英文原文.docx
- 文档编号:921050
- 上传时间:2023-04-30
- 格式:DOCX
- 页数:13
- 大小:25.15KB
英文原文.docx
《英文原文.docx》由会员分享,可在线阅读,更多相关《英文原文.docx(13页珍藏版)》请在冰点文库上搜索。
英文原文
WebSecurityPrivacy&Commerce
Therunningbattlebetweenhackersandnetworksecurityprofessionalshasmovedbeyondtheperimeterfirewalltohand-to-handcombatatindividualWebandcorporateservers.
AndnewsecurityweaponshaveemergedthatuseingeniousmethodstoprotectWebsitesandcorporatenetworksfromexternalandinternalsecuritythreats.Herearesomeofthelatesttoolsatyourdisposal.
Noexit
GillianG-Serverdoesn’tcarehowthehackergotinorwhatchangestheymayhavemadetoyourWebsite.GillianExitControltechnologypreventstheworldfromseeingtheconsequencesofasecuritybreach.
GillianG-ServersitsbetweentheWebserverandtherouterorfirewallthatconnectstheWebservertotheInternet,inspectingeverypieceofcontentthatgoesout.TheExitControlG-ServercontainsacollectionofdigitalsignaturesmadefromauthorizedWebcontentduringthepublicationprocess.
Eachtimethesitecontentproducerspublishaneworrevisedobject,theG-Serversavesadigitalbackupoftheobjectalongwithadigitalsignature.
SignaturesthatdonmatchsenduparedflagwhichtriggerstheG-Servertoimmediatelyreplaceaboguspagewithasecurearchivedcopyoftheoriginal,whilesimultaneouslyalertingappropriatepersonnel.
Tripwire,Inc.TripwireforServersisasimilardataandnetworkintegrityproduct.However,TripwireforServerstakesadifferentapproach——itssoftwareisloadedontotheserverthatyouwanttoprotect.Itmonitorsallfilechanges,whethertheyoriginatefrominsideoroutsidethecompany,andreportsbackifachangeviolatespredeterminedpolicies.
Honeypotsordecoys
Honeypotsaredesignedtolureandcontainanintruderonthenetwork.Honeypotsaredecoydevicesthatcandivertattacksfromproductionsystemsandletsecurityadministratorsstudyorunderstandwhathappeningonthenetwork.
ManTrap,fromRecourse,isapowerfulhoneypotthatdeployednexttodataservers,ifitbeingusedtodeflectinternalattacks,andlocatedoffthefirewallinthedemilitarizedzone(DMZ)ifitbeingusedagainstexternalthreats.Themajorityofusersdeployitinternallytogetsuspiciousactivityundercontrol.
Inthatscenario,aManTrapserverwouldbesetuptolooklikeafileserverthatstoresintellectualpropertyorbusinessplans.AsuccessfuldeploymentofManTrapdependsonavarietyoffactorsincludingquality,namingscheme,placementandsecuritypolicy.Forexample,deceptivedefensesaremosteffectivewhendeployedinquantitiesequaltoorgreaterthanthatoftheproductionsystem.Honeypotscangetexpensivewhichiswhycompaniesmustpickandchoosethecriticalserverstheywanttoprotect.
WhatattractsanattackertoManTrapisconfiguringittomakeitlookmorevulnerablethanotherservers.Oncethehackerisonthedecoyserver,securitymanagerscanlogthehackeractivityandgaininsightintowhattheintruderistryingtoaccomplish.
Fallintothegap
Airgaptechnologyprovidesaphysicalgapbetweentrustedanduntrustednetworks,creatinganisolatedpathformovingfilesbetweenanexternalserverandacompanyinternalnetworkandsystems.VendorsincludeRVTTechnologies,SpearheadTechnologyandWhaleCommunications.
Whalee-GapWebShuttleisanonprogrammabledevicethatswitchesamemorybankbetweentwocomputerhosts.Thee-GapWebShuttlecreatesanairgapbetweentheInternetandacompanyback-officesystems.Companiesmightusee-GapWebShuttlebetweenanexternalservicerunninge-commerceapplications,suchasonlinebanking,andinternaldatabasesthatmightbequeriedbyexternalusers.
Thee-Gapsystemconsistsofthee-GapappliancethatisattachedtotwoPChosts,oneinternalandoneexternal.TheinternalhostconnectstothecompanyinternalnetworkandtheexternalhostsitsintheDMZinfrontofthefirewall.
AllURLstoWebpagesaredirectedtoamocklocationontheexternalhost.Pagesdonotactuallyresideonthishost.Theexternalhoststripsofftheprotocolheaders,extractsonlythecontentoftheSecureSocketsLayer(SSL)trafficandpassesittothee-GapWebShuttle.Thee-GapWebShuttletransportstheencrypteddatatotheinternalhostusingatogglinge-disk.Thee-GapinternalhostdecryptsSSLtraffic,authenticatestheuserandfilterstheURLcontent.ItthenpassestheURLrequesttothecompanyproductionWebserverthatresidesontheback-officenetwork.
Thefixisin
Securityandvulnerabilityassessmenttools,designedtobeusedin-house,candetectweaknessesinanorganizationsystemsbeforeproblemsoccurandcanfixthoseproblems.
Retina3.0,fromeEye,scans,monitors,alertsandautomaticallyfixesnetworksecurityvulnerabilities.TheproductworksonWindowsNT4.0SP3orhigherandWindows2000.
Thesoftwareisinstalledonanymachinewithinthenetwork.ThenetworkadministratortypesinarangeofIPaddressestoscanandpushesabutton.Theproductscansthenetworkforvulnerabilities,softwareflawsandpolicyproblemsandreportsanyvulnerabilities.
Theproduct“fixit”featureprovidesnetworkadministratorwithadescriptionofanyfoundvulnerabilities,informationonhowtofixit,oraccesstoafixitbuttonthatcanrepairthevulnerabilitylocallyorremotely.
DemolishingDoSattacks
Perhapsoneofthenewestcategoriesofsecurityisproductsthattargetdenial-of-service(DoS)attacksandmore.Bydefinition,DoSattacksmakecomputersystemsinaccessiblebyexploitingsoftwarebugsoroverloadingserversornetworkssothatlegitimateuserscannolongeraccessthoseresources.Theproductcategoryissonewthatsomeproductsarestillinbetatestoronthecuspofenteringthemarketplace.
Goingafteroneofthemostmalicioustypesofcomputervandalism,theDoSattack,areArborNetworks,ofWaltham,Mass.;MazuNetworks,ofCambridge,Mass.;andAstaNetworksinSeattle.
Mazu’ssolutiontodistributedDoSattacksworksviaintelligenttrafficanalysisandfilteringacrossthenetwork.Amonitoringdevice,suchasapacketsnifferorpacketanalyzer,evaluatespacketsonthenetworkatspeedsupto1Gbit/sec.Amonitoringdevicethendetermineswhichtrafficneedstobefilteredout.
Thegood,thebadandtheugly
Thegoodnewsaboutallofthesenewsecuritytechniquesisthattheytheoreticallyoffercompaniesadditionallayersofsecurityprotection,providingbetteroverallsecurity.Whatthisultimatelymeanstobusinessesisthatadditionalsecuritymechanismscansucceedwhereothershavefailed.Anotherplusaboutsomeofthenewproductsisthattheyareoptimizedforaparticularapplication,suchasintegrityoftheWebservers.
However,aswithanytechnology,thereareprosandconstoconsider.Infact,therearesomedownsidestoimplementingthesenewsecurityproducts.Forexample:
Theyareallincrementalsolutions,notreplacements.
Theyrequireacertainamountofexpertise.
Manyvendorsarestart-upsandthereariskastohowlongtheylbearound.
Thereaconcern,inmanyITshops,aboutaddingpreventivecontrolsbecauseofassociatedoverhead——aconcernthatcanbeeasilyremediedbyinvestinginadditionalhorsepower.
Whattoomuch?
Whendoesacompanyruntheriskbecauseofhavingtoomanyproductstomanage?
Thebottomlineisthatsecurityisneveradonedeal.Itacontinuingprocessthatanewcropofinnovativevendorsaremakingmoreinteresting.
BenevolentWorms
Althoughtheprospectofusingvirustechnologytosimplifythetaskofdeliveringpatchesandsoftwareupdatesistempting,thedangerscanoutweighthebenefitswhentheprocessistooautomated.Forexample,theimprovedWindowsUpdatefeatureinWindowsXPnowallowspatchesandupdatestobedownloadedautomatically,althoughinstallationisstillattheuser’sdiscretion.
Trojanhorses,worms,andothermaliciouscodeformshaveproventobeincrediblysuccessfulatparalyzinge-mailsystemsandInternetproviders.Itisthereforeonlylogicaltoconceiveofwaystousethemforproductivepurposes,muchastheBibleexhortsitsreaderstobeattheirswordsintoplowsharesandtheirspearsintopruninghooks.
Granted,itwouldbewonderfulifITadministratorscoulddistributepatchesandsoftwareupdatestodesktopsandserversasquicklyasane-mailviruscanspreadfromonemachinetothenext.Butissuchamagicwandreallyagoodidea?
Well,maybenotexactly.Afterall,unlikethehumanimmunesystem,whichproducesdefenses,orantibodies,automatically,thecomputermustwaitforahumantoanalyzesamplesofacomputervirus,prepareantidotesandvaccinesforthatspecificsituation,andonlythenapplythecure.
Thisobservationalonewouldseemtodiscredittheideaofa“digitalimmunesystem”thatthesecuritycommunityhastossedaroundduringthepastfewyears,butthere’sanevenmoreimportantpointtoconsider.Similartothewaythatautoimmunediseasesturnthebody’sowndefensesagainstitself,socouldoneturnaviruslikesoftwaredeliverysystemagainstitsowncomputers.Althoughitwouldbedifficulttomonkeywiththedigitalcertificatesthatwouldconceivablybeusedtoidentifytrustedpatches,it’snotimpossibletosubvertthecertificateissuingsystem,asMicrosoftandVeriSignfoundtotheirdismaylastMarch.
Ultimately,aviruslikesoftwaredeliverysystemwouldrequiresoftwarepublisherstodeliberatelyputabackdoorintotheirsystems,andfewcustomerswilltoleratethatpractice,evenundershrinkwraplicensingterms.Becausethere’snoguaranteethatsuchatemptingtargetwouldn’tbeexploitedbyhackers,anyITmanagerdeployingsuchasystemwouldbefoolhardyintheextreme.
Virusbehaviorthatstandpointgotoseefromtheoperatesystem,issomenormalbehaviors,andsayfortheoperatesystemthat
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 英文 原文