Application set up on Web platform raises strong security issues

Challenges from the Web

In fact, the emergence, development and application of the concept of web security is only three years of things. But the impetus of the rapid development of web security technology and application has been accumulated for more than more than 10 years. In fact, security in the early years is the "Anti-Virus + Firewall" world, but with the development of technology, especially the Internet, more and more enterprises to their own business structure on the network.

This is followed by a variety of web-based security threats: viruses, trojans, spyware, malicious programs, spam, and so on. For a time, a variety of attacks, the pace of innovation so that business users overwhelmed. More and more facts tell users that in this case, traditional security measures are not enough to meet the challenge of web threats. The market urgently needs a brand-new technology means that can provide the protection for the Web application to be born with Web security.

In fact, according to Gartner Group's survey, 75% of information security attacks occur at the Web application layer, not at the network level, and 60% of Web sites are vulnerable and vulnerable. In addition, in this April this newspaper hosted the "2008 Network security Nationwide Roadshow", many security experts have said that into the 2008, phishing, Web page malicious code, Web site tampering, such as the growth rate of nearly 200%. With the popularization of Web2.0 application, the related safety problems are exposed more and more obvious.

Reporters have written several times before that, whether the United States or China, with the "social network, Web2.0, SaaS" The rise of the network itself has become a part of social life. In this environment, unlike traditional virus manufacturing, the current Trojan horse programs, spyware, malware, and other interests-driven attacks are increasingly difficult to defend, and changes and new speed is also faster.

In an interview with the current Web application development, Xu Xuerong, a senior security technology advisor for the trend technology, said the attackers could easily implement vulnerabilities such as injection attacks, cross-site scripting attacks, and unsafe direct object affinity attacks. Thus further through a variety of covert technical means to steal corporate secrets, user privacy, credit card account, game account password can easily be converted into benefits of information. In addition, through Trojans, loopholes control a large amount of ordinary user host Zombie network. Using these "chickens", the controller can gain benefits in a variety of ways. such as launching attacks, clicking Ads, increasing traffic and other behaviors.

According to the introduction, because the virus of the Internet, Web browsing has become the most important source of virus transmission, the Web page hanging horse accounted for the total number of virus transmission more than 90%. Moreover, due to the application of software vulnerabilities, browser plug-ins and other frequent, only rely on the user's own security awareness, it is difficult to deal with complex and changeable, guise virus intrusion channels.

With the wide application of dynamic page technology, Web Service has entered a new stage, and the application scope of Web tamper-proof system based on static file protection has been reduced. Although the most common attack method of attackers is to replace the Web page, it is difficult to use the Web tamper-proof system to protect it. This phase of the most common web defense is "Firewall + Intrusion detection products", and set up a linkage between the two--intrusion detection products found against the web system attack behavior, notify the firewall to block. This scenario is not affected by the architecture of the web system, but users must purchase firewalls and intrusion detection products that can be used in conjunction with each other.

However, traditional malware detection relies on the threat signature database installed on the user's computer. This means that the threat signature database on each computer can provide the most up-to-date protection only after updating and including a new threat signature. Moreover, the use of Web scripts to download and execute Trojan Horse is currently the main mode of infection, more than 90% of the Nets are implemented through the Web script.

Therefore, when a new threat first appears, all computers must wait a period of time to protect against this new threat. To make intranet become a safe environment, first of all, we must solve the security problem of network edge, only the edge of the network security, in order to prevent viruses, worms, malicious threats through the Internet into enterprise intranet. As a result, many enterprises began to deploy anti-virus software, firewalls, anti-virus gateways, IDs and other security devices at the edge of the network. However, these devices are based on the prevention of known attack means, can not effectively prevent the unknown attack means.

New hotspots

Prior to this, Hillstone general manager Mr. Tongjian in an exclusive interview with this newspaper that the attack on the enterprise, always follow the application, more and more enterprise applications built on the Internet, and users on the Internet activities are increasingly frequent and difficult to control. Whether it is a normal enterprise application or an enterprise employee's personal Internet behavior, will become the object of the Web attack. From the current point of view, the accumulation of years so that enterprises have a certain network attack defense capabilities. As for the security threats caused by the new web activities, enterprises need to strengthen the corresponding preventive measures according to their own characteristics.

In this respect, Wedge NX Global CTO Zhang Hongwen in an interview that the traditional web security gateway was born in early 2006, after nearly three years of market running-in, there are four deficiencies: first, the performance is not up; second, the function and detection accuracy is not enough; third, the deployment is more complex; Maintenance is more difficult. To this end, the current mainstream security manufacturers in a large number of applications under the conditions of new technologies, the Internet Hardware Security gateway update.

Because the Web security gateway works in the application layer, it has the innate technical superiority to the Web application protection. Web security gateway based on a deep understanding of Web application business and logic, the various requests from the Web application client content detection and verification, to ensure its security and legitimacy, the illegal request for real-time block, so that all kinds of web sites for effective protection. In fact, web security gateways can be placed on the back end of the firewall to effectively intercept HTTP and FTP data, detect, intercept, protect against viruses, spyware, Trojan horses, and worm attacks.

In fact, among the many web security technologies, it is the "cloud security" that should be mentioned. At present, many security companies are in the layout of "cloud security" technology, no Doubt "cloud security" is the future development of the security sector is a major trend.

Earlier this newspaper has made a special report, the benefits of cloud security is clear, when the source of malicious threats, can be implemented real-time monitoring of the source. Once the source of the virus has mutated or changed, the information can be collected in time, feedback to the "cloud security" client, blocking the transmission of the virus channel. For now, investing in cloud security is the first trend technology. They started research on cloud Security in 2006, and deployed 34,000 cloud servers worldwide, working with top-level domain management agencies to add parameters to DNS for global domain security resolution. Undoubtedly, all efforts are made to address the challenges of web security as comprehensively as possible. Cloud computing is a concept of data processing, Xu Xuerong said. The pattern when processing massive data is a large number of cluster servers gathering information and giving results. This model is a model that security vendors use to launch services that are cloud security solutions.

In fact, cloud security can collect source information from the whole Internet, and determine whether the user's Internet search, access, and Application object is malicious information. This pattern is different from the virus code, the virus code is identified by the signature, and cloud security is based on the location of the information to judge, according to the URL address this section of the risk level to judge. It has good effect on safety, accuracy and dynamic performance.