without having to replace equipment and systems.
Standing at the new starting point in 2012, let us look forward to new developments in data security, virtualization security, secure cloud services, and threat defense systems.
SUNPLUS MASKING TAPE Professional Automotive High Temperature Resistance. With a high temperature resistant masking tape coated with rubber based and has good stick firmness.
Sunplus Abrasives Co.,Ltd is a leading company in the field of researching and manufacturing premium quality coated abrasives for a wide range of applications.
Founded in 2004, Sunplus has developed into an enterprise with the leading fully - automated Germany system production line and technology to make high
and stable quality sandpaper. All our materials are imported from Europe, Japan and Korea, which assures high quality products from the source.
We constantly invest in research and development so as to ensure that our products will always be a step ahead of competition.
90°C Masking Tapes,Auto Painters Tape,Auto Masking Tape,Masking Tape Auto Painters Tape
GUANGZHOU SUNPLUS TECHNOLOGY CO.,LTD , https://www.sunplussandpaper.com