电子商务交易安全威胁分析和对策 2015年4月9日 McAfee Confidential—Internal Use Only 安全威胁直接影响到机构和个人的经济收益 直接影响到 公司和个人的收益 互联网安全 威胁在演变 • 据估算,每年电子商务因客 户缺乏信任而导致取消交易 的损失高达$20亿美金 • 恶意代码数量增长 • Botnet演进趋势 • APT攻击趋势 2 4/9/2015 McAfee Confidential—Internal Use Only 安全威胁直接影响到机构和个人的经济收益 Reported Institution Data Breached 1.3 million consumers data records including name, add, phone, birth date and gender Dec 2010 McDonald’s Dec 2010 Honda/Acura 3rd party marketing firm SilverPop- 4.9 million accounts July 2010 UCSF Medical Center Employee used colleagues’ SSNs, PII to fill out hundreds of surveys and redeem Amazon.com vouchers July 2010 Buena Vista University PII for applicants, students, staff, and donors going back to 1987 stolen from BVU database June 2010 Univ. of Maine June 2010 Digital River, Inc. Hackers (and possibly insiders) copy 200,000 personal records Mar 2010 TSA Terminated developer placed malware in terrorism suspect DB Feb 2010 Ceridian Attack yielded SSNs and bank account data for 27,000 employees of 1,900 companies from payroll processor Jan 2010 Iowa Racing & Gaming Comm. Hacker gained access to database containing PII of more than 80,000 employees Dec 2009 Rock You SQL injection resulted in breach of 32 million user passwords Nov 2009 T-Mobile Employee sold millions of customer records to rival carriers Aug 2009 Heartland 130 Million+ credit/debit card records Hackers stole PII/clinical data for 3,500 students Source: Privacy Rights Clearinghouse McAfee Confidential—Internal Use Only 安全威胁直接影响到机构和个人的经济收益 Company Breach Sony Outsider hack reported over 70 million user records stolen http://arstechnica.com/gaming/news/2011/04/sony-looking-intocompensating-psn-users-fbi-gets-involved.ars New Zealand Dept. of Internal Affairs http://www.securitynewsdaily.com/new-zealand-government-sites-attacked0640/ Vodafone Australia http://news.softpedia.com/news/Vodafone-Australia-Shuts-Down-Dealerover-Dubious-Practices-179994.shtml Dell Australia http://www.theage.com.au/technology/security/dell-australia-customerdetails-stolen-in-major-global-data-breach-20110407-1d4yd.html South Korea Hyundai Capital http://www.reuters.com/article/2011/04/11/us-korea-regulator-hyundaiidUSTRE73A0DJ20110411 Monster.com Outsider Denial of Service via outsider hack into the database via sql injection Internal employees at Communications Direct Pty Ltd and Vodafone fired and over unauthorized access to Vodafone customer records Marketing database provider Epsilon breach – 40 Billion emails stolen worldwide Outsider hack of the financial arm of Hyundai stealing over 400,000 customer records http://help.monster.com/besafe/jobseeker/index.aspx Outsider hack stealing user-ids, passwords, email addresses, phone numbers and demographic data Honda Outsider hack of 4.9 Million customer records http://blog.alertsec.com/2011/01/japanese-automaker-honda-data-breachaffects-4-9-million-customers/ KDDI Japan Outsider hack of 5 Million credit card records http://datalossdb.org/incidents/315-japan-telecom-carrier McAfee Confidential—Internal Use Only 安全还是不安全? 5 April 9, 2015 McAfee Confidential—Internal Use Only 电子商务交易安全环节 • 数据中心及周边系统 • 交易终端 • 交易过程 6 April 9, 2015 McAfee Confidential—Internal Use Only 数据中心安全设计参考框架 7 April 9, 2015 McAfee Confidential—Internal Use Only 数据中心安全设计参考框架 8 April 9, 2015 McAfee Confidential—Internal Use Only 服务器虚拟化环境下的安全防护 同一物理机上虚拟机之间的安全隔离 Next Gen Firewall Hypervisor Physical Server Traditional IPS Network Security Platform (IPS) 9 Note: McAfee FW does not support inter-VM Communications (VMotion) McAfee Confidential—Internal Use Only 服务器虚拟化环境下的安全防护 对虚拟服务器的安全加固和变更控制 Next Gen Firewall ToPs for Servers Hypervisor Physical Server Traditional IPS Network Security Platform (IPS) 10 April 9, 2015 McAfee Confidential—Internal Use Only 服务器虚拟化环境下的安全防护 对虚拟化系统上运行的数据库提供安全保护 ToPs for Servers Next Gen Firewall DAM Hypervisor Physical Server Traditional IPS Network Security Platform (IPS) 11 April 9, 2015 McAfee Confidential—Internal Use Only 服务器虚拟化环境下的安全防护 Hypervisor感知的病毒防范 ToPs for Servers DAM Move AV for Servers Next Gen Firewall Hypervisor Physical Server Traditional IPS Network Security Platform (IPS) 12 April 9, 2015 McAfee Confidential—Internal Use Only 高级持续性威胁(APT)攻击示意 Internet SaaS USERS & PARTNERS BRANCH OFFICE CORPORATE LAN McAfee Confidential—Internal Use Only 交易终端的安全性 真正的挑战 14 April 9, 2015 McAfee Confidential—Internal Use Only 传统的基于特征的恶意代码防御技术 New sample Sample submitted and processed File Properties Property Values Detection Name Sample 1 Length 94134 bytes MD5 B075a2b81336caedcccdec336811f461 SHA1 772e79026bef86044e308d290d4d4fdf1167091c Add to cloud 15 April 9, 2015 Add to local virus signature file McAfee Confidential—Internal Use Only 传统的基于特征的恶意代码防御技术 Sample submitted and processed File Properties Property Values Detection Name Sample 1 Length 94134 bytes MD5 B075a2b81336caedcccdec336811f461 SHA1 772e79026bef86044e308d290d4d4fdf1167091c Add to cloud 16 April 9, 2015 Add to local virus signature file McAfee Confidential—Internal Use Only 交易终端的安全性 • 硬件辅助的安全防 护 – 防止Rootkit • 动态白名单技术 – 防范未知威胁 • 外设控制 – 防止非法U盘等外 设 • Internet网站安全信 誉 – 防止误访问恶意 站点 • 可管理性??? 17 April 9, 2015 McAfee Confidential—Internal Use Only 交易过程的安全性 18 April 9, 2015 McAfee Confidential—Internal Use Only 其它方面:用户的信心 • McAfee SECURE ™ – – – – – 主要为在线交易相关站点提供安全性证明 在超过五十个国家中拥有数万客户 有8万多个站点拥有McAfee SECURE的可信标志 互联网零售商前500家中超过一半采用该服务 为商家增加的交易量平均为12% – 多语言支持- 英语、日语、中文、西班牙、匈牙利、德语 McAfee Confidential—Internal Use Only 全世界的无产阶级,联合起来! Endpoints Appliances Servers Firewalls Other feeds & analysis McAfee Labs File Reputation Engine Web Reputation Engine MFE Products ePO IPS Network Threat Information IP and Sender Reputation Engine Vulnerability Information Global Threat Intelligence Firewall Email Web AV AWL DLP McAfee Confidential—Internal Use Only 结语 “Companies spend millions of dollars on firewalls and it's money wasted because none of these measures address the weakest link in the security chain: the people who use and operate computer systems” -Kevin Mitnick (Ex-hacker; spent 4 years prison for hacking PacBell) 21 April 9, 2015 McAfee Confidential—Internal Use Only