關于我們
書單推薦
新書推薦
|
網(wǎng)絡安全應急響應基礎理論及關鍵技術 讀者對象:網(wǎng)絡安全專業(yè)的從業(yè)者、學生、愛好者。
本書主要針對網(wǎng)絡安全專業(yè)的從業(yè)者、學生、愛好者,概述了網(wǎng)絡安全應急響應方面國外的應對舉措、以及我國應急響應體系及機構(gòu)建設、法律法規(guī)解讀,并對應急響應所涉及的基礎理論和關鍵技術進行了重點研究及闡釋,幫助從業(yè)人員全面了解國際國內(nèi)應急響應國家的法律、法規(guī)、行業(yè)標準及規(guī)范、關鍵技術原理及應用,本書注重理論闡釋和實踐在操作相結(jié)合的原則,通過案例分析和工具使用,一是加強對理論的理解,同時也有助于提高讀者的動手操作能力。
劉永剛,男,本科畢業(yè),高級工程師。1984年10月份入伍,1986年9月至1989年7月于中國人名解放軍重慶通信學院學習,畢業(yè)后被分配61938部隊從事網(wǎng)絡運行管理。1992年9月至1996年7月在合肥電子工程學院學習。畢業(yè)后至今,回原單位先后任工程師、訓練室主任、分站副站部長、站長、高級工師等職。2007年被評為總參優(yōu)秀專業(yè)技術人才,并享受部隊特殊津貼,現(xiàn)為站專家委員會委員。
第1章 網(wǎng)絡安全應急響應業(yè)務的發(fā)展簡史 ············································.1
1.1 網(wǎng)絡安全應急響應業(yè)務的由來 ·······························································.1 1.2 國際網(wǎng)絡安全應急響應組織的發(fā)展 ·························································.2 1.2.1 FIRST 介紹 ···············································································.2 1.2.2 APCERT 介紹 ············································································.2 1.2.3 國家級 CERT 情況······································································.2 1.3 我國網(wǎng)絡安全應急響應組織體系的發(fā)展簡介 ·············································.3 第2章 網(wǎng)絡安全應急響應概述 ···························································.5 2.1 網(wǎng)絡安全應急響應相關概念 ··································································.5 2.2 網(wǎng)絡安全與信息安全 ···········································································.5 2.3 產(chǎn)生網(wǎng)絡安全問題的原因分析 ·······························································.6 2.3.1 技術方面的原因 ·········································································.6 2.3.2 管理方面的原因 ·········································································.8 第3章 網(wǎng)絡安全應急響應法律法規(guī) ·····················································.9 3.1 我國網(wǎng)絡安全應急響應相關法律法規(guī)、政策 ·············································.9 3.2 《網(wǎng)絡安全法》的指導意義 ·································································.10 3.2.1 建立網(wǎng)絡安全監(jiān)測預警和信息通報制度 ·········································.10 3.2.2 建立網(wǎng)絡安全風險評估和應急工作機制 ·········································.11 3.2.3 制定網(wǎng)絡安全事件應急預案并定期演練 ·········································.12 3.3 《信息安全技術 信息安全應急響應計劃規(guī)范》(GB/T24363—2009) ··················.13 3.3.1 應急響應需求分析和應急響應策略的確定 ······································.14 3.3.2 編制應急響應計劃文檔 ······························································.14 3.3.3 應急響應計劃的測試、培訓、演練 ···············································.14 3.3.4 應急響應計劃的管理和維護 ························································.14 3.4 信息安全事件分類分級 ·······································································.15 3.4.1 分類分級規(guī)范的重要意義 ···························································.15 3.4.2 信息安全事件分類原則 ······························································.16 3.4.3 信息安全事件分級原則 ······························································.16 第4章 網(wǎng)絡安全應急響應的常用模型 ················································.18 4.1 網(wǎng)絡殺傷鏈與反殺傷鏈模型 ·································································.18 4.2 鉆石模型 ··························································································.19 4.3 自適應安全框架 ················································································.21 4.4 網(wǎng)絡安全滑動標尺模型 ·······································································.22 第5章 應急響應處置流程 ·······························································.24 5.1 準備階段 ··························································································.24 5.1.1 準備的目的 ··············································································.24 5.1.2 準備的實施 ··············································································.25 5.2 檢測階段 ··························································································.27 5.2.1 檢測的目的 ··············································································.27 5.2.2 檢測的實施 ··············································································.27 5.3 遏制階段 ··························································································.28 5.3.1 遏制的目的 ··············································································.28 5.3.2 遏制的實施 ··············································································.29 5.4 根除階段 ··························································································.30 5.4.1 根除的目的 ··············································································.30 5.4.2 根除的實施 ··············································································.30 5.5 恢復階段 ··························································································.31 5.5.1 恢復的目的 ··············································································.31 5.5.2 恢復的實施 ··············································································.31 5.6 總結(jié)階段 ··························································································.32 5.6.1 總結(jié)的目的 ··············································································.32 5.6.2 總結(jié)的實施 ··············································································.33 第6章 網(wǎng)絡安全應急響應的實施體系 ················································.34 6.1 應急響應實施體系的研究背景與重要性 ··················································.34 6.1.1 應急響應實施體系的研究背景 ·····················································.34 6.1.2 應急響應實施體系的重要性 ························································.34 6.2 應急響應人員體系 ·············································································.35 6.2.1 應急響應小組的主要工作及目標 ··················································.35 6.2.2 人員組成 ·················································································.35 6.2.3 職能劃分 ·················································································.36 6.3 應急響應技術體系 ·············································································.36 6.3.1 事前技術 ·················································································.37 6.3.2 事中技術 ·················································································.39 6.3.3 事后技術 ·················································································.40 6.4 應急響應實施原則 ·············································································.40 6.4.1 可行性原則 ··············································································.41 6.4.2 信息共享原則 ···········································································.41 6.4.3 動態(tài)性原則 ··············································································.42 6.4.4 可審核性原則 ···········································································.42 6.5 應急響應實施制度 ·············································································.42 6.5.1 實施制度總則 ···········································································.42 6.5.2 日常風險防范制度 ····································································.43 6.5.3 定期演訓制度 ···········································································.43 6.5.4 定期會議交流制度 ····································································.43 第7章 重大活動網(wǎng)絡安全保障 ·························································.45 7.1 重大活動網(wǎng)絡安全保障的研究背景與其獨特性 ·········································.45 7.1.1 研究背景 ·················································································.45 7.1.2 重保的獨特性 ···········································································.45 7.2 重保體系建設的基礎 ··········································································.46 7.2.1 明確重保對象 ···········································································.46 7.2.2 確立重保目標 ···········································································.47 7.2.3 梳理重保資產(chǎn)清單 ····································································.47 7.3 重保體系設計 ···················································································.49 7.3.1 管理體系 ·················································································.49 7.3.2 組織體系 ·················································································.50 7.3.3 技術體系 ·················································································.50 7.3.4 運維體系 ·················································································.50 7.4 重保核心工作 ···················································································.51 7.4.1 風險識別 ·················································································.51 7.4.2 風險評估 ·················································································.52 7.4.3 風險應對計劃 ···········································································.52 7.4.4 風險的監(jiān)控與調(diào)整 ····································································.53 7.5 重保實現(xiàn)過程 ···················································································.53 7.5.1 備戰(zhàn)階段 ·················································································.53 7.5.2 臨戰(zhàn)階段 ·················································································.53 7.5.3 實戰(zhàn)階段 ·················································································.54 7.5.4 決戰(zhàn)階段 ·················································································.54 第8章 數(shù)據(jù)驅(qū)動的應急響應處理機制 ················································.55 8.1 概念分析 ··························································································.55 8.1.1 數(shù)據(jù)驅(qū)動的產(chǎn)業(yè)革命 ·································································.55 8.1.2 數(shù)據(jù)驅(qū)動的應急響應處理機制 ·····················································.56 8.2 需求分析 ··························································································.57 8.2.1 大數(shù)據(jù)場景中的應急響應處理的特殊要求 ······································.57 8.2.2 無人化戰(zhàn)場中的應急響應處理機制的必要選擇 ································.60 8.2.3 精細化管理中的應急響應處理機制的有效方法 ································.62 8.3 解決方案 ··························································································.63 8.3.1 數(shù)據(jù)驅(qū)動的事故預防機制 ···························································.63 8.3.2 數(shù)據(jù)驅(qū)動的事故處置機制 ···························································.65 8.3.3 數(shù)據(jù)驅(qū)動的事故尋因機制 ···························································.66 第9章 操作系統(tǒng)加固優(yōu)化技術 ·························································.68 9.1 簡介 ································································································.68 9.2 操作系統(tǒng)加固技術原理 ·······································································.68 9.2.1 身份鑒別 ·················································································.69 9.2.2 訪問控制 ·················································································.69 9.2.3 安全審計 ·················································································.70 9.2.4 安全管理 ·················································································.70 9.2.5 資源控制 ·················································································.71 9.3 操作系統(tǒng)加固實際操作 ·······································································.71 9.3.1 系統(tǒng)口令加固 ···········································································.71 9.3.2 系統(tǒng)賬戶優(yōu)化 ···········································································.76 9.3.3 系統(tǒng)服務優(yōu)化 ···········································································.81 9.3.4 系統(tǒng)日志設置 ···········································································.84 9.3.5 遠程登錄設置 ···········································································.87 9.3.6 系統(tǒng)漏洞修補 ···········································································.90 9.4 經(jīng)典案例分析與工具介紹 ····································································.92 9.4.1 “一密管天下” ········································································.92 9.4.2 臭名昭著的勒索病毒—WannaCry ·················································.93 9.4.3 主機安全加固軟件 ····································································.93 第10章 網(wǎng)絡欺騙技術 ·································································.105 10.1 綜述 ····························································································.105 10.2 網(wǎng)絡欺騙技術 ················································································.105 10.2.1 蜜罐 ···················································································.106 10.2.2 影子服務技術 ·······································································.113 10.2.3 虛擬網(wǎng)絡拓撲技術 ·································································.113 10.2.4 蜜標技術 ·············································································.113 10.3 欺騙技術發(fā)展趨勢 ··········································································.114 10.4 欺騙技術的工具介紹 ·······································································.114 10.5 欺騙技術運用原則與案例 ·································································.122 10.5.1 運用原則 ·············································································.122 10.5.2 運用案例 ·············································································.123 第11章 追蹤與溯源 ····································································.126 11.1 追蹤與溯源概述 ·············································································.126 11.1.1 追蹤與溯源的含義及作用 ························································.126 11.1.2 追蹤與溯源的分類 ·································································.126 11.2 追蹤溯源技術 ················································································.127 11.2.1 網(wǎng)絡流量追蹤溯源技術 ···························································.127 11.2.2 惡意代碼樣本分析溯源技術 ·····················································.129 11.3 追蹤溯源工具及系統(tǒng) ·······································································.135 11.3.1 Traceroute 小程序 ··································································.135 11.3.2 科來網(wǎng)絡回溯分析系統(tǒng) ···························································.136 11.4 攻擊溯源的常見思路 ·······································································.138 11.4.1 組織內(nèi)部異常操作者 ······························································.138 11.4.2 組織內(nèi)部攻擊者 ····································································.138 11.4.3 組織外部攻擊者 ····································································.139 11.5 溯源分析案例 ················································································.139 第12章 防火墻技術 ····································································.143 12.1 防火墻的定義及功能 ·······································································.143 12.1.1 防火墻的定義 ·······································································.143 12.1.2 防火墻的功能 ·······································································.143 12.2 防火墻的分類 ················································································.144 12.2.1 包過濾防火墻 ·······································································.144 12.2.2 狀態(tài)檢測防火墻 ····································································.145 12.2.3 應用代理防火墻 ····································································.146 12.3 防火墻的體系結(jié)構(gòu) ··········································································.146 12.3.1 雙重宿主主機體系結(jié)構(gòu) ···························································.147 12.3.2 主機屏蔽型體系結(jié)構(gòu) ······························································.147 12.3.3 子網(wǎng)屏蔽型體系結(jié)構(gòu) ······························································.149 12.4 防火墻的發(fā)展 ················································································.149 12.4.1 防火墻的應用 ·······································································.149 12.4.2 防火墻的發(fā)展趨勢 ·································································.155 第13章 惡意代碼分析技術 ···························································.157 13.1 惡意代碼概述 ················································································.157 13.1.1 惡意代碼的概念 ····································································.157 13.1.2 惡意代碼的分類 ····································································.157 13.1.3 惡意代碼的傳播途徑 ······························································.158 13.1.4 惡意代碼存在的原因分析 ························································.159 13.1.5 惡意代碼的攻擊機制 ······························································.159 13.1.6 惡意代碼的危害 ····································································.160 13.2 惡意代碼分析技術 ··········································································.160 13.2.1 惡意代碼分析技術概述 ···························································.160 13.2.2 靜態(tài)分析技術 ·······································································.161 13.2.3 動態(tài)分析技術 ·······································································.171 13.3 面對惡意代碼攻擊的應急響應 ···························································.180 13.3.1 應急響應原則 ·······································································.180 13.3.2 應急響應流程 ·······································································.181 13.4 實際案例分析 ················································································.182 13.4.1 查看惡意代碼基本信息 ···························································.183 13.4.2 查看惡意代碼的主要行為 ························································.183 13.4.3 工具分析惡意代碼 ·································································.185 13.4.4 應急響應措施 ·······································································.186 第14章 安全取證技術 ·································································.187 14.1 安全取證技術基本介紹 ····································································.187 14.1.1 目標 ···················································································.187 14.1.2 特性 ···················································································.187 14.1.3 原則 ···················································································.188 14.1.4 現(xiàn)狀 ···················································································.188 14.1.5 發(fā)展趨勢 ·············································································.188 14.1.6 注意事項 ·············································································.188 14.2 安全取證基本步驟 ··········································································.189 14.2.1 保護現(xiàn)場 ·············································································.189 14.2.2 獲取證據(jù) ·············································································.189 14.2.3 保全證據(jù) ·············································································.189 14.2.4 鑒定證據(jù) ·············································································.190 14.2.5 分析證據(jù) ·············································································.190 14.2.6 進行追蹤 ·············································································.190 14.2.7 出示證據(jù) ·············································································.190 14.3 安全取證技術介紹 ··········································································.190 14.3.1 安全掃描 ·············································································.190 14.3.2 流量采集與分析 ····································································.193 14.3.3 日志采集與分析 ····································································.194 14.3.4 源碼分析 ·············································································.201 14.3.5 數(shù)據(jù)收集與挖掘 ····································································.201 14.4 安全取證工具介紹 ··········································································.202 14.4.1 工具概況 ·············································································.202 14.4.2 工具介紹 ·············································································.203 14.4.3 廠商研制工具 ·······································································.217 14.5 安全取證案例剖析 ··········································································.217 14.5.1 勒索病毒爆發(fā) ·······································································.217 14.5.2 網(wǎng)絡攻擊 ·············································································.219 第15章 計算機病毒事件應急響應 ··················································.222 15.1 計算機病毒事件處置 ·······································································.222 15.1.1 計算機病毒分類 ····································································.222 15.1.2 計算機病毒檢測與清除 ···························································.224 15.1.3 計算機病毒事件應急響應 ························································.226 15.2 計算機病毒事件處置工具示例 ···························································.228 15.2.1 常用系統(tǒng)工具 ·······································································.228 15.2.2 計算機病毒分析工具 ······························································.229 15.2.3 計算機病毒查殺工具 ······························································.235 15.2.4 系統(tǒng)恢復及加固工具 ······························································.237 15.3 計算機病毒事件應急響應處置思路及案例 ···········································.240 15.3.1 計算機病毒事件應急響應思路 ··················································.240 15.3.2 勒索病毒處置案例 ·································································.240 15.3.3 某未知文件夾病毒處置案例 ·····················································.242 第16章 分布式拒絕服務攻擊事件應急響應 ······································.243 16.1 DDOS攻擊介紹 ··············································································.243 16.1.1 DoS 攻擊 ·············································································.243 16.1.2 DDoS 攻擊 ···········································································.243 16.1.3 DDoS 攻擊分類 ·····································································.244 16.1.4 DDoS 攻擊步驟 ·····································································.248 16.2 DDOS攻擊應急響應策略 ··································································.249 16.2.1 預防和防范(攻擊前) ···························································.249 16.2.2 檢測和過濾(攻擊時) ···························································.250 16.2.3 追蹤和溯源(攻擊后) ···························································.252 16.3 DDOS攻擊事件處置相關案例 ····························································.252 16.3.1 GitHub 攻擊(2018 年) ·························································.252 16.3.2 Dyn 攻擊(2016 年) ·····························································.254 16.3.3 Spamhaus 攻擊(2013 年) ······················································.255 16.4 DDOS常見檢測防御工具 ··································································.257 16.4.1 DDoS 攻擊測試工具 ·······························································.257 16.4.2 DDoS 監(jiān)測防御工具 ·······························································.260 第17章 信息泄露事件處置策略 ·····················································.266 17.1 信息泄露事件基本概念和理論 ···························································.266 17.2 信息防泄露技術介紹 ·······································································.267 17.2.1 信息存儲防泄露技術介紹 ························································.267 17.2.2 信息傳輸防泄露技術介紹 ························································.267 17.2.3 信息使用防泄露技術介紹 ························································.268 17.2.4 信息防泄露技術趨勢分析 ························································.268 17.3 信息防泄露策略分析 ·······································································.269 17.3.1 立法 ···················································································.270 17.3.2 管控 ···················································································.270 17.3.3 技術 ···················································································.271 第18章 高級持續(xù)性威脅 ······························································.273 18.1 APT攻擊活動 ················································································.273 18.1.1 活躍的 APT 組織 ···································································.273 18.1.2 典型的 APT 攻擊案例 ·····························································.275 18.2 APT概述 ······················································································.276 18.2.1 APT 含義與特征 ····································································.276 18.2.2 APT 攻擊流程 ·······································································.277 18.2.3 APT 技術手段 ·······································································.278 18.3 APT攻擊的檢測與響應 ····································································.280 18.4 APT行業(yè)產(chǎn)品和技術方案 ·································································.281 18.4.1 綠盟威脅分析系統(tǒng) ·································································.282 18.4.2 天融信高級威脅檢測系統(tǒng) ························································.285 參考文獻 ····················································································.287
你還可能感興趣
我要評論
|