Zhou: against large data platform security threats with large data technology

In January, all the common top-level domains (. com/.net/.org, etc.) in mainland China were resolved, and all related domain names were directed to an IP address (65.49.2.178) located in the United States, resulting in tens of millions of of Internet users being unable to access the site within hours.

April, OpenSSL "Heart Bleed (Heartbleed)" significant security vulnerabilities were exposed, which allowed hackers to read the server system's running memory. There are people in the industry to use the flaw in a well-known electric website test, successful access to a number of users and passwords, and successful landing site.

September, "icloud Yan Zhao Door" incident broke out, hundreds of Hollywood actress indecent photo on the internet was exposed. The reason is that hackers have stolen images uploaded by users by attacking Apple's icloud cloud storage service.

In the 2014, Internet network security incidents emerged. From the individual to the enterprise to the country, all levels of Internet users are at risk. Compared with previous years, this year's network security incidents began to biased information data theft, which is closely related to the development of large data technology.

In the information age, the large data platform carries the huge data resources from personal computer, mobile intelligent terminal, wearable equipment, smart home equipment and intelligent automobile, etc., and it must become an important target of hacker organization and all kinds of hostile power network attack. Therefore, the network security problem in the large data age will be the precondition of all large data utilization. At the same time, we can also use large data technology to enhance our network security technology, in safeguarding the national network space security play a role.

The main threat of network security in large data age

In this year, Ctrip's credit card information leakage, millet Community user information leakage and OpenSSL "heart bleeding" loophole, and other events, there has been a large number of user information data stolen, resulting in user network bank accounts were invaded events and so on. These incidents occurred in individual users, if the national financial, government and other relevant departments of the data platform system encountered similar events, the consequences of unimaginable, to the national network security caused by the loss will be unprecedented huge. In the era of large data, the network security of our country is confronted with multiple security threats.

First, network infrastructure and basic hardware and software system controlled. Large data platform relies on the Internet for the government, enterprises and the general public to provide services. However, there are some uncontrollable factors in the Internet from the infrastructure level. For example, the domain name resolution system (DNS), as one of the internet infrastructures, makes it easy for people to access the Internet without having to memorize complex IP address strings. In January, tens of millions of netizens were unable to access the site for several hours because the DNS root server was compromised. The root server is the foundation of global DNS, yet the global total of 13 root servers are all abroad and controlled by the United States. In addition, the basic software and hardware system of large data platform in our country has not fully realized autonomous control. In the implementation of core hardware and software of important information systems such as energy, finance and telecommunication, the related products such as servers and databases are occupied by foreign enterprises. Therefore, our country's information flow is currently through the foreign enterprise product calculation, transmission and storage. Related equipment to set more "back door", the domestic data security lifeline almost all in the hands of foreign enterprises. The 2013 "Prism Plan" highlights the importance of hardware and software infrastructure to our data security and even national security.

Second, the site and the application of loopholes, the back door emerging. In recent years, due to the vulnerabilities of Web sites and application systems and the frequent occurrence of major security incidents caused by backdoor, all these three cases belong to this category. According to the Statistics of Safety Inspection Service of Chinese security Enterprise website, up to 60% of our website has security loophole and backdoor. It can be said that the Web site and application system vulnerabilities are one of the biggest threats to large data platforms. However, the security situation of such systems is not optimistic and there are many loopholes in the application of all kinds of large data industry in China. More worrying is that the various types of Web site vulnerability repair situation is unsatisfactory.

Third, the system problem, the network attack means richer. Among them, terminal malware, malicious code is one of the main means that hackers or hostile forces attack large data platform and steal data. Cyber-attacks are increasingly being launched from the terminal. Terminal penetration attacks have also become the main mode of cyber warfare among nations. The famous attack on Iran's nuclear facilities, for example, is the use of Windows operating system vulnerabilities to invade a specific terminal, infiltration of Iranian nuclear power plant inside the local area network to destroy the Iranian facilities. In addition, high-level persistence threats for large data platforms (Advanced persistent Threat, apt) are very common, which is a way to circumvent the various traditional security detection measures, to steal the core information of network information system and all kinds of intelligence. For example, the Aurora attacks on more than 30 High-tech companies such as Google are in this column. Apt attack combines social engineering, horse-hanging, 0day loophole, deep infiltration, long-term latent, concealment and other characteristics, very destructive, is the main means of network warfare in the future, but also to China's network space security is the most harmful way of attack. In recent years, there is a growing number of apt attacks with national and organizational backgrounds, and there is no doubt that large data platforms will be the main targets of apt attacks.

Against large data platform security threats with large data technology

From the above analysis, for the large data platform for this important goal of the network attacks, the technical means of the advanced, complexity, concealment and continuity, as well as the support behind the power, has been beyond the traditional network security technology to cope with the ability. The global network security industry is studying the new technology system to deal with this kind of advanced threat, and the big data technology becomes the important aspect. Domestic network security company represented by 360 companies, has been using large data technology to provide a variety of network security services, which will enhance the security of large data platforms, enhance the security of national network security space defense capabilities to provide strong support.

Using large data technology to deal with DNS security threats, actively promote the basic software and hardware autonomous control. Taking DNS as an example, as an Internet infrastructure, our country should first actively strive for the operation and management of the domain name server and construct a complete security system. The domestic Internet security enterprises, including 360 companies, should actively undertake social responsibility and actively promote the security of the next generation domain Name service. In addition, we should actively use large data technology to develop high-performance, anti-attack security DNS systems. Relying on large data technology to establish DNS emergency disaster preparedness system, caching global DNS system at all levels of data. You can also use large data from DNS resolution to analyze network attacks.

In spite of the country's promotion and industry participation, China has achieved some success in the research and development of the independent and controllable basic hardware and software products. If Fudan University has successfully developed a new basic microelectronic device for the semi-floating gate transistor, 2011 China has successfully self-developed 8 core CPU godson 3B streaming tablets. However, because our country started late in this field, in the large data age, to the operating system, such as the nationalization of basic hardware and software and independent intellectual property, still need the government's promotion, enterprise input and scientific research institutions to participate, it is necessary to rely on large data technology to achieve research and development data sharing.

The use of large data technology to protect the site attacks, locate the source of the attack. On the one hand, develop and optimize the website Guardian service. Our country security company has launched the corresponding website security Guardian service for the website loophole, the backdoor and so on, can use the Big Data platform resources, helps the website to realize to all kinds of application layer intrusion, the DDOS/CC traffic type attack, the DNS attack security protection, simultaneously provides the website acceleration, the cache, the data analysis and so At the same time, through the analysis of large log data, we can find a large number of new site attack features, web site vulnerabilities and so on. On the other hand, through the analysis of large log data, it can further help us to trace the source of site attack, get hacker information, provide valuable clues for public security department.

The use of large data technology to prevent terminal malware and special Trojans, detection and defense of apt attacks. Cloud security system based on large data and cloud computing technology can support the special Trojan Attack of terminal. At present, the security companies in our country are already national security Bureau and other relevant departments to provide support, the use of its cloud security system of large data resources to help departments concerned to analyze the location of the special Trojan Horse distribution, the target terminal infection, as well as analysis of the same-origin special Trojan, for the relevant departments to provide strong support for the work.

In order to counter apt attack, we can use large data analysis technology to develop apt attack detection and defense products. Such products can be in large time window to the enterprise internal network for full traffic mirroring, large data storage is realized for all network access requests, and the network access behavior is modeled, correlated analysis and visualization, and the abnormal network access request behavior is detected automatically, and the apt attack process is traced and located.

In addition, China should also establish a national-level apt protection linkage platform. At present, in view of China's political, economic, military, people's livelihood and other key industries of information systems, a variety of organized, systematic apt attack is increasingly intensified, China's network space security is facing a huge threat. But at the same time, the important information system in our country has the characteristics of isolation and isolation, and it is difficult to form the effect of association synergy and comprehensive defense for apt attack. Therefore, on the basis of deploying APT attack detection products in each important Information system unit, it is necessary to establish the national-level apt protection linkage platform, gather the security incidents and the attack behavior data of the APT protection products which are deployed in different government departments and important information systems, and carry out large data analysis and mining. In order to form a national level for apt attack comprehensive detection, protection capabilities.

The suggestion of network security in the era of large data platform

In view of the strategic value of large data resources in national security, in addition to the basic hardware and software facilities, network attack monitoring, protection and other efforts, for domestic large data services and large data applications have the following suggestions.

Conduct national network security audits of major data applications or services. For the important data application or service involving the National livelihood and the government, it should be included in the country's network security Review, as soon as possible to establish a clear safety assessment norms to ensure that these large data platforms have strict and reliable security measures to prevent hackers, hostile forces invade and steal data.

Rational constraints on the use of social networking tools by sensitive and important departments. Government departments, central enterprises and important information systems units should avoid, limit the use of social networking tools as a daily office communication tools, and the Office of Mobile Terminals and personal mobile terminals isolated to prevent the state of important and confidential information leakage.

Sensitive and important departments should be cautious about using Third-party cloud computing services. Cloud computing Services is the main carrier of large data, more and more government departments, enterprises and institutions to the E-government, enterprise business system based on the third party cloud computing platform. However, due to insufficient safety awareness, lack of security professional technical force, and security measures are not in place, the third party cloud computing platform itself security is often not guaranteed. Therefore, the Government, the central enterprise and the important Information system units, should use the third cloud service carefully, avoid the use of public cloud services. At the same time, the State should promulgate the relevant norms and standards of cloud service security assessment and testing.

To strictly monitor and restrict the cross-border movement of data by foreign institutions. For foreign institutions in the domestic provision of large data-related applications or services, should be more stringent network security audits, to ensure that their data stored in the internal servers, strictly limit the cross-border flow of data.

SOURCE Link: Zhou: Large data technology against large data platform security threats (Zebian/Zhonghao)

CSDN invites you to participate in China's large data award-winning survey activities, just answer 23 questions will have the opportunity to obtain the highest value of 2700 Yuan Award (a total of 10), speed to participate in it!

National Large data Innovation project selection activities are also in full swing, details click here.

The 2014 China Large Data Technology Conference (Marvell conference 2014,BDTC 2014) will be held at Crowne Plaza Hotel, New Yunnan, December 12, 2014 14th. Heritage since 2008, after seven precipitation, "China's large Data technology conference" is currently the most influential, the largest large-scale data field technology event. At this session, you will not only be able to learn about Apache Hadoop submitter uma maheswara Rao G (a member of the project Management Committee), Yi Liu, and members of the Apache Hadoop and Tez Project Management Committee Bikas Saha and other shares of the general large data open source project of the latest achievements and development trends, but also from Tencent, Ali, Cloudera, LinkedIn, NetEase and other institutions of the dozens of dry goods to share. There are a few discount tickets for the current ticket purchase.

Free Subscribe to the "CSDN large data" micro-letter public number, real-time understanding of the latest big data progress!

CSDN large data, focus on large data information, technology and experience sharing and discussion, to provide Hadoop, Spark, Impala, Storm, HBase, MongoDB, SOLR, machine learning, intelligent algorithms and other related large data views, large data technology, large data platform, large data practice , large data industry information and other services.