Network security: it's time to take it seriously

“Network security is the most important thing on the planet”. We have heard these words uttered with great conviction many times. However, the first time it causes any inconvenience to system owners, administrators, or users, the same people hasten to add “except when it impacts performance, system complexity, or cost”. Let's face it. Security is usually discarded when it contends with performance. The reason is simple, and at one time it may have even been valid: performance directly contributes to the bottom line while security provides only indirect benefits. But as the world becomes more tightly interconnected, organizations are feeling a greater need to rediscover network security. A thread that spans most definitions of network security is the intent to consider the security of the network as a whole, rather than as an endpoint issue. A comprehensive network security plan must encompass all the elements that make up the network and provide five important services: access-provides users with the means to transmit and receive data to and from any network resources with which they are authorized to communicate; confidentiality-ensures that the information in the network remains private (usually through encryption); authentication-ensures that the sender of a message is who he claims to be; integrity-ensures that a message has not been modified in transit; nonrepudiation-ensures that the originator of the message cannot deny that he sent the message and this is useful for both commercial and legal reasons     

Security threats to critical infrastructure: the human factor

In the twenty-first century, globalisation made corporate boundaries invisible and difficult to manage. This new macroeconomic transformation caused by globalisation introduced new challenges for critical infrastructure management. By replacing manual tasks with automated decision making and sophisticated technology, no doubt we feel much more secure than half a century ago. As the technological advancement takes root, so does the maturity of security threats. It is common that today’s critical infrastructures are operated by non-computer experts, e.g. nurses in health care, soldiers in military or firefighters in emergency services. In such challenging applications, protecting against insider attacks is often neither feasible nor economically possible, but these threats can be managed using suitable risk management strategies. Security technologies, e.g. firewalls, help protect data assets and computer systems against unauthorised entry. However, one area which is often largely ignored is the human factor of system security. Through social engineering techniques, malicious attackers are able to breach organisational security via people interactions. This paper presents a security awareness training framework, which can be used to train operators of critical infrastructure, on various social engineering security threats such as spear phishing, baiting, pretexting, among others.     

基于Rootkit技术的终端安全防护研究

信息化的深入发展,给信息安全带来严峻挑战,也使得终端安全防护成为目前信息安全领域亟待解决的问题.深入分析了Rootkit技术,提出基于Rootkit对终端进行自身防护和安全监控,包括注册表、文件、进程的保护、隐藏、监控,打印、网络的管理以及文件加密,对终端进行全面的安全防护.     

Lightweight security for mobile commerce transactions

This paper describes a lightweight security mechanism for protecting electronic transactions conducted over the mobile platform. In a typical mobile computing environment, one or more of the transacting parties are based on some wireless handheld devices. Electronic transactions conducted over the mobile platform are gaining popularity and it is widely accepted that mobile computing is a natural extension of the wired Internet computing world. However, security over the mobile platform is more critical due to the open nature of wireless networks. Furthermore, security is more difficult to implement on the mobile platform because of the resource limitation of mobile handheld devices. Therefore, security mechanisms for protecting traditional computer communications need to be revisited so as to ensure that electronic transactions involving mobile devices can be secured and implemented in an effective manner. This research is part of our effort in designing security infrastructure for electronic commerce systems, which extend from the wired to the wireless Internet. A lightweight mechanism was designed to meet the security needs in face of the resource constraints. The proposed mechanism is proven to be practical in real deployment environment.     

一种内网端点安全系统的设计

当前很多企业部署了内部网络,并将内网作为信息发布和共享的平台,确保内网安全和端点安全的要求与日俱增,随着攻击工具和手段的日趋复杂多样,传统的防范手段已不能保证内网安全和端点安全。文章针对端点安全,研究了对非安全网络端点的识别和隔离方法,提出了一种内网端点安全系统的设计方案,基于现有网络设备和标准协议,可实现入侵检测和访问控制的功能,成本较低、结构简单、管理方便。     

Study and implementation of the virtual view in unix

The security of information systems is important. protecting them from the viewpoint of methodology has become the critical task of their planners and implementers. This article proposes a new idea about the virtual view based upon unix stemming from the usual view concept,analyzes the characteristics of the virtual view,and finally gives the way of realization of the virtual view.     

基于临界频带及能量熵的语音端点检测

语音端点检测的准确性直接关系着语音识别、合成、增强等语音领域的准确性,为了提高语音端点检测的有效性,提出了一种基于临界频带及能量熵的语音端点检测算法。算法充分利用人耳听觉特性的频率分布,将含噪语音信号进行临界频带划分,并结合各频带内信号的能量熵值在语音段和噪声段的不同分布,实现不同背景噪声下语音端点检测。实验结果表明,提出的语音端点检测算法与传统的短时能量法相比,检测正确率平均高1.6个百分点。所提方法在不同噪声的低信噪比(SNR)环境下均能实现语音端点检测。     

Towards a security model for computational puzzle schemes

In the literature, computational puzzle schemes have been considered as a useful tool for a number of applications, such as constructing timed cryptography, fighting junk emails, and protecting critical infrastructure from denial-of-service attacks. However, there is a lack of a general security model for studying these schemes. In this paper, we propose such a security model and formally define two properties, namely the determinable difficulty property and the parallel computation resistance property. Furthermore, we prove that a variant of the RSW scheme, proposed by Rivest, Shamir, and Wagner, achieves both properties.     

Wireless Authentication options for up and down the Stack

This is a series dedicated to the issues of protecting wireless networks. The column deals with new threats, standards, products, auditing of wireless networks and secure network architectures. Allowing authorized users onto your network and keeping attackers out is a cornerstone of network security. With wireless, the issue of authentication is even more critical. Your users and infrastructure are at heightened risk because attackers have complete physical access to the network medium.     

构建证券信息系统的安全体系

解决证券信息系统安全的出路在于选用先进的网络安全技术和安全产品,建立多层数据保护和集中式管理,并形成多层防御体系。本文结合构建证券公司的信息系统实践,分析了证券系统的安全需求,提出信息系统安全体系的构建策略和思路。     

基于TNC的安全认证协议的设计与实现

安全协议是保证网络安全的基础,现有安全协议为服务器和网络提供了很好的保护,但对客户终端缺乏保护。该文以可信网络连接(TNC)的终端完整性度量思想为基础,提出了一种基于TNC结构的安全认证协议。该协议在可信计算环境下将终端完整性度量技术与公钥基础设施(PKI)相结合使用,确保了终端平台的可信性。     

The state of security

The information security train has been running at 100 miles per hour for a few years now - unfortunately, though, we're going in reverse. The security market first focused on the perimeter, firewalls, and antivirus technologies, determined to keep the bad stuff from entering the infrastructure, only to then consider the network, with the logical sequence thus leading to protecting applications. However, the sole reason that information technology exists is to lever the critical asset - data. Security, as we define it, is data and network integrity - the protection of and access to the data. Ideally, security should have started with placing the protection as close to the assets (data) as possible, not the opposite; Folks, we got it backwards.     

基于TNC的安全接入系统的设计与实现

为了保证网络安全,将威胁隔离在受保护的网络之外,需要在主机接入网络以前对其进行健康状况评估,只允许符合既定安全策略的主机接入网络。针对上述问题,本文基于可信网络连接TNC技术设计并实现了一个安全接入系统,该系统可以根据指定的安全策略,对所有申请接入内网的主机进行身份验证和完整性校验,拒绝不安全的主机接入,最大限度的保证内网安全。     

终端安全管理系统的研究与应用

随着信息化安全技术的不断发展,内网安全管理问题逐步凸显出来。本文对终端安全管理系统架构、功能和特点进行了全面而详细的介绍,为企业的信息安全提供了一套完备终端安全一体化解决方案。     

TNC在等级保护中的应用研究

信息安全等级保护工作是维护基础信息网络与重要信息系统安全的根本保障,尤其对保护我国政府信息系统的安全具有重要意义。访问控制和身份鉴别在信息系统等级保护的基本技术要求中占有重要地位,针对传统网络接入控制机制的不足,文章提出了基于终端完整性度量的政府远程办公网络系统安全解决方案,设计了一种基于可信网络连接TNC（Trusted Network Connection）的安全接入认证协议。通过安全分析表明,该方案能够确保政府远程办公终端自身的完整性和安全性,从而构建政府远程办公网络系统的可信计算环境,保证整个政府办公网络系统应用环境的安全。     

传统网络安全防御面临的新威胁:APT攻击

高级持续威胁(APT)攻击不断被发现,传统网络安全防御体系很难防范此类攻击,由此给国家、社会、企业、组织及个人造成了重大损失和影响。对近几年典型APT攻击事件和攻击代码进行了研究,分析了攻击的产生背景、技术特点和一般流程。彻底防御APT攻击被认为是不可能的,重视组织面临的攻击风险评估,建立新的安全防御体系,重点保护关键数据成为共识。为此,提出了建立一种新的安全防御体系,即安全设备的联动、安全信息的共享、安全技术的协作,并给出了基于社会属性、应用属性、网络属性、终端属性及文件属性的多源态势感知模型,以及安全信息共享和安全协作的途径。     

基于可信存储的固态盘安全机制研究

为了解决固态盘的存储安全问题,研究了可信存储技术,并将其应用于固态盘的安全保护设计中.提出了一种基于固件程序的安全保护方法,利用ATA协议可信计算和安全命令集下的安全命令,在固件设计中定义了专用的安全命令处理流程,实现了固态盘与主机的双向认证和对固态盘存储区的访问控制两种安全功能,增强了固态盘的安全性,有效地限制了对固态盘的随意访问.     

浅谈应用密码技术安全策略

网络安全的根本目的是防止通过计算机网络传输的信息被非法使用。信息和数据安全的范围要比计算机安全和网络安全更为广泛,它包括了信息系统中从信息的产生直到信息的应用这一全部过程。密码技术是保护计算机信息安全的主要手段之一,使用密码技术可以保证信息的机密性,还可以保证信息的完整性和确定性,防止信息被篡改、伪造和假冒。     

Information assurance the West Point way

At the US Military Academy at West Point, New York, we approach the topic of protecting and defending information systems as a matter of national security. The time has long passed where we could consider cyberattacks as merely a nuisance; the threat from a cyberattack is very real. Our national information infrastructure is not just essential to the USA economy; it is a life-critical system. Presidential Decision Directive 63 (which called for a national effort to assure vulnerable and interconnected infrastructure security, such as telecommunications, finance, energy, transportation, and essential government services) officially recognizes this, and numerous reports have validated it. As military academy educators, our duty is to provide an education that empowers our graduates with the skills needed to protect the many critical information systems that the military uses.     

Protecting Europe's Critical Infrastructures: Problems and Prospects

The European Union has become increasingly involved with protecting the security and safety of European citizens. The latest addition to this new policy space is critical infrastructure protection (CIP) at the EU level. A central role for the EU in guarding against infrastructural breakdowns and preparing for failures may seem self‐evident. In reality, the precise nature of such a role remains unclear. Moreover, enthusiastic rhetoric is not always matched by firm action. This article surveys what the EU has in place in terms of CIP and identifies outstanding issues for debate.