本课程由纽约州立大学布法罗分校教授Shambhu J. Upadhyaya讲授。
4.3 入侵防御技术和数据泄漏防御工具-第1部分
0:00
Welcome to Lesson 3. In Lesson 2, we looked at the intricacies between reliability and security and this knowledge will help us build better security systems. In this lesson, intrusion prevention and data leak prevention schemes to prevent data breaches will be presented. Available commercial tools and their deployment at the host and network levels will be described. Intrusion Prevention Systems, abbreviated as IPS, provide certain tools for an organization to monitor and assess their systems or network for any malicious activity or security breach and take actions based on a set of rules established by the network administrator. Generally, IPSs work along with the system firewall. The IPS is placed in-line - that is, in the direct communication path between source and destination - actively analyzing and taking automated predefined actions on all traffic flows that enter the network. IPS is an extension of what is known as intrusion detection system or IDS, which is generally a passing tool. An IPS can take certain actions on detecting any network threat, including sending an alarm to the administrator, as would be seen in an IDS as well; dropping malicious packets; blocking traffic from the source address; and resetting the connection. Let us now list a few properties of an efficient IPS. An efficient IPS should follow certain guidelines. One, it should not degrade system performance after taking security actions. Two, it must react fast to detect an event, since system exploits could occur in real time. Three, it should respond accurately to the detected event. Four, it should avoid frequent false alarms; that is, events which are safe, but still alert the system due to IPSs inability to decide. In the cyberspace, data leak is a very common breach. Let us talk about this scourge and identify the prevention schemes. Data leak or data breach refers to intentional or unintentional release of confidential information to public sources. Such events happen in case of a black hat hacker attack, bugs in security software, insider attack, or if the storage devices are not properly disposed. Data breaches may involve sensitive information, such as personal health information, also called PHI; personally identifiable information called PII; trade secrets or intellectual property, which can be used for evil purposes such as disruption of an economy, blackmailing, achieving political agendas or cyber terrorism. There are many data leak incidents in the recent times, including the services such as Uber, Fitbit and OkCupid and impacting over a million customer websites. Links to articles describing the incident are available in the resource section of this module.
欢迎学习第3课。在第2课中,我们看了可靠性和安全和这方面的知识将帮助我们建立更好的安全系统。在本课中,入侵防护和数据泄漏防护方案以防止数据泄露。可用的商业工具及其在将描述主机和网络级别。入侵防御系统,缩写为IPS,为组织提供某些工具监控和评估他们的系统或网络任何恶意活动或安全漏洞,并采取行动基于网络管理员建立的一组规则。一般来说,IPS与系统防火墙一起工作。IPS是串联放置的-也就是说,在源和目的地之间的直接通信路径中-主动分析并对进入网络的所有业务流采取自动化的预定义动作。IPS是入侵检测系统(IDS)的扩展,它通常是一个传递工具。IPS可以采取某些措施来检测任何网络威胁,包括向管理员发送警报,这在IDS中也可以看到;丢弃恶意数据包;拦截来自源地址的流量;并重置连接。现在让我们列出高效IPS的一些特性。一个高效的IPS应该遵循一定的准则。第一,在采取安全措施后,不应降低系统性能。第二,它必须快速反应以检测事件,因为系统漏洞可能会实时发生。第三,它应该对检测到的事件做出准确的响应。第四,应避免频繁的误报警;也就是说,安全的事件,但由于IPSs无法做出决定,仍然会向系统发出警报。在网络空间,数据泄露是一个非常常见的漏洞。让我们谈谈这一祸害,并确定预防方案。数据泄漏或数据泄露是指有意或无意地向公众透露机密信息。这种事件发生在黑帽黑客攻击的情况下,安全软件中的漏洞,内部攻击,或者存储设备处置不当。数据泄露可能涉及敏感信息,比如个人健康信息,也叫PHI名为PII的个人身份信息;商业秘密或知识产权,这可能被用于邪恶的目的,勒索,实现政治议程或网络恐怖主义。最近发生了许多数据泄露事件,包括诸如优步的服务,Fitbit和OkCupid,影响了超过100万个客户网站。描述事故的文章链接如下可在本模块的“资源”部分找到。
4.3 入侵防御技术和数据泄漏防御工具-第2部分
0:00
[MUSIC] Data leak prevention strategies performs certain actions including scanning organizations network traffic for detecting the sensitivity of data or blocking data leaving from data centers. It also performs certain other tasks such as scanning incoming data for malware, monitoring access to sensitive data,
数据泄漏预防策略执行某些操作包括扫描组织的网络流量检测数据的敏感性或阻止数据离开数据中心。它还执行某些其他任务,如扫描传入的数据恶意软件,监控对敏感数据的访问,
0:31
supporting data encryption and data classification.DLP targets activities at three levels of organization system. One, Client Level. Monitoring remote user activities for any privacy policy breach. Two, Network Level. Monitoring data exchanged outside an organization's network. Three, Storage Level. Monitoring data stored over the servers for assessing its sensitivity and access control policy.
支持数据加密和数据分类。DLP针对组织系统的三个层次的活动。一、客户端层面。监控远程用户活动是否违反隐私政策。二,网络层面。监控组织网络外部交换的数据。三、存储级别。监控存储在服务器上的数据评估其敏感性和访问控制策略。
1:11
Methods to implement an efficient DLPR, one, risk assessment.DPL is a part of the overall information security mechanism.For an efficient DLP, it is necessary to assess current security architecture, total cost of the security system implementation, current risks, data loss cost, and how current DLP solutions can add protection to a security system. Two, data classification. The identification and classification of sensitive data are important to set up efficient DLP policies and guidelines for restrictive access to organization's data. And understanding of how sensitive data should be handled, what are the exception scenarios, and what activities should be prevented or blocked are also required for defining DLP policies.
实施有效的DLPR一风险评估的方法。DPL是整个信息安全机制的一部分。对于高效的DLP,有必要评估当前的安全架构,安全系统实施的总成本、当前风险,数据丢失成本,以及当前的DLP解决方案如何为安全系统增加保护。二、数据分类。敏感信息的识别和分类数据对于建立高效的DLP策略非常重要限制访问组织数据的准则。以及如何处理敏感数据的理解,有哪些例外情况,应该阻止哪些活动,或者定义DLP策略也需要blocked。
2:18
Three, providing analysis and meaningful reporting. The logs generated by the activities on a system should be adequate and properly organized so that effective actions can be taken quickly to prevent risk. Also, war logs should be purged safely to clear storage for new data.Four, implementing security measures.DLP monitors and generates sensitive information about the organization's systems and therefore it is necessary to define secure DLP policies. Otherwise DLP can be circumvented to access sensitive data. Secure and control practices for creating, updating and deleting DLP policies and proper management within the DLP system and appropriate segregation of duties can strengthen the overall security.
第三,提供分析和有意义的报告。系统上的活动所生成的日志应该是充分和正确的组织有序,以便能够迅速采取有效措施来预防风险。此外,应该安全地清除war日志,以便为新数据清除存储空间。四、落实安全措施。DLP监控并生成有关组织的敏感信息因此有必要定义安全的DLP策略。否则,可以绕过DLP来访问敏感数据。保护和控制创建、更新和删除DLP政策和DLP系统内的适当管理,以及适当的职责分离可以加强整体安全性。
3:21
Let us quickly review the available DLP tools.We categorize them as commercial and open source tools.Here are some popular DLP commercial tools.One, CA technologies DLP suite. Formerly known as CA Data Miner, it's now called CA Data Protection.This tool assesses data and classifies it according to established policies. Two, McAfee Total Protection for Data Loss Prevention suite developed by Intel Security has the ability to perform forensic analysis on data loss events. It is highly desirable by many industries.
让我们快速回顾一下可用的DLP工具。我们将它们归类为商业和开源工具。以下是一些流行的DLP商业工具。一,CA technologies DLP suite。以前称为CA Data Miner,现在称为CA Data Protection。该工具根据既定策略评估数据并对其进行分类。二、McAfee Total Protection for英特尔安全部门开发的数据丢失防护套件具有对数据丢失事件执行取证分析的能力。这是许多行业非常希望的。
4:12
Three, RSA Data Loss Prevention Suite by EMC RSA is comprised of three modules.A, the RSA DLP Datacenter module which makes use of different information storage technologies to accumulate and store data.B, the RSA DLP Network module which assesses gathered data to classify sensitive information and can enforce DLP policies to prevent exposure of sensitive information across a network. C, the RSA DLP endpoint module, which monitors and prevents sensitive information exposure on PCs by keeping sensitive data from being copied to any other device, including printers, USB devices, or CD, or DVD.
三、EMC RSA推出的RSA数据丢失防护套件由三个模块组成。答:RSA DLP数据中心模块,它利用了不同的信息存储技术来积累和存储数据。b、评估的RSA DLP网络模块收集数据对敏感信息进行分类,并实施DLP防止通过网络暴露敏感信息的策略。c,RSA DLP端点模块,用于监控和防止个人电脑上的敏感信息泄露通过防止敏感数据被复制到任何其他设备,包括打印机、USB设备或CD或DVD。
5:13
Here are some popular open source cools. One, open DLP. It is the centrally managed open source DLP tool that is capable of scanning thousands of windows or unique systems at once o discover any sensitive data on the network. It then returns results securely to the compliance officers and the security personnel can determine what type of information might be residing on their systems. Supported OS, Windows. Two, MyDLP. A much more robost DLP solution, MyDLP can actually prevent sensitive data from leaving your system as well as identifying its location. In addition to the free community edition, it's also available in a paid enterprise edition that comes with support. Supported Operating Systems, Windows, Linux and VMware. In summary, data leak prevention tools are very important elements in cyber security. They can be used to prevent or detect leak of sensitive information when the data is at rest or in motion.
这里有一些流行的开源软件。一,打开DLP。它是集中管理的开源DLP工具,能够扫描成千上万的窗户或者发现网络上的任何敏感数据。然后,它将结果安全地返回给合规官安全人员可以确定哪种类型的信息可能存在于他们的系统中。支持的操作系统,Windows。二,MyDLP。MyDLP是一个更强大的DLP解决方案,它实际上可以防止敏感数据离开你的系统,并确定其位置。除了免费的社区版,它还提供带有支持的付费企业版。支持的操作系统,Windows、Linux和VMware。总之,数据泄漏预防工具是网络安全中非常重要的元素。它们可以用来防止或当数据静止或移动时,检测敏感信息的泄漏。
原文始发于微信公众号(网络安全经济学):制造业中的网络安全-4.3
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论