關(guān)于我們
書單推薦
新書推薦
|
網(wǎng)絡(luò)安全應(yīng)急響應(yīng)基礎(chǔ)理論及關(guān)鍵技術(shù) 讀者對(duì)象:網(wǎng)絡(luò)安全專業(yè)的從業(yè)者、學(xué)生、愛好者。
本書主要針對(duì)網(wǎng)絡(luò)安全專業(yè)的從業(yè)者、學(xué)生、愛好者,概述了網(wǎng)絡(luò)安全應(yīng)急響應(yīng)方面國(guó)外的應(yīng)對(duì)舉措、以及我國(guó)應(yīng)急響應(yīng)體系及機(jī)構(gòu)建設(shè)、法律法規(guī)解讀,并對(duì)應(yīng)急響應(yīng)所涉及的基礎(chǔ)理論和關(guān)鍵技術(shù)進(jìn)行了重點(diǎn)研究及闡釋,幫助從業(yè)人員全面了解國(guó)際國(guó)內(nèi)應(yīng)急響應(yīng)國(guó)家的法律、法規(guī)、行業(yè)標(biāo)準(zhǔn)及規(guī)范、關(guān)鍵技術(shù)原理及應(yīng)用,本書注重理論闡釋和實(shí)踐在操作相結(jié)合的原則,通過(guò)案例分析和工具使用,一是加強(qiáng)對(duì)理論的理解,同時(shí)也有助于提高讀者的動(dòng)手操作能力。
劉永剛,男,本科畢業(yè),高級(jí)工程師。1984年10月份入伍,1986年9月至1989年7月于中國(guó)人名解放軍重慶通信學(xué)院學(xué)習(xí),畢業(yè)后被分配61938部隊(duì)從事網(wǎng)絡(luò)運(yùn)行管理。1992年9月至1996年7月在合肥電子工程學(xué)院學(xué)習(xí)。畢業(yè)后至今,回原單位先后任工程師、訓(xùn)練室主任、分站副站部長(zhǎng)、站長(zhǎng)、高級(jí)工師等職。2007年被評(píng)為總參優(yōu)秀專業(yè)技術(shù)人才,并享受部隊(duì)特殊津貼,現(xiàn)為站專家委員會(huì)委員。
第1章 網(wǎng)絡(luò)安全應(yīng)急響應(yīng)業(yè)務(wù)的發(fā)展簡(jiǎn)史 ············································.1
1.1 網(wǎng)絡(luò)安全應(yīng)急響應(yīng)業(yè)務(wù)的由來(lái) ·······························································.1 1.2 國(guó)際網(wǎng)絡(luò)安全應(yīng)急響應(yīng)組織的發(fā)展 ·························································.2 1.2.1 FIRST 介紹 ···············································································.2 1.2.2 APCERT 介紹 ············································································.2 1.2.3 國(guó)家級(jí) CERT 情況······································································.2 1.3 我國(guó)網(wǎng)絡(luò)安全應(yīng)急響應(yīng)組織體系的發(fā)展簡(jiǎn)介 ·············································.3 第2章 網(wǎng)絡(luò)安全應(yīng)急響應(yīng)概述 ···························································.5 2.1 網(wǎng)絡(luò)安全應(yīng)急響應(yīng)相關(guān)概念 ··································································.5 2.2 網(wǎng)絡(luò)安全與信息安全 ···········································································.5 2.3 產(chǎn)生網(wǎng)絡(luò)安全問(wèn)題的原因分析 ·······························································.6 2.3.1 技術(shù)方面的原因 ·········································································.6 2.3.2 管理方面的原因 ·········································································.8 第3章 網(wǎng)絡(luò)安全應(yīng)急響應(yīng)法律法規(guī) ·····················································.9 3.1 我國(guó)網(wǎng)絡(luò)安全應(yīng)急響應(yīng)相關(guān)法律法規(guī)、政策 ·············································.9 3.2 《網(wǎng)絡(luò)安全法》的指導(dǎo)意義 ·································································.10 3.2.1 建立網(wǎng)絡(luò)安全監(jiān)測(cè)預(yù)警和信息通報(bào)制度 ·········································.10 3.2.2 建立網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估和應(yīng)急工作機(jī)制 ·········································.11 3.2.3 制定網(wǎng)絡(luò)安全事件應(yīng)急預(yù)案并定期演練 ·········································.12 3.3 《信息安全技術(shù) 信息安全應(yīng)急響應(yīng)計(jì)劃規(guī)范》(GB/T24363—2009) ··················.13 3.3.1 應(yīng)急響應(yīng)需求分析和應(yīng)急響應(yīng)策略的確定 ······································.14 3.3.2 編制應(yīng)急響應(yīng)計(jì)劃文檔 ······························································.14 3.3.3 應(yīng)急響應(yīng)計(jì)劃的測(cè)試、培訓(xùn)、演練 ···············································.14 3.3.4 應(yīng)急響應(yīng)計(jì)劃的管理和維護(hù) ························································.14 3.4 信息安全事件分類分級(jí) ·······································································.15 3.4.1 分類分級(jí)規(guī)范的重要意義 ···························································.15 3.4.2 信息安全事件分類原則 ······························································.16 3.4.3 信息安全事件分級(jí)原則 ······························································.16 第4章 網(wǎng)絡(luò)安全應(yīng)急響應(yīng)的常用模型 ················································.18 4.1 網(wǎng)絡(luò)殺傷鏈與反殺傷鏈模型 ·································································.18 4.2 鉆石模型 ··························································································.19 4.3 自適應(yīng)安全框架 ················································································.21 4.4 網(wǎng)絡(luò)安全滑動(dòng)標(biāo)尺模型 ·······································································.22 第5章 應(yīng)急響應(yīng)處置流程 ·······························································.24 5.1 準(zhǔn)備階段 ··························································································.24 5.1.1 準(zhǔn)備的目的 ··············································································.24 5.1.2 準(zhǔn)備的實(shí)施 ··············································································.25 5.2 檢測(cè)階段 ··························································································.27 5.2.1 檢測(cè)的目的 ··············································································.27 5.2.2 檢測(cè)的實(shí)施 ··············································································.27 5.3 遏制階段 ··························································································.28 5.3.1 遏制的目的 ··············································································.28 5.3.2 遏制的實(shí)施 ··············································································.29 5.4 根除階段 ··························································································.30 5.4.1 根除的目的 ··············································································.30 5.4.2 根除的實(shí)施 ··············································································.30 5.5 恢復(fù)階段 ··························································································.31 5.5.1 恢復(fù)的目的 ··············································································.31 5.5.2 恢復(fù)的實(shí)施 ··············································································.31 5.6 總結(jié)階段 ··························································································.32 5.6.1 總結(jié)的目的 ··············································································.32 5.6.2 總結(jié)的實(shí)施 ··············································································.33 第6章 網(wǎng)絡(luò)安全應(yīng)急響應(yīng)的實(shí)施體系 ················································.34 6.1 應(yīng)急響應(yīng)實(shí)施體系的研究背景與重要性 ··················································.34 6.1.1 應(yīng)急響應(yīng)實(shí)施體系的研究背景 ·····················································.34 6.1.2 應(yīng)急響應(yīng)實(shí)施體系的重要性 ························································.34 6.2 應(yīng)急響應(yīng)人員體系 ·············································································.35 6.2.1 應(yīng)急響應(yīng)小組的主要工作及目標(biāo) ··················································.35 6.2.2 人員組成 ·················································································.35 6.2.3 職能劃分 ·················································································.36 6.3 應(yīng)急響應(yīng)技術(shù)體系 ·············································································.36 6.3.1 事前技術(shù) ·················································································.37 6.3.2 事中技術(shù) ·················································································.39 6.3.3 事后技術(shù) ·················································································.40 6.4 應(yīng)急響應(yīng)實(shí)施原則 ·············································································.40 6.4.1 可行性原則 ··············································································.41 6.4.2 信息共享原則 ···········································································.41 6.4.3 動(dòng)態(tài)性原則 ··············································································.42 6.4.4 可審核性原則 ···········································································.42 6.5 應(yīng)急響應(yīng)實(shí)施制度 ·············································································.42 6.5.1 實(shí)施制度總則 ···········································································.42 6.5.2 日常風(fēng)險(xiǎn)防范制度 ····································································.43 6.5.3 定期演訓(xùn)制度 ···········································································.43 6.5.4 定期會(huì)議交流制度 ····································································.43 第7章 重大活動(dòng)網(wǎng)絡(luò)安全保障 ·························································.45 7.1 重大活動(dòng)網(wǎng)絡(luò)安全保障的研究背景與其獨(dú)特性 ·········································.45 7.1.1 研究背景 ·················································································.45 7.1.2 重保的獨(dú)特性 ···········································································.45 7.2 重保體系建設(shè)的基礎(chǔ) ··········································································.46 7.2.1 明確重保對(duì)象 ···········································································.46 7.2.2 確立重保目標(biāo) ···········································································.47 7.2.3 梳理重保資產(chǎn)清單 ····································································.47 7.3 重保體系設(shè)計(jì) ···················································································.49 7.3.1 管理體系 ·················································································.49 7.3.2 組織體系 ·················································································.50 7.3.3 技術(shù)體系 ·················································································.50 7.3.4 運(yùn)維體系 ·················································································.50 7.4 重保核心工作 ···················································································.51 7.4.1 風(fēng)險(xiǎn)識(shí)別 ·················································································.51 7.4.2 風(fēng)險(xiǎn)評(píng)估 ·················································································.52 7.4.3 風(fēng)險(xiǎn)應(yīng)對(duì)計(jì)劃 ···········································································.52 7.4.4 風(fēng)險(xiǎn)的監(jiān)控與調(diào)整 ····································································.53 7.5 重保實(shí)現(xiàn)過(guò)程 ···················································································.53 7.5.1 備戰(zhàn)階段 ·················································································.53 7.5.2 臨戰(zhàn)階段 ·················································································.53 7.5.3 實(shí)戰(zhàn)階段 ·················································································.54 7.5.4 決戰(zhàn)階段 ·················································································.54 第8章 數(shù)據(jù)驅(qū)動(dòng)的應(yīng)急響應(yīng)處理機(jī)制 ················································.55 8.1 概念分析 ··························································································.55 8.1.1 數(shù)據(jù)驅(qū)動(dòng)的產(chǎn)業(yè)革命 ·································································.55 8.1.2 數(shù)據(jù)驅(qū)動(dòng)的應(yīng)急響應(yīng)處理機(jī)制 ·····················································.56 8.2 需求分析 ··························································································.57 8.2.1 大數(shù)據(jù)場(chǎng)景中的應(yīng)急響應(yīng)處理的特殊要求 ······································.57 8.2.2 無(wú)人化戰(zhàn)場(chǎng)中的應(yīng)急響應(yīng)處理機(jī)制的必要選擇 ································.60 8.2.3 精細(xì)化管理中的應(yīng)急響應(yīng)處理機(jī)制的有效方法 ································.62 8.3 解決方案 ··························································································.63 8.3.1 數(shù)據(jù)驅(qū)動(dòng)的事故預(yù)防機(jī)制 ···························································.63 8.3.2 數(shù)據(jù)驅(qū)動(dòng)的事故處置機(jī)制 ···························································.65 8.3.3 數(shù)據(jù)驅(qū)動(dòng)的事故尋因機(jī)制 ···························································.66 第9章 操作系統(tǒng)加固優(yōu)化技術(shù) ·························································.68 9.1 簡(jiǎn)介 ································································································.68 9.2 操作系統(tǒng)加固技術(shù)原理 ·······································································.68 9.2.1 身份鑒別 ·················································································.69 9.2.2 訪問(wèn)控制 ·················································································.69 9.2.3 安全審計(jì) ·················································································.70 9.2.4 安全管理 ·················································································.70 9.2.5 資源控制 ·················································································.71 9.3 操作系統(tǒng)加固實(shí)際操作 ·······································································.71 9.3.1 系統(tǒng)口令加固 ···········································································.71 9.3.2 系統(tǒng)賬戶優(yōu)化 ···········································································.76 9.3.3 系統(tǒng)服務(wù)優(yōu)化 ···········································································.81 9.3.4 系統(tǒng)日志設(shè)置 ···········································································.84 9.3.5 遠(yuǎn)程登錄設(shè)置 ···········································································.87 9.3.6 系統(tǒng)漏洞修補(bǔ) ···········································································.90 9.4 經(jīng)典案例分析與工具介紹 ····································································.92 9.4.1 “一密管天下” ········································································.92 9.4.2 臭名昭著的勒索病毒—WannaCry ·················································.93 9.4.3 主機(jī)安全加固軟件 ····································································.93 第10章 網(wǎng)絡(luò)欺騙技術(shù) ·································································.105 10.1 綜述 ····························································································.105 10.2 網(wǎng)絡(luò)欺騙技術(shù) ················································································.105 10.2.1 蜜罐 ···················································································.106 10.2.2 影子服務(wù)技術(shù) ·······································································.113 10.2.3 虛擬網(wǎng)絡(luò)拓?fù)浼夹g(shù) ·································································.113 10.2.4 蜜標(biāo)技術(shù) ·············································································.113 10.3 欺騙技術(shù)發(fā)展趨勢(shì) ··········································································.114 10.4 欺騙技術(shù)的工具介紹 ·······································································.114 10.5 欺騙技術(shù)運(yùn)用原則與案例 ·································································.122 10.5.1 運(yùn)用原則 ·············································································.122 10.5.2 運(yùn)用案例 ·············································································.123 第11章 追蹤與溯源 ····································································.126 11.1 追蹤與溯源概述 ·············································································.126 11.1.1 追蹤與溯源的含義及作用 ························································.126 11.1.2 追蹤與溯源的分類 ·································································.126 11.2 追蹤溯源技術(shù) ················································································.127 11.2.1 網(wǎng)絡(luò)流量追蹤溯源技術(shù) ···························································.127 11.2.2 惡意代碼樣本分析溯源技術(shù) ·····················································.129 11.3 追蹤溯源工具及系統(tǒng) ·······································································.135 11.3.1 Traceroute 小程序 ··································································.135 11.3.2 科來(lái)網(wǎng)絡(luò)回溯分析系統(tǒng) ···························································.136 11.4 攻擊溯源的常見思路 ·······································································.138 11.4.1 組織內(nèi)部異常操作者 ······························································.138 11.4.2 組織內(nèi)部攻擊者 ····································································.138 11.4.3 組織外部攻擊者 ····································································.139 11.5 溯源分析案例 ················································································.139 第12章 防火墻技術(shù) ····································································.143 12.1 防火墻的定義及功能 ·······································································.143 12.1.1 防火墻的定義 ·······································································.143 12.1.2 防火墻的功能 ·······································································.143 12.2 防火墻的分類 ················································································.144 12.2.1 包過(guò)濾防火墻 ·······································································.144 12.2.2 狀態(tài)檢測(cè)防火墻 ····································································.145 12.2.3 應(yīng)用代理防火墻 ····································································.146 12.3 防火墻的體系結(jié)構(gòu) ··········································································.146 12.3.1 雙重宿主主機(jī)體系結(jié)構(gòu) ···························································.147 12.3.2 主機(jī)屏蔽型體系結(jié)構(gòu) ······························································.147 12.3.3 子網(wǎng)屏蔽型體系結(jié)構(gòu) ······························································.149 12.4 防火墻的發(fā)展 ················································································.149 12.4.1 防火墻的應(yīng)用 ·······································································.149 12.4.2 防火墻的發(fā)展趨勢(shì) ·································································.155 第13章 惡意代碼分析技術(shù) ···························································.157 13.1 惡意代碼概述 ················································································.157 13.1.1 惡意代碼的概念 ····································································.157 13.1.2 惡意代碼的分類 ····································································.157 13.1.3 惡意代碼的傳播途徑 ······························································.158 13.1.4 惡意代碼存在的原因分析 ························································.159 13.1.5 惡意代碼的攻擊機(jī)制 ······························································.159 13.1.6 惡意代碼的危害 ····································································.160 13.2 惡意代碼分析技術(shù) ··········································································.160 13.2.1 惡意代碼分析技術(shù)概述 ···························································.160 13.2.2 靜態(tài)分析技術(shù) ·······································································.161 13.2.3 動(dòng)態(tài)分析技術(shù) ·······································································.171 13.3 面對(duì)惡意代碼攻擊的應(yīng)急響應(yīng) ···························································.180 13.3.1 應(yīng)急響應(yīng)原則 ·······································································.180 13.3.2 應(yīng)急響應(yīng)流程 ·······································································.181 13.4 實(shí)際案例分析 ················································································.182 13.4.1 查看惡意代碼基本信息 ···························································.183 13.4.2 查看惡意代碼的主要行為 ························································.183 13.4.3 工具分析惡意代碼 ·································································.185 13.4.4 應(yīng)急響應(yīng)措施 ·······································································.186 第14章 安全取證技術(shù) ·································································.187 14.1 安全取證技術(shù)基本介紹 ····································································.187 14.1.1 目標(biāo) ···················································································.187 14.1.2 特性 ···················································································.187 14.1.3 原則 ···················································································.188 14.1.4 現(xiàn)狀 ···················································································.188 14.1.5 發(fā)展趨勢(shì) ·············································································.188 14.1.6 注意事項(xiàng) ·············································································.188 14.2 安全取證基本步驟 ··········································································.189 14.2.1 保護(hù)現(xiàn)場(chǎng) ·············································································.189 14.2.2 獲取證據(jù) ·············································································.189 14.2.3 保全證據(jù) ·············································································.189 14.2.4 鑒定證據(jù) ·············································································.190 14.2.5 分析證據(jù) ·············································································.190 14.2.6 進(jìn)行追蹤 ·············································································.190 14.2.7 出示證據(jù) ·············································································.190 14.3 安全取證技術(shù)介紹 ··········································································.190 14.3.1 安全掃描 ·············································································.190 14.3.2 流量采集與分析 ····································································.193 14.3.3 日志采集與分析 ····································································.194 14.3.4 源碼分析 ·············································································.201 14.3.5 數(shù)據(jù)收集與挖掘 ····································································.201 14.4 安全取證工具介紹 ··········································································.202 14.4.1 工具概況 ·············································································.202 14.4.2 工具介紹 ·············································································.203 14.4.3 廠商研制工具 ·······································································.217 14.5 安全取證案例剖析 ··········································································.217 14.5.1 勒索病毒爆發(fā) ·······································································.217 14.5.2 網(wǎng)絡(luò)攻擊 ·············································································.219 第15章 計(jì)算機(jī)病毒事件應(yīng)急響應(yīng) ··················································.222 15.1 計(jì)算機(jī)病毒事件處置 ·······································································.222 15.1.1 計(jì)算機(jī)病毒分類 ····································································.222 15.1.2 計(jì)算機(jī)病毒檢測(cè)與清除 ···························································.224 15.1.3 計(jì)算機(jī)病毒事件應(yīng)急響應(yīng) ························································.226 15.2 計(jì)算機(jī)病毒事件處置工具示例 ···························································.228 15.2.1 常用系統(tǒng)工具 ·······································································.228 15.2.2 計(jì)算機(jī)病毒分析工具 ······························································.229 15.2.3 計(jì)算機(jī)病毒查殺工具 ······························································.235 15.2.4 系統(tǒng)恢復(fù)及加固工具 ······························································.237 15.3 計(jì)算機(jī)病毒事件應(yīng)急響應(yīng)處置思路及案例 ···········································.240 15.3.1 計(jì)算機(jī)病毒事件應(yīng)急響應(yīng)思路 ··················································.240 15.3.2 勒索病毒處置案例 ·································································.240 15.3.3 某未知文件夾病毒處置案例 ·····················································.242 第16章 分布式拒絕服務(wù)攻擊事件應(yīng)急響應(yīng) ······································.243 16.1 DDOS攻擊介紹 ··············································································.243 16.1.1 DoS 攻擊 ·············································································.243 16.1.2 DDoS 攻擊 ···········································································.243 16.1.3 DDoS 攻擊分類 ·····································································.244 16.1.4 DDoS 攻擊步驟 ·····································································.248 16.2 DDOS攻擊應(yīng)急響應(yīng)策略 ··································································.249 16.2.1 預(yù)防和防范(攻擊前) ···························································.249 16.2.2 檢測(cè)和過(guò)濾(攻擊時(shí)) ···························································.250 16.2.3 追蹤和溯源(攻擊后) ···························································.252 16.3 DDOS攻擊事件處置相關(guān)案例 ····························································.252 16.3.1 GitHub 攻擊(2018 年) ·························································.252 16.3.2 Dyn 攻擊(2016 年) ·····························································.254 16.3.3 Spamhaus 攻擊(2013 年) ······················································.255 16.4 DDOS常見檢測(cè)防御工具 ··································································.257 16.4.1 DDoS 攻擊測(cè)試工具 ·······························································.257 16.4.2 DDoS 監(jiān)測(cè)防御工具 ·······························································.260 第17章 信息泄露事件處置策略 ·····················································.266 17.1 信息泄露事件基本概念和理論 ···························································.266 17.2 信息防泄露技術(shù)介紹 ·······································································.267 17.2.1 信息存儲(chǔ)防泄露技術(shù)介紹 ························································.267 17.2.2 信息傳輸防泄露技術(shù)介紹 ························································.267 17.2.3 信息使用防泄露技術(shù)介紹 ························································.268 17.2.4 信息防泄露技術(shù)趨勢(shì)分析 ························································.268 17.3 信息防泄露策略分析 ·······································································.269 17.3.1 立法 ···················································································.270 17.3.2 管控 ···················································································.270 17.3.3 技術(shù) ···················································································.271 第18章 高級(jí)持續(xù)性威脅 ······························································.273 18.1 APT攻擊活動(dòng) ················································································.273 18.1.1 活躍的 APT 組織 ···································································.273 18.1.2 典型的 APT 攻擊案例 ·····························································.275 18.2 APT概述 ······················································································.276 18.2.1 APT 含義與特征 ····································································.276 18.2.2 APT 攻擊流程 ·······································································.277 18.2.3 APT 技術(shù)手段 ·······································································.278 18.3 APT攻擊的檢測(cè)與響應(yīng) ····································································.280 18.4 APT行業(yè)產(chǎn)品和技術(shù)方案 ·································································.281 18.4.1 綠盟威脅分析系統(tǒng) ·································································.282 18.4.2 天融信高級(jí)威脅檢測(cè)系統(tǒng) ························································.285 參考文獻(xiàn) ····················································································.287
你還可能感興趣
我要評(píng)論
|