电子商务

advertisement
电子商务交易安全威胁分析和对策
2015年4月9日
McAfee Confidential—Internal Use Only
安全威胁直接影响到机构和个人的经济收益
直接影响到
公司和个人的收益
互联网安全
威胁在演变
• 据估算,每年电子商务因客
户缺乏信任而导致取消交易
的损失高达$20亿美金
• 恶意代码数量增长
• Botnet演进趋势
• APT攻击趋势
2
4/9/2015
McAfee Confidential—Internal Use Only
安全威胁直接影响到机构和个人的经济收益
Reported
Institution
Data Breached
1.3 million consumers data records including name, add, phone, birth
date and gender
Dec 2010
McDonald’s
Dec 2010
Honda/Acura
3rd party marketing firm SilverPop- 4.9 million accounts
July 2010
UCSF Medical
Center
Employee used colleagues’ SSNs, PII to fill out hundreds of surveys and
redeem Amazon.com vouchers
July 2010
Buena Vista
University
PII for applicants, students, staff, and donors going back to 1987 stolen
from BVU database
June 2010
Univ. of Maine
June 2010
Digital River, Inc.
Hackers (and possibly insiders) copy 200,000 personal records
Mar 2010
TSA
Terminated developer placed malware in terrorism suspect DB
Feb 2010
Ceridian
Attack yielded SSNs and bank account data for 27,000 employees of
1,900 companies from payroll processor
Jan 2010
Iowa Racing &
Gaming Comm.
Hacker gained access to database containing PII of more than 80,000
employees
Dec 2009
Rock You
SQL injection resulted in breach of 32 million user passwords
Nov 2009
T-Mobile
Employee sold millions of customer records to rival carriers
Aug 2009
Heartland
130 Million+ credit/debit card records
Hackers stole PII/clinical data for 3,500 students
Source: Privacy Rights Clearinghouse
McAfee Confidential—Internal Use Only
安全威胁直接影响到机构和个人的经济收益
Company
Breach
Sony
Outsider hack reported over 70 million user records stolen
http://arstechnica.com/gaming/news/2011/04/sony-looking-intocompensating-psn-users-fbi-gets-involved.ars
New Zealand Dept. of Internal Affairs
http://www.securitynewsdaily.com/new-zealand-government-sites-attacked0640/
Vodafone Australia
http://news.softpedia.com/news/Vodafone-Australia-Shuts-Down-Dealerover-Dubious-Practices-179994.shtml
Dell Australia
http://www.theage.com.au/technology/security/dell-australia-customerdetails-stolen-in-major-global-data-breach-20110407-1d4yd.html
South Korea Hyundai Capital
http://www.reuters.com/article/2011/04/11/us-korea-regulator-hyundaiidUSTRE73A0DJ20110411
Monster.com
Outsider Denial of Service via outsider hack into the database via
sql injection
Internal employees at Communications Direct Pty Ltd and
Vodafone fired and over unauthorized access to Vodafone
customer records
Marketing database provider Epsilon breach – 40 Billion emails
stolen worldwide
Outsider hack of the financial arm of Hyundai stealing over
400,000 customer records
http://help.monster.com/besafe/jobseeker/index.aspx
Outsider hack stealing user-ids, passwords, email addresses,
phone numbers and demographic data
Honda
Outsider hack of 4.9 Million customer records
http://blog.alertsec.com/2011/01/japanese-automaker-honda-data-breachaffects-4-9-million-customers/
KDDI Japan
Outsider hack of 5 Million credit card records
http://datalossdb.org/incidents/315-japan-telecom-carrier
McAfee Confidential—Internal Use Only
安全还是不安全?
5
April 9, 2015
McAfee Confidential—Internal Use Only
电子商务交易安全环节
• 数据中心及周边系统
• 交易终端
• 交易过程
6
April 9, 2015
McAfee Confidential—Internal Use Only
数据中心安全设计参考框架
7
April 9, 2015
McAfee Confidential—Internal Use Only
数据中心安全设计参考框架
8
April 9, 2015
McAfee Confidential—Internal Use Only
服务器虚拟化环境下的安全防护
同一物理机上虚拟机之间的安全隔离
Next Gen Firewall
Hypervisor
Physical Server
Traditional IPS
Network Security
Platform (IPS)
9
Note: McAfee FW does not support inter-VM Communications (VMotion)
McAfee Confidential—Internal Use Only
服务器虚拟化环境下的安全防护
对虚拟服务器的安全加固和变更控制
Next Gen Firewall
ToPs for Servers
Hypervisor
Physical Server
Traditional IPS
Network Security
Platform (IPS)
10
April 9, 2015
McAfee Confidential—Internal Use Only
服务器虚拟化环境下的安全防护
对虚拟化系统上运行的数据库提供安全保护
ToPs for Servers
Next Gen Firewall
DAM
Hypervisor
Physical Server
Traditional IPS
Network Security
Platform (IPS)
11
April 9, 2015
McAfee Confidential—Internal Use Only
服务器虚拟化环境下的安全防护
Hypervisor感知的病毒防范
ToPs for Servers
DAM
Move AV for Servers
Next Gen Firewall
Hypervisor
Physical Server
Traditional IPS
Network Security
Platform (IPS)
12
April 9, 2015
McAfee Confidential—Internal Use Only
高级持续性威胁(APT)攻击示意
Internet
SaaS
USERS &
PARTNERS
BRANCH
OFFICE
CORPORATE
LAN
McAfee Confidential—Internal Use Only
交易终端的安全性
真正的挑战
14
April 9, 2015
McAfee Confidential—Internal Use Only
传统的基于特征的恶意代码防御技术
New sample
Sample
submitted and
processed
File Properties
Property Values
Detection Name
Sample 1
Length
94134 bytes
MD5
B075a2b81336caedcccdec336811f461
SHA1
772e79026bef86044e308d290d4d4fdf1167091c
Add to
cloud
15
April 9, 2015
Add to local
virus
signature file
McAfee Confidential—Internal Use Only
传统的基于特征的恶意代码防御技术
Sample
submitted and
processed
File Properties
Property Values
Detection Name
Sample 1
Length
94134 bytes
MD5
B075a2b81336caedcccdec336811f461
SHA1
772e79026bef86044e308d290d4d4fdf1167091c
Add to
cloud
16
April 9, 2015
Add to local
virus
signature file
McAfee Confidential—Internal Use Only
交易终端的安全性
• 硬件辅助的安全防
护
– 防止Rootkit
• 动态白名单技术
– 防范未知威胁
• 外设控制
– 防止非法U盘等外
设
• Internet网站安全信
誉
– 防止误访问恶意
站点
• 可管理性???
17
April 9, 2015
McAfee Confidential—Internal Use Only
交易过程的安全性
18
April 9, 2015
McAfee Confidential—Internal Use Only
其它方面:用户的信心
• McAfee SECURE ™
–
–
–
–
–
主要为在线交易相关站点提供安全性证明
在超过五十个国家中拥有数万客户
有8万多个站点拥有McAfee SECURE的可信标志
互联网零售商前500家中超过一半采用该服务
为商家增加的交易量平均为12%
– 多语言支持- 英语、日语、中文、西班牙、匈牙利、德语
McAfee Confidential—Internal Use Only
全世界的无产阶级,联合起来!
Endpoints
Appliances
Servers
Firewalls
Other feeds
& analysis
McAfee Labs
File Reputation
Engine
Web Reputation
Engine
MFE Products
ePO
IPS
Network Threat
Information
IP and Sender
Reputation Engine
Vulnerability
Information
Global Threat Intelligence
Firewall
Email
Web
AV
AWL
DLP
McAfee Confidential—Internal Use Only
结语
“Companies spend
millions of dollars on
firewalls and it's money
wasted because none of
these measures address
the weakest link in the
security chain: the people
who use and operate
computer systems”
-Kevin Mitnick (Ex-hacker;
spent 4 years prison for
hacking PacBell)
21
April 9, 2015
McAfee Confidential—Internal Use Only
Download