World's first computer virus in the November 2, 1988 students from the Massachusetts Institute of Technology Robert Tappan Morris write. The virus total of only 99 lines of code, spread to a few hours later on the network at that time, there are several thousand infected UNIX servers . Today, the spread of the virus no longer have hours to measure time, but in between the minutes and seconds, it will spread all over the world. Not only that, these viruses are often mixed with spyware, spam, and phishing and other malicious programs We ushered in a new era of blended threats! threat in this contest and mixing, and time is nothing more than the competition. in competition with the threat of the time, we should start from where it?
two years ago, we have the six-month transition period to protect our systems against the latest vulnerabilities. And now, we have only ten days or less. For example, the outbreak of worm attacks more and more time is short, from the Initially the virus for up to 288 days, and now that the global losses from the time had less than two days, for this time difference, for many administrators are very difficult to effectively control these threats, to further resist it, you can protect yourself assets.
the possibility of attacks and unknown attacks have been so paralyzed before your business successful in protecting your business process support systems and applications, from the invasion of their IT managers are facing major challenges. To achieve this, companies must actively deployed in the network security technology, the establishment of proactive defense techniques. a number of attacks targeting the systems and applications support business processes in the loopholes, and these attacks will be equally astounding complexity speed continue to improve. McAfee Total Protection product marketing manager Ed Metcalf said:
When employees access to some games, shopping sites, but not have thought that spyware have unwittingly downloaded to your computer, and a little bit to steal business critical data. Therefore, prevention awareness is prerequisite for addressing security issues. In addition, the vulnerability of Microsoft's operating system is also rife malicious attackers often use the channel. administrators usually pay attention to loopholes in Microsoft's Windows, the system will be installed in time for the patch, but the system runs on third-party The service program is often overlooked. the system or database to run the remote access services, are vulnerable in varying degrees, but these vulnerabilities are sometimes fatal. Therefore, administrators should pay attention to loopholes in these companies released, and time to install patches or upgrade process. In addition, a similar flaw exists in the document processing application, such as Microsoft WORD documents, graphics files, PDF documents and video files Media Player. When the administrator opens the band malicious code overflow file, the system opens the door for the hacker, attracting hackers. against these vulnerabilities, an administrator must first raise awareness of prevention also requires regular users not to open unknown e-mail easily and in a timely manner of installing the appropriate patch file. there is a simple and effective way, it is necessary to strictly control the server administrator to install the program, to ensure the simplicity of the server, turn off unnecessary system services.
strengthen the patch management
Patch management can be said to be loopholes in the risk process to resolve an indispensable tool. patches may be the best way to close the loopholes. However, in the rapid development of the hacker era, we have much time to vendor patch? There are many Hackers can implement zero-day attacks, vulnerabilities published in the same time, there are already vulnerable for malicious programs appeared, and has the potential to cause damage to the enterprise network. Therefore, through vulnerability scanning, vulnerability assessment software category that security problems in order to take the initiative to solve these problems, is an effective technological means. patch management has long been considered the most convenient we can remove the bugs or loopholes to make up an effective means of these tools can quickly apply it in the network, and the defense is often effective The most significant may be correspondingly less likely to produce manslaughter.
However, patches for enterprise network or system is concerned, is a sensitive matter. face a new patch, network administrators need to consider more An increasing number, such as whether the new hair patches do a complete test, whether to consider the experimental environment and how it differed from the actual environment, so we compare these are confusing place. Another problem is that vendors release patches the timing of these and time.
host intrusion prevention is the best means of defense to stop the initiative to deploy and intercept unknown threats and the latest security threats. host intrusion prevention solution that can use multiple detection methods to help managers deal with the threat they face all the loopholes. activities without protection can block the latest update to the goal of zero-day vulnerability attacks. In addition, activities can also enforce the legal protection of the operating system and applications activities. The signature can accurately identify and block known attacks, dramatically reducing the false alarm rate. the system firewall to ensure compliance with application and system access policies. Some experts believe that the host has gone beyond traditional intrusion prevention security products, can effectively block use of applications and services that exist in launched buffer overflow vulnerability attacks. host intrusion prevention can take advantage of a variety of technologies to completely block zero-day attacks.
isolation when using a firewall is hard to find a good place, this time you can find a virtual border technology, for on specific network segment or make the appropriate scope of the development of the ACL control, you can make a different LAN requirements of border control, which is divided into a minimum unit, may also consider charging for many services provided by the host or external host can be drawn in which to consider a different LAN. From the technical point of view the present security and unified management should play a security role is an ideal solution. However, the unity of what? how reunification? this is the future we need to seriously think about.
No comments:
Post a Comment