?????????????? - PowerPoint PPT Presentation

About This Presentation
Title:

??????????????

Description:

Title: Author: Zhang Bing Last modified by: xucf Created Date: 11/30/2004 6:32:51 AM Document presentation format – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 61
Provided by: Zhan141
Category:
Tags: csirt

less

Transcript and Presenter's Notes

Title: ??????????????


1
???????????????????
  • ?????????????????
  • ??? ??
  • 2004.12.24 CERNET2004??

2
??
  • ?????????????
  • ???????????????
  • ??????????
  • ?????????????
  • ??

3
?????????????
4
??????????
????CERT/CC??
5
??????????
  • Windows??????
  • Web??????
  • ?????
  • Windows??????
  • ??SQL???
  • Windows??
  • Web???
  • ????
  • LSAS Exposures
  • ???????
  • ????
  • Unix??????
  • BIND????
  • Web???
  • ??
  • ??????
  • ????????
  • ????????
  • ?????????
  • ????NIS/NFS ????
  • ???
  • ??

??SANS????
6
??????????
  • ?????????????
  • Symantec??,2004????,?????????????5.8?
  • ????????
  • 2004?1-6?,?????????64??????,36??????
  • ?????????????
  • Web?????????
  • Symantec??,2004???????479??Web???????,????39

7
??????????????????
  • ??
  • 1988?11?Morris??,???????
  • 1989?10?Wank??
  • 2001?????????????
  • 2003?SQL SLAMMER???????????????
  • 2004?5????????
  • ????,????
  • ????????????????????????

8
  • CNCERT/CC????????,?2004????,????Mydoom?????RPC???L
    SASS??????????????????200??

9
????????????
  • ????
  • SQL SLAMMER2003?1?25???,?????????,????????,??????
    ??????,????????22600??
  • ????
  • 2001?????????????????????,?????????
  • ????????????????????,?????
  • ???????????,????????
  • 2001?,????????????????26???
  • ???????????????????????????100????
  • ?????

10
????????
  • ????????????????
  • Witty????
  • ????,????
  • ???????email????????IIS?????
  • ????????
  • ????????????
  • Botnet
  • ???????????????

11
??????????
12
(No Transcript)
13
??????????????
????????
??
??????????
?
?????
????
???????
??
???? ????
????
www??
????
?????
????
????
????
????
????
??????
??????
????
??????
???
???
?
2000
1980
1985
1990
1995
14
2004???????
  • ????(Phishing)
  • ?????
  • ?????????????????????
  • ??????????????????????
  • ??????????????

15
(No Transcript)
16
2004???????
  • ??Botnet?????
  • ????????BOT
  • ??????IRC???????
  • ????????
  • BOT??????,??????

17
2004???????
  • ???????(WLAN)???
  • 2004?,????Symbian??????????
  • ????PocketPC????????????
  • ????????????????,?????????????
  • WLAN??????????????
  • 2004?????????IEEE 1278.11b????????????????

18
???????????????
19
??????????
  • ?????????????????
  • ??????????,??????????????????????????????
    ???????????????????????????????????,??????,?????
    ???????????????????????????????????,????????????
    ???

20
??????????
  • ???????????????(???2003 27??)???????????????
    ,????????????,???????????????,??????????,?????????
    ???,???????????????,???????????
  • ????????????????????,???????????????

21
?????????????
  • ????
  • ????
  • ????
  • ????

22
?????????????
  • ????
  • ????
  • ????
  • ????
  • ????
  • ????
  • ????
  • ????
  • ????

23
???????????
  • ???????
  • ?????????
  • ???????
  • ?????????????????
  • ????
  • ?????????/?????????
  • ????
  • ??????????
  • ??????
  • ?????????????????????????????

24
???????????
  • ???????
  • ??????????CNCERT/CC,??12?????????24??????????
  • ????/????????,CNCERT/CC??8?????????
  • ????/????????,12?????????
  • ?????

25
???????????
  • ????
  • ????
  • ????
  • ????

26
????2003.SQL Slammer/????
  • ??CNCERT/CCCCERT????CERT????
  • ?????????,??????
  • ??
  • ???????????
  • ?????????

27
CNCERT/CC??
  • ?????????????????
  • 2000???,2003?7????????
  • ??National Computer network Emergency Response
    technical Team/Coordination Center of China
  • ?????
  • ????????????????????????,????????????????????(CER
    T)???????????????????,????????????????????????????
    ??????????????????????????????,???????????????????
    ???????,????????????????????????????

28
?????????
  • ????????????
  • ????????????????????????????
  • ?????????????????
  • ????????????????????????
  • ????????????
  • ?????????
  • ???????????

29
2004?1-10?????????
30
???????????
  • Global Problem, Global Solution??????????????????
    ?????????
  • 2002?8?,??FIRST????
  • APCERT????????????
  • ???????????????????????CERT?????????
  • ??????????????CERT????????

31
??????????
  • ????

32
???????
  • ????????,????????????????????????
  • ??????,?????
  • ????????????
  • ?????????????
  • ???????
  • ????????????????

33
?????????
  • ????????????
  • ???????????????(?????POC)
  • ???????????,???????
  • ??????????????
  • ?????????
  • ????????????????????
  • ?????????????

?????????????!
34
??????????
  • ???????????
  • CSIRT Computer Security Incident Response Team
  • ???????????,?????????????????????
  • CNCERT/CC?CCERT

35
?????????
  • ?????CSIRT?
  • ??????
  • ?????????????
  • ???????????
  • ?????????????
  • ???????????????????????
  • ??????,???????
  • CSIRT??????????????
  • ??????????

36
???????
????????
??????
??????????
37
(No Transcript)
38
?????????
  • ?????????????
  • ?????????????
  • ?????????????
  • ?????????????
  • ????????,???!
  • ?????????????

39
Handling the Incident
Incident Response Life Cycle
?? Preparation
?? Identification
?? Follow up Analysis
?? Recovery
?? Containment
?? Eradication
40
(No Transcript)
41
??????
  • ????
  • ????????????
  • ?????????????????????
  • ??,????,???
  • ?????????,??????
  • ??????

42
????????????
???????????
43
??????
  • ????????
  • ??????????????
  • ???????
  • ???????
  • ?????????????/???
  • ???????
  • ????????????????

44
??????
  • ???????
  • ????????,????
  • ?????????
  • ??????
  • ??????????
  • ?????
  • ???????,???????,???????

45
??????
  • ???????
  • ????,????
  • ????
  • ????
  • ????
  • ??????

46
??????
  • ????????????
  • ???????
  • ????????????
  • ??????
  • ????

47
??????
  • ?????????????,???????????
  • ??????,????????
  • ?????????

48
??????????
  • ??????
  • ??????
  • ?????????
  • ??????
  • ??????
  • ??????(????????)
  • ????????(SOC)
  • ??

49
???????
????? ????? ????????
????? ???? ???? ?????? ?????? ?????? ?????? ?????? ?????? ???????? Artifact?? Artifact?? Artifact?? Artifact???? ?? ???? ??????? ???????????????????? ??????? ?????? ?????????? ???? ???????????? ????? ?????? ??/?? ???????
50
?????????
  • ???????,?????????
  • ???????,??????????
  • ?????????
  • ???????????????
  • ??????????????

51
?????????????
52
??????
  • ???
  • ????
  • ??????
  • (??)
  • ????
  • ???
  • ????
  • ????
  • ??????
  • ????
  • ????
  • ????
  • ??????
  • ????Propagation Control
  • ???????
  • ???????
  • ??/??/??

53
??????
  • ???????
  • ????????6?????
  • ????????
  • 10?30????????????????

Well, how fast can we be, then ?
54
??????
55
?????????????????
????
Time
56
??????????
  • ????DDoS?BotNet???????????????
  • ???????????????????
  • ??????????,DDoS??????????
  • ?????????
  • ???????????

57
????????Real-time Inter-network Defense (RID)
  • Trace Security Incidents to the Source
  • Stop or Mitigate the Effects of an Attack or
    Security Incident
  • Facilitate Communications between Network
    Providers
  • Integrate with existing and future network
    components
  • Systems to trace traffic across a network
  • Intrusion Detection Systems
  • NetFlow, Hash Based IP Traceback, IP Marking,
    etc.
  • Network devices such as routers and firewalls
  • Provide secure means to communicate RID messages
  • Consortiums agree upon use and abuse guidelines
  • Consortiums provide a key exchange method
  • Trusted PKI, certificate repository, cross
    certifications

Source INCH WG RID Draft
58
??-???????
  • ????????????
  • ??????????????
  • ??????????????

?????
?????
?????
?????
?????
??
59
??????????!??!
CNCERT/CC 724?????? 010-82990999 cncert_at_cert.org.
cn ??31???? ???CNCERT/CC?? http//www.cert.org.
cn
60
?????????????????
??? ???? ??????????3
?01???,100029 ? ? 010 82990361 ? ? 010
82990399 ???? zhangbing_at_cert.org.cn ? ?
http//www.cert.org.cn
? ? ??
Write a Comment
User Comments (0)
About PowerShow.com