Web Security Technology Analysis

Scanner and Intrusion Detection for Web Security Technology

Security scanning is an important technology in network security defense. Its principle is to perform one-by-one checks on the possible known security vulnerabilities of the target in the form of simulated attacks. Then, the system administrator is provided with a thorough and reliable security analysis report based on the scan results. In the construction of the network security system, security scanning tools are cost-effective, fast, and easy to install and run. This can reduce the manual work of security administrators on a large scale and help maintain the consistency and stability of security policies across the entire network.

Evaluate the performance of a network security scanning tool by taking into account the number of vulnerabilities detected by scanning and the updating speed of the Vulnerability Database; scanning efficiency; Flexibility of simulated attack methods; ease of use and stability; form of analysis report.

The Intrusion detection system (IDS) is a kind of real-time monitoring for network transmission, A network security device that sends an alert or actively responds to suspicious transmission. Unlike other network security devices, IDS is a proactive security protection technology.

Analyzes various events and finds that violations of security policies are the core functions of the intrusion detection system. Technically, intrusion detection is divided into two types: signature-based and anomaly-based ).

For the identification-based detection technology, first define the characteristics of events that violate security policies, such as some header information of network packets. The detection mainly checks whether such features appear in the collected data. This method is very similar to anti-virus software.

Exception-based detection technology first defines a set of system "normal" values, such as CPU utilization, memory utilization, file checksum, and so on, then compare the system running value with the defined "normal" to determine whether there are signs of attacks. The core of this detection method is how to define the so-called "normal" situation.

The methods and conclusions of the two detection technologies differ greatly. The core of exception-based detection technology is to maintain a knowledge base. For known attacks, it can report attack types in detail and accurately, but the effect on unknown attacks is limited, and the knowledge base must be constantly updated. Exception-based detection technology cannot accurately identify attack methods, but it can (at least theoretically) identify more extensive or even unknown attacks.

After years of rapid development and fierce competition, China's intrusion detection market has become stable. According to the IDC China Security Market Report, the market space of the top three vendors in the Chinese intrusion detection product market has increased significantly compared with that of last year, while that of small vendors has shrunk significantly. Internationally renowned intrusion detection vendors, including ISS and CISCO, have consistently performed poorly in the Chinese market.

The main cause of poor performance of foreign manufacturers in China's intrusion detection market is that the core value of intrusion detection products is presented in threats. user needs in different regions are clearly different, in this regard, local vendors have a great advantage and can quickly follow up on user needs, while international vendors have difficulty in quickly responding to local market demands, as a result, Chinese manufacturers have dominated the Chinese intrusion detection market.

Cloud security of Web Security Technology

Cloud security is the latest embodiment of information security in the Network Age. It integrates new technologies and concepts such as parallel processing, grid computing, and unknown virus behavior judgment, A large number of clients in the mesh are used to monitor abnormal software behavior in the network, obtain the latest information about Trojans and malicious programs on the Internet, and send it to the Server for automatic analysis and processing, then, the virus and Trojan solutions are distributed to each client.

Cloud security technology is the result of the hybrid development and natural evolution of P2P, grid, and cloud computing technologies. In the future, anti-virus software can not only effectively handle the increasing number of malicious programs, but also filter spam on the network through collaborative computing.

The concept of "cloud security" created by Chinese enterprises is unique in the International Cloud computing field. Cloud Security uses a large number of clients in the mesh to monitor abnormal software behavior in the network, obtain the latest information about Trojans and malicious programs on the Internet, and push them to the server for automatic analysis and processing, then, the virus and Trojan solutions are distributed to each client. The entire Internet has become a super-large anti-virus software. Trend, Kaspersky, MCAFEE, Kingsoft, 360 security guard, Jiangmin technology, rising star, PANDA, SYMANTEC and so on have all launched cloud security solutions.

Cloud SecurityIt is the latest popular security technology in recent years. In this regard, Chinese manufacturers are not far behind in foreign countries, but there are still innovations, which can be used together with independent R & D Technologies of enterprises.