Presentation is loading. Please wait.

Presentation is loading. Please wait.

McAfee Confidential—Internal Use Only 电子商务交易安全威胁分析和对策 2015年5月7日 2015年5月7日 2015年5月7日.

Similar presentations


Presentation on theme: "McAfee Confidential—Internal Use Only 电子商务交易安全威胁分析和对策 2015年5月7日 2015年5月7日 2015年5月7日."— Presentation transcript:

1 McAfee Confidential—Internal Use Only 电子商务交易安全威胁分析和对策 2015年5月7日 2015年5月7日 2015年5月7日

2 McAfee Confidential—Internal Use Only 5/7/20152 直接影响到 公司和个人的收益 互联网安全 威胁在演变 安全威胁直接影响到机构和个人的经济收益 据估算,每年电子商务因客 户缺乏信任而导致取消交易 的损失高达 $20 亿美金 恶意代码数量增长 Botnet 演进趋势 APT 攻击趋势

3 McAfee Confidential—Internal Use Only ReportedInstitutionData Breached Dec 2010McDonald’s 1.3 million consumers data records including name, add, phone, birth date and gender Dec 2010Honda/Acura 3 rd party marketing firm SilverPop- 4.9 million accounts July 2010 UCSF Medical Center Employee used colleagues’ SSNs, PII to fill out hundreds of surveys and redeem Amazon.com vouchers July 2010 Buena Vista University PII for applicants, students, staff, and donors going back to 1987 stolen from BVU database June 2010Univ. of Maine Hackers stole PII/clinical data for 3,500 students June 2010Digital River, Inc. Hackers (and possibly insiders) copy 200,000 personal records Mar 2010TSA Terminated developer placed malware in terrorism suspect DB Feb 2010Ceridian Attack yielded SSNs and bank account data for 27,000 employees of 1,900 companies from payroll processor Jan 2010 Iowa Racing & Gaming Comm. Hacker gained access to database containing PII of more than 80,000 employees Dec 2009Rock You SQL injection resulted in breach of 32 million user passwords Nov 2009T-Mobile Employee sold millions of customer records to rival carriers Aug 2009Heartland 130 Million+ credit/debit card records Source: Privacy Rights Clearinghouse 安全威胁直接影响到机构和个人的经济收益

4 McAfee Confidential—Internal Use Only 安全威胁直接影响到机构和个人的经济收益 CompanyBreach Sony compensating-psn-users-fbi-gets-involved.ars Outsider hack reported over 70 million user records stolen New Zealand Dept. of Internal Affairs 0640/ Outsider Denial of Service via outsider hack into the database via sql injection Vodafone Australia over-Dubious-Practices shtml Internal employees at Communications Direct Pty Ltd and Vodafone fired and over unauthorized access to Vodafone customer records Dell Australia details-stolen-in-major-global-data-breach d4yd.html Marketing database provider Epsilon breach – 40 Billion s stolen worldwide South Korea Hyundai Capital idUSTRE73A0DJ Outsider hack of the financial arm of Hyundai stealing over 400,000 customer records Monster.com Outsider hack stealing user-ids, passwords, addresses, phone numbers and demographic data Honda affects-4-9-million-customers/ Outsider hack of 4.9 Million customer records KDDI Japan Outsider hack of 5 Million credit card records

5 McAfee Confidential—Internal Use Only 安全还是不安全? May 7, 20155

6 McAfee Confidential—Internal Use Only 电子商务交易安全环节 May 7, 数据中心及周边系统 交易终端 交易过程

7 McAfee Confidential—Internal Use Only 数据中心安全设计参考框架 May 7, 20157

8 McAfee Confidential—Internal Use Only 数据中心安全设计参考框架 May 7, 20158

9 McAfee Confidential—Internal Use Only 服务器虚拟化环境下的安全防护 Hypervisor Traditional IPS Physical Server Network Security Platform (IPS) Next Gen Firewall Note: McAfee FW does not support inter-VM Communications (VMotion) 同一物理机上虚拟机之间的安全隔离 9

10 McAfee Confidential—Internal Use Only 服务器虚拟化环境下的安全防护 May 7, Traditional IPS Network Security Platform (IPS) 对虚拟服务器的安全加固和变更控制 Hypervisor Physical Server Next Gen Firewall ToPs for Servers

11 McAfee Confidential—Internal Use Only 服务器虚拟化环境下的安全防护 May 7, Traditional IPS Network Security Platform (IPS) 对虚拟化系统上运行的数据库提供安全保护 Hypervisor Physical Server Next Gen Firewall ToPs for Servers DAM

12 McAfee Confidential—Internal Use Only 服务器虚拟化环境下的安全防护 May 7, Traditional IPS Network Security Platform (IPS) Hypervisor 感知的病毒防范 Hypervisor Physical Server Next Gen Firewall ToPs for Servers DAM Move AV for Servers

13 McAfee Confidential—Internal Use Only 高级持续性威胁( APT )攻击示意 Internet USERS & PARTNERS SaaS BRANCH OFFICE CORPORATE LAN

14 McAfee Confidential—Internal Use Only 交易终端的安全性 May 7, 真正的挑战

15 McAfee Confidential—Internal Use Only 传统的基于特征的恶意代码防御技术 File PropertiesProperty Values Detection NameSample 1 Length94134 bytes MD5B075a2b81336caedcccdec336811f461 SHA1772e79026bef86044e308d290d4d4fdf c Sample submitted and processed Add to cloud Add to local virus signature file New sample May 7,

16 McAfee Confidential—Internal Use Only 传统的基于特征的恶意代码防御技术 File PropertiesProperty Values Detection NameSample 1 Length94134 bytes MD5B075a2b81336caedcccdec336811f461 SHA1772e79026bef86044e308d290d4d4fdf c Sample submitted and processed Add to cloud Add to local virus signature file May 7,

17 McAfee Confidential—Internal Use Only 交易终端的安全性 May 7, 硬件辅助的安全防 护 – 防止 Rootkit 动态白名单技术 – 防范未知威胁 外设控制 – 防止非法 U 盘等外 设 Internet 网站安全信 誉 – 防止误访问恶意 站点 可管理性???

18 McAfee Confidential—Internal Use Only 交易过程的安全性 May 7,

19 McAfee Confidential—Internal Use Only 其它方面:用户的信心 McAfee SECURE ™ – 主要为在线交易相关站点提供安全性证明 – 在超过五十个国家中拥有数万客户 – 有 8 万多个站点拥有 McAfee SECURE 的可信标志 – 互联网零售商前 500 家中超过一半采用该服务 – 为商家增加的交易量平均为 12% – 多语言支持 - 英语、日语、中文、西班牙、匈牙利、德语

20 McAfee Confidential—Internal Use Only 全世界的无产阶级,联合起来! McAfee Labs MFE Products Other feeds & analysis ServersFirewallsEndpointsAppliances File Reputation Engine Web Reputation Engine Network Threat Information IP and Sender Reputation Engine Vulnerability Information Global Threat Intelligence Firewall IPS DLPWebAWL ePO AV

21 McAfee Confidential—Internal Use Only 结语 May 7, “Companies spend millions of dollars on firewalls and it's money wasted because none of these measures address the weakest link in the security chain: the people who use and operate computer systems” -Kevin Mitnick (Ex-hacker; spent 4 years prison for hacking PacBell)

22


Download ppt "McAfee Confidential—Internal Use Only 电子商务交易安全威胁分析和对策 2015年5月7日 2015年5月7日 2015年5月7日."

Similar presentations


Ads by Google