?????????????? - PowerPoint PPT Presentation

About This Presentation

Title:

??????????????

Description:

Title: Author: Zhang Bing Last modified by: xucf Created Date: 11/30/2004 6:32:51 AM Document presentation format – PowerPoint PPT presentation

Number of Views:19

Avg rating:3.0/5.0

Slides: 61

Provided by: Zhan141

Category:

Tags: csirt

more less

Transcript and Presenter's Notes

Title: ??????????????

1
???????????????????

?????????????????
??? ??
2004.12.24 CERNET2004??

2
??

?????????????
???????????????
??????????
?????????????
??

3
?????????????
4
??????????
????CERT/CC??
5
??????????

Windows??????
Web??????
?????
Windows??????
??SQL???
Windows??
Web???
????
LSAS Exposures
???????
????

Unix??????
BIND????
Web???
??
??????
????????
????????
?????????
????NIS/NFS ????
???
??

??SANS????
6
??????????

?????????????
Symantec??,2004????,?????????????5.8?
????????
2004?1-6?,?????????64??????,36??????
?????????????
Web?????????
Symantec??,2004???????479??Web???????,????39

7
??????????????????

??
1988?11?Morris??,???????
1989?10?Wank??
2001?????????????
2003?SQL SLAMMER???????????????
2004?5????????
????,????
????????????????????????

CNCERT/CC????????,?2004????,????Mydoom?????RPC???L
SASS??????????????????200??

9
????????????

????
SQL SLAMMER2003?1?25???,?????????,????????,??????
??????,????????22600??
????
2001?????????????????????,?????????
????????????????????,?????
???????????,????????
2001?,????????????????26???
???????????????????????????100????
?????

10
????????

????????????????
Witty????
????,????
???????email????????IIS?????
????????
????????????
Botnet
???????????????

11
??????????
12
(No Transcript)
13
??????????????
????????
??
??????????
?
?????
????
???????
??
???? ????
????
www??
????
?????
????
????
????
????
????
??????
??????
????
??????
???
???
?
2000
1980
1985
1990
1995
14
2004???????

????(Phishing)
?????
?????????????????????
??????????????????????
??????????????

15
(No Transcript)
16
2004???????

??Botnet?????
????????BOT
??????IRC???????
????????
BOT??????,??????

17
2004???????

???????(WLAN)???
2004?,????Symbian??????????
????PocketPC????????????
????????????????,?????????????
WLAN??????????????
2004?????????IEEE 1278.11b????????????????

18
???????????????
19
??????????

?????????????????
??????????,??????????????????????????????
???????????????????????????????????,??????,?????
???????????????????????????????????,????????????
???

20
??????????

???????????????(???2003 27??)???????????????
,????????????,???????????????,??????????,?????????
???,???????????????,???????????
????????????????????,???????????????

21
?????????????

????
????
????
????

22
?????????????

????
????
????
????
????

????
????
????
????

23
???????????

???????
?????????
???????
?????????????????
????
?????????/?????????
????
??????????
??????
?????????????????????????????

24
???????????

???????
??????????CNCERT/CC,??12?????????24??????????
????/????????,CNCERT/CC??8?????????
????/????????,12?????????
?????

25
???????????

????
????
????
????

26
????2003.SQL Slammer/????

??CNCERT/CCCCERT????CERT????
?????????,??????
??
???????????
?????????

27
CNCERT/CC??

?????????????????
2000???,2003?7????????
??National Computer network Emergency Response
technical Team/Coordination Center of China
?????
????????????????????????,????????????????????(CER
T)???????????????????,????????????????????????????
??????????????????????????????,???????????????????
???????,????????????????????????????

28
?????????

????????????
????????????????????????????
?????????????????
????????????????????????
????????????
?????????
???????????

29
2004?1-10?????????
30
???????????

Global Problem, Global Solution??????????????????
?????????
2002?8?,??FIRST????
APCERT????????????
???????????????????????CERT?????????
??????????????CERT????????

31
??????????

????

32
???????

????????,????????????????????????
??????,?????
????????????
?????????????
???????
????????????????

33
?????????

????????????
???????????????(?????POC)
???????????,???????
??????????????
?????????
????????????????????
?????????????

?????????????!
34
??????????

???????????
CSIRT Computer Security Incident Response Team
???????????,?????????????????????
CNCERT/CC?CCERT

35
?????????

?????CSIRT?
??????
?????????????
???????????
?????????????
???????????????????????
??????,???????
CSIRT??????????????
??????????

36
???????
????????
??????
??????????
37
(No Transcript)
38
?????????

?????????????
?????????????
?????????????
?????????????
????????,???!
?????????????

39
Handling the Incident
Incident Response Life Cycle
?? Preparation
?? Identification
?? Follow up Analysis
?? Recovery
?? Containment
?? Eradication
40
(No Transcript)
41
??????

????
????????????
?????????????????????
??,????,???
?????????,??????
??????

42
????????????
???????????
43
??????

????????
??????????????
???????
???????
?????????????/???
???????
????????????????

44
??????

???????
????????,????
?????????
??????
??????????
?????
???????,???????,???????

45
??????

???????
????,????
????
????
????
??????

46
??????

????????????
???????
????????????
??????
????

47
??????

?????????????,???????????
??????,????????
?????????

48
??????????

??????
??????
?????????
??????
??????
??????(????????)
????????(SOC)
??

49
???????
????? ????? ????????
????? ???? ???? ?????? ?????? ?????? ?????? ?????? ?????? ???????? Artifact?? Artifact?? Artifact?? Artifact???? ?? ???? ??????? ???????????????????? ??????? ?????? ?????????? ???? ???????????? ????? ?????? ??/?? ???????
50
?????????

???????,?????????
???????,??????????
?????????
???????????????
??????????????

51
?????????????
52
??????

???
????
??????
(??)
????

???
????
????
??????
????
????
????
??????
????Propagation Control
???????
???????
??/??/??

53
??????

???????
????????6?????
????????
10?30????????????????

Well, how fast can we be, then ?
54
??????
55
?????????????????
????
Time
56
??????????

????DDoS?BotNet???????????????
???????????????????
??????????,DDoS??????????
?????????
???????????

57
????????Real-time Inter-network Defense (RID)

Trace Security Incidents to the Source
Stop or Mitigate the Effects of an Attack or
Security Incident
Facilitate Communications between Network
Providers
Integrate with existing and future network
components
Systems to trace traffic across a network
Intrusion Detection Systems
NetFlow, Hash Based IP Traceback, IP Marking,
etc.
Network devices such as routers and firewalls
Provide secure means to communicate RID messages
Consortiums agree upon use and abuse guidelines
Consortiums provide a key exchange method
Trusted PKI, certificate repository, cross
certifications

Source INCH WG RID Draft
58
??-???????

????????????
??????????????
??????????????

?????
?????
?????
?????
?????
??
59
??????????!??!
CNCERT/CC 724?????? 010-82990999 cncert_at_cert.org.
cn ??31???? ???CNCERT/CC?? http//www.cert.org.
cn
60
?????????????????
??? ???? ??????????3
?01???,100029 ? ? 010 82990361 ? ? 010
82990399 ???? zhangbing_at_cert.org.cn ? ?
http//www.cert.org.cn
? ? ??

Write a Comment

User Comments (0)