Recently, the consolidated web, mail, and data security Solutions provider Websense released a security forecast for 2009. It is noteworthy that "cloud security" technology is abused, Web applications and Web 2.0 applications, and other malicious use of the risk will increase dramatically. Hackers make the most of the web-launched attacks, and in 2009 a malicious attack that uses Web API services to gain trust, steal a user's credentials, or confidential information will increase.
At the same time, as websites that allow users to edit content are becoming more popular and growing in number, some sites are likely to lead to a significant increase in web spam and malicious content sent to blogs, forums and social sites, including search engine paralysis, malicious solicitation and cyber fraud. In addition, these threats and attacks will be consolidated by a number of new Web attack tools, allowing hackers to discover sites that have vulnerabilities or allow malicious code to be published.
In the past, the technology of web security has been more and more, at present, such schools of technology have been divided into two categories: the first class based on a new type of web safety gateway, the second category based on the latest cloud security technology. For users, whichever technology is used, the key is the experience of security effects.
Web security definition and consensus
The current industry mainstream security vendors after years of repeated debate, finally on the web security reached a consensus, unified the definition of web security. This is really not easy, you know, different manufacturers focus on different----URL filtering, HTTP filtering, anti-virus, anti-spam, proxy, port mirroring and so on----disparate scenarios are likely to lead to users of the entire Web security domain confusion, Very unfavorable to the growth of the whole industry.
For web security, the consensus in the industry today is that a unified definition cannot be based on the technology of the vendor, but on the urgency of the user's needs.
From this point of view, web security is divided into two types of application models: one is for viruses, Trojans, spyware, malware threat, and another kind of focus on standardizing user behavior, such as using URLs to filter certain sites, employees work time online control, user Application protocol control, IM application records and filtering, To the Peer-to-peer software management and control, the enterprise internal bandwidth management.
It should be noted that the two modes of application are not isolated, and there is a cross between them. According to Anchiva, general manager of China Region Lisong introduced based on experience, a complete Web security solution requires at least two parts: a security defense device (such as firewalls, intrusion detection, UTM) for the TCP/IP Protocol II and three or four layer applications, and then a security defense device for the seven-layer content. In order to solve the virus, IM, Peer-to-peer, network games, spam, content audit applications.
A similar view is also a security administrator at China's Civil Aviation Administration. He said: "So far, I know many of the same users of web security still can not form the optimal configuration or consensus, but we have a basic idea, that is a complete set of IPS system +web security gateway to match, at least to meet a considerable number of internal staff for web security needs. ”
Speaking of applications, Hillstone chief Software architect Wang Jong said in an interview that attacks against businesses are always followed by applications, more and more enterprise applications are built on the Internet, and users ' activities on the Internet are increasingly frequent and unmanageable. Whether it is a normal enterprise application or an enterprise employee's personal Internet behavior, will become the object of the Web attack. From the current point of view, the accumulation of many years, so that enterprises have a certain network attack defense capabilities, and for the emergence of new web activities caused by security threats, enterprises need to be based on their own characteristics, strengthen the corresponding means of prevention.
Web security situation
The reason why the current web security is a hot topic, the key is that the Web security environment at home and abroad is not optimistic. The current threat to Web applications is growing at an explosive rate, according to a recent report on security threats reported in the first half of 2008, and the risk to enterprises and end-users worldwide has reached a very serious level.
In this respect, Wedge NX Global CTO Zhang Hongwen, the United States or China, with "social network, Web2.0, SaaS" The rise of the network itself has become a part of social life. In this environment, unlike traditional virus manufacturing, the current Trojan horse programs, spyware, malware and other interests-driven attack means more and more.
In fact, as current Web application development becomes more complex and rapid, attackers can easily implement vulnerabilities such as injection attacks, cross-site scripting attacks, and unsafe direct object affinity attacks, thereby further stealing corporate secrets, user privacy, credit card accounts, and Game account password can be easily converted into benefits of information.
In addition, through Trojans, loopholes control a large number of ordinary user host Zombie network, the use of these "broiler", the controller can obtain benefits in a variety of ways, such as launching attacks, click Ads, increase traffic and other behavior.
"From the actual experience, in a typical Web services architecture, it is likely that some of the attacks from the web level to infiltrate the enterprise's control and data level, resulting in a wider range of disaster." In fact, whether you are attacking a Web site or a Web service, a malicious Web site can always be built quickly and hit innocent users with the help of search engines. ”
From Wedge NX Global partner feedback, corporate users in the United States, Japan, Korea and the UK have a better understanding of web attacks and the vulnerabilities of Web applications. On this basis, some vertical industries and institutions in those countries, such as public security, finance, medical, transportation, energy and other enterprises, the technical attention and investment in web security is very high.
The reality is pathetic. According to trends in statistics published in the two quarter of this year, more than 10,000 major websites in the country have been subjected to "injection attacks", which are motivated almost by malware implants, reputational damage, and data theft.
There are users BBS message: "We attach importance to the loss of web security, but I do not know, this part of the budget should be allocated to whom: is assigned to the network infrastructure management team, or to manage the Web server and database server team?" Undoubtedly, the challenge of web security is interpreted into the level of technology, application and enterprise management.
The problem is already clear, the current threat to Web applications, enterprise users are currently not enough to prevent the measures. Dr Zhang Hongwen once pointed out: "The current domestic enterprises are most of the security equipment is based on the TCP/IP protocol three or four layer of protection, and the threat of Web applications is based on the protocol of the seven-tier attack (Application layer attack), from a technical point of view, traditional firewall, Devices such as IDs are almost defenseless against the application layer. ”
Cloud security 15 minutes to establish a defensive line virus intrusion into history
After reading the last half of the article, let us know that today's virus is basically based on the web to spread, by the high traffic on the Web page, "Hang Horse" in the way, when users visit the Web page automatically downloaded to the local computer information. Most commonly visited by users of the site, there are about 20% of all kinds of Trojan virus. This directly caused a 65% of the users because of online shopping at home by such viruses, resulting in economic losses.
In the context of the global financial crisis, the loss of account losses is no doubt worse. And the "Hanging horse" against the disadvantage is the direct cause of this effect. That is, the number of web viruses, the rapid spread of the characteristics caused by the "0" crisis. The virus uses the precautionary "empty window period" to invade wantonly. Traditional anti-virus work cannot compete with the virus at speed.
But the trend of technology cloud security technology changed this situation, based on cloud computing powerful data processing capabilities, the artificial discriminant risk into a computer to identify the security level of the Web page model, by calculating the credibility of the Web page, the Web threat can be curbed outside the network. For example, when a cloud security user accesses a Web page, the access request is sent to the "cloud" database of trend technology, which is queried for the risk level of the page, which takes only dozens of milliseconds to make the end user unaware of it, only to be prompted when accessing a Web page that contains a threat.
If a user accesses a Web page that has no record in the cloud database, the user will have a smooth access to the page. At the same time, the trend of more than 2000 online servers will be the source of Web information collection, and then distributed computing, to obtain the credibility of the page level. This calculation takes up to 15 minutes. Thereafter, the second cloud-safe user who accesses the Web page will be protected by the cloud, thereby achieving the "no second victim in the Web world".