Software defined security -SDN\/NFV new network security secrets

IDS入侵检测系统在宣钢网络中的部署

编者按
本文系SDNLAB技术分享系列,我们希望通过SDNLAB提供的平台传播知识,传递价值,欢迎加入我们的行列。
The SDNLAB technology share series, we hope that the value provided by SDNLAB platform for the dissemination of knowledge, transfer, welcome to join us.
分享嘉宾刘文懋,博士,绿盟科技创新中心总监,清华大学博士后。长期从事云计算和SDN领域的安全研究,关注Openstack和Opendaylight为代表的新技术与网络安全结合出现的新挑战和新机遇,著有《软件定义安全-SDN/NFV新型网络的安全揭秘》。兴趣点还包括基于威胁情报的数据分析和物联网安全。
Liu Wenmao, Ph.D., director of the center for innovation and technology, Tsinghua University. Safety has long been engaged in research field of cloud computing and SDN, new technology and network security concerns Openstack and Opendaylight as the representative of the combination of new challenges and new opportunities appear, the author of software defined security model -SDN\/NFV network security secret. Interest points also include data analysis based on Threat Intelligence and Internet security.
1. 大背景
1 major background
1.1 SDx背景
1.1 SDx background
我比较喜欢用这张图作为开场白,在数据中心中,计算和存储的发展非常快,但是网络相对而言还是比较初级。这一点从Opentack的nova和neutron组件的成熟度可以看出来。
I love this picture as a prologue, in the data center, the development of computing and storage is very fast, but the network is still relatively junior. This can be seen from the maturity of the Opentack and neutron components of nova.
不过,SDN和NFV这些新的网络技术的出现为网络运维自动化带来了新的方向,通过控制平面的集中管控和虚拟网络资源的灵活管理,可以最终实现SDDC(软件定义数据中心)。
However, SDN and NFV of the new network technology has brought the new direction for network operation and maintenance of automation control, through flexible management of centralized control plane and the virtual cyber source, can achieve SDDC (software defined data center).
不过在云计算中,作为用户最关心的安全问题却在影响整体应用的成熟度。目前安全设备的交付、配置和运营等很多方面都需要人工参与,在虚拟化系统中还勉强ok,但在大规模的云计算数据中心就力不从心了。
However, in the cloud, as the user is most concerned about the security issues affecting the maturity of the overall application. At present, safety equipment delivery, configuration and operation of many aspects need artificial participation in virtual systems barely OK, but the data center computing in large-scale cloud too.
反过来说,SDN和NFV的先进特性确实也给安全防护带来了想象空间,利用NFV的弹性、快捷可以快速部署大量的虚拟化安全设备,满足突发流量的防护;利用SDN的全局视野、快速流量调度就能实现防护快速生效。所以看待事物要客观,知利知弊。
On the other hand, the advanced characteristics of SDN and NFV did give security brings imagination, the use of NFV elastic and fast fast deployment of virtualization security equipment large, meet the door burst traffic; realize rapid protection effect by global vision, SDN can fast flow scheduling. So look at things to be objective, know the advantages and disadvantages.
1.2 安全背景
1.2 security background
随着互联网/移动互联网的发展,层出不穷的安全事件成为个人/企业/国家面临的巨大挑战。就个人而言,信息泄露、电信诈骗引发了很多社会事件;就企业而言,敏感数据外泄,DDoS即服务,勒索软件肆虐造成了巨大的损失;就国家而言,网络部队攻击造成的如伊朗核设施遭到破坏,甚至影响美国大选。
With the development of Internet \/ mobile Internet, security incidents become the personal \/ business \/ emerge in an endless stream of countries will face enormous challenges. Personally, information disclosure, telecommunications fraud has caused a lot of social events; in terms of the enterprise, the leakage of sensitive data, DDoS service, ransomware raging caused huge losses to the state, the army; network attack by the destruction of nuclear facilities such as Iran, and even influence the election.

近年来重量级的安全事件不绝于耳,如Target丑闻到Hacking Team武器库曝光,可以看到安全攻击呈现两种趋势:大规模杀伤性武器/核爆炸型攻击和特种部队型攻击。前者是如利用一个新发现的普遍使用的基础设施漏洞(如SSL心脏滴血漏洞)做全互联网层面的快速扫描、确定受害者和实施攻击,整个事件不超过72小时;后者是指针对重要的商业、政治目标,使用未公开的零日漏洞、有针对性的社会工程诱骗等一系列高级手法,自外向内一步步渗透,最终破坏系统或窃取重要数据。
网络信息安全好歌曲
In recent years, heavyweight security incidents such as Target to Hacking can be heard without end, scandal Team Arsenal exposure, you can see the security attacks showed two trends: WMD \/ nuclear explosion attack and special forces attack. The former is such as the use of a general use of the newly discovered vulnerabilities of infrastructure (such as SSL bleeding heart vulnerability) to do the whole Internet level rapid scanning, identify victims and attack the whole incident, not more than 72 hours; the latter is a pointer to an important commercial, political objectives, the use of undisclosed vulnerabilities, the zero day the social engineering trick and a series of advanced techniques, from the outside to the inside of a step by step penetration, eventually destroying the system or steal important data.
这两种攻击手法不尽相同,但危害巨大。广谱的大规模攻击虽然原理简单、方法公开,但要赶在攻击者之前分析漏洞、提出解决思路、应用到安全产品、完成测试,到最后的投放更新,要在小时级做到响应,72小时内做到全部更新,在现有的安全体系下是非常有挑战性的。而定向的高级威胁更麻烦,需要在无数流量数据、日志信息中找到蛛丝马迹,了解攻击者的意图(TTP),无异于是大海捞针。更不用说攻击者还利用了多种攻击手法,可以绕过单个安全设备的防护。所以就legacy的安全防护体系,做到防护APT攻击,无疑是难上加难。
These two methods of attack are not the same, but great harm. Although the broad spectrum of large-scale attacks is simple in principle and method, but to catch the attackers before analyzing the vulnerabilities, puts forward the solution and applied to the safety products, complete the test, to put the last update, to do in the hours response within 72 hours, do all the updates in existing security systems is very challenging. While advanced threats directed more trouble, need to find traces in numerous traffic data, log information, understand the attacker’s intention (TTP), tantamount to look for a needle in the ocean. Not to mention the attacker also uses a variety of attack techniques, you can bypass the protection of a single security device. So the safety protection system of legacy, do the protection of APT attacks, is undoubtedly difficult.
以上是大背景,即云计算给安全防护带来了挑战,网络空间的大背景又告诉我们安全防护已经跟不上攻击者的步伐了;同时,云计算的先进理念给安全防护带来了宝贵的方向,其先进技术也给安全防护带来了很好的工具设施。
与其心存侥幸,不如及早预防。对员工进行信息安全意识培训,可有效减少金钱和信誉的损失。

The above is the background that cloud computing brings challenges to the security, background of the network space and tell us the security has not kept up with the pace of the attackers; at the same time, bring valuable direction of the advanced idea of cloud computing to the security, its advanced technology for safety protection has a very good tool facilities.
2. 软件定义安全
2 software defined security
2.1 理念
2.1 ideas
“软件定义安全”这个词是Garnter最早提出来的,分析师Neil在《The Impact of Software-Defined Data Centers on Information Security》一文中给出了定义:
The word software defined security was coined by Garnter Neil, analysts defined in The Impact of Software-Defined Data Centers on Information Security in an article:
不过需要明确的是,“SDN/NFV安全”和“软件定义安全”不是一个概念,请大家不要将两者混为一谈,前者是新的网络技术的自身安全问题,后利用新的网络技术实现更多的防护功能,如自动化调度流量、安全服务链;而后者其实并非是一种技术,而是一种思想或一种体系架构,强调通过软件化的安全应用和安全控制平台,集中控制、智能决策和敏捷响应,以解决以往安全设备简单堆叠不能抵御频复杂、高级的安全威胁。当然两者也是有联系的,借助SDN/NFV的技术可以使软件定义安全更快落地。
But to be clear, SDN\/NFV and software defined security is not a concept, please don’t be confused between the two, the former is the new security problem of the network technology, using new network technology to achieve more protective functions, such as automatic scheduling of traffic flow and safety service chain; the latter is not is a kind of technology, but a thought or an architecture, emphasizing the platform security applications and security control by software, centralized control, intelligent decision-making and quick response, in order to solve the traditional security equipment simple stack can not resist frequency complex security threats. Of course, there is also a link between the two, with the help of SDN\/NFV technology can make the software defined safe landing faster.
2.2 架构
2.2 architecture
其实分析师是高屋建瓴的提出了理念,具体实现学术界、工业界每家众说纷纭。例如NDSS’13上有篇文章介绍FRESCO,其结构如图4.2所示。
In fact, analysts are put forward sweep down irresistibly from a commanding height concept, realization of academia and industry each Public opinions are divergent. For example, there is an article on the FRESCO NDSS’13, the structure shown in figure 4.2.
图中主要的扩展内容都部署在SDN的控制平面,维持了原有数据平面功能的单一性,避免给数据平面造成新的负担。图示中的模块(Module)用于实现基本安全动作(例如检查TCP连接是否成功、数据包分析、数据流重定向等),利用FRESCO提供的脚本语言可以将这些基本模块进行自定义组织,形成一个完整的动作链,即为图中的实例(instance)。实例利用事件(event)作为输入触发相应模块的功能,事件有可能由FRESCO系统中的模块产生,也有可能由传统安全设备产生。当事件发生时,根据由角本自定义的实例,几个模块组织在一起形成一系列的安全动作,通过集成在网络控制器内的安全执行内核SEK(FRESCO Security Enforcement Kernel)实现,FRESCO应用层的能力呈现都需要控制平面的功能扩展SEK予以支持。
The main contents of expansion graph are deployed in the control plane of SDN, to maintain the unity of original data plane function, to avoid new burden to the data plane. This module (Module) for the realization of the basic safety action (such as checking TCP connection is successful, packet analysis, data flow redirection etc.), using FRESCO scripting language can be the basic module of custom organization, to form a complete chain of movements, as examples in figure (instance). Examples of the use of the event (event) as the input triggers the corresponding module function, events are likely to be generated by the FRESCO module in the system, there may be produced by traditional security equipment. When the event occurs, according to the custom of the angle by example, several modules together form a series of safety action, through the implementation of core SEK in the network security integrated within the controller (FRESCO Security Enforcement Kernel), FRESCO application layer shows the need to extend SEK to support the function of control plane.
FRESCO系统的实现方案中实验了安全设备模块化分和重组,不同厂家的安全功能被封装成基本安全模块,利用角本对简单基本的安全动作进行组合,可提供复杂的安全功能,这在一定程度上验证了安全功能分解和重组的可行性和优势,使安全公司或SDN网络安全服务提供商可以快速开发基于SDN的安全产品和服务。这种程序化、自动化的响应过程是一种软件定义安全的实现,能减轻安全运维负担,根据文中评估结果,这种方案也极大的减少了代码量,虽然处理过程增加了响应时间,但整体时延较小。
Implementation of FRESCO system in the safety equipment modules and restructuring, safety functions of different manufacturers are encapsulated into the basic security module, using the angle of safety action simple combination, can provide a security function complex, which verifies the feasibility and advantage of the safety function decomposition and recombination in a certain extent. The security company or SDN network security service provider can quickly develop security products and services based on SDN. The response process procedures, automation is the implementation of a software defined security, security can reduce the maintenance burden, according to the evaluation results in this paper, the scheme can greatly reduce the amount of code, although the process increases the response time, but the delay is small.
FRESCO采用了安全应用与网络控制器紧耦合的方式,需要在网络控制器NOX上增加安全执行内核(Security Enforcemnet Kernel),安全能力作为SDN应用部署在控制器上也使安全应用过于依赖控制层环境,较难实现迁移复用;并且上层应用产生安全策略可能导致与控制层上其它应用下发的策略冲突。所以在工业界需要一个开放的安全体系,能与SDN或其他控制平面松耦合。即便网络用的是overlay,或是underlay,即便是vlan组网,或是vxlan,即便是这个,或是哪个,安全控制平台只关心SDN控制器调度流量的语义:将从A到B的流量牵引/阻断/镜像到C处,这样就大大简化了安全方案,也提高了其灵活性。
FRESCO uses a security application and network controller tightly coupled mode, need to increase the implementation of safety kernel in the network controller NOX (Security Enforcemnet Kernel), security ability as SDN application deployment on the controller also makes the security application control layer is too dependent on the environment, difficult to realize reuse and application migration; security strategy may lead to policy conflicts with the control layer on the other application issued. So the industry needs an open security system that can be loosely coupled with SDN or other control planes. Even if the network is used in overlay, or even underlay, VLAN network, or vxlan, even this, or what, only care about the security control platform of SDN controller scheduling flow: semantic flow from A to B to C \/ block \/ traction mirror, this greatly simplifies the security plan. It improves its flexibility.
我这边提的架构是这样的:
That’s what I’m talking about:
安全架构最终最重要的是安全控制平台,地位相当于sdn控制器,执行所有的安全核心功能,如资源管理、日志分析、网络控制、服务编排等,其中资源管理组件与安全资源池对接,各种各样的安全设备提供安全能力,而非独立的安全盒子;服务编排组件可以支持多个安全应用的安全策略共同作用于某个被防护主体上。同时控制平台可调用SDN控制器的北向API将流量牵引到相应的防护设备上,也可以调用云平台的API去获取租户、虚拟机等资产的信息。
The most important is the ultimate security architecture security control platform, equivalent to the status of the SDN controller, the implementation of security of all core functions, such as resource management, log analysis, network control, service choreography, docking assembly and secure resource pool management among all kinds of safety equipment to provide safe, rather than independent safety box security strategy; service choreography component can support multiple security applications together in a door body. At the same time, the control platform can call the SDN controller to API will flow north traction to the corresponding protective device, you can also call the API cloud platform to get tenants, virtual machines and other information assets.
当然,别家的方案更不一样,如华三、启明也有自己的方案,大家可自行参阅。
Of course, another scheme is not the same, such as Hua three, Venus also has its own program, we can refer to.
2.3 案例:Web防护
2.3 case: Web protection
以往企业通过WAF(Web应用防火墙)怎么防护网站呢?往往需要花费几个月的时间进行售前沟通、招标、下单,然后厂家发货,到货后由工程人员加电、配置、测试,最后进行日常运营。整个过程时间开销很大,配置繁杂。如果我们引入软件定义安全的体系后,就可以将这一切变得简单。
In the past through WAF (Web application firewall) how to protect the site? It often takes several months to carry out pre-sale communication, bidding, orders, and factory shipments, after the arrival of the power by the engineering staff, configuration, testing, and daily operation. The whole process is very expensive and complicated. If we introduce a software defined security system, we can make it simple.
假设我们有一个与Openstack、SDN控制器(Floodlight、ODL…)集成的安全控制平台,并且开发了一个Web安全应用。那么用户只需要登录到Openstack平台上,点击安全应用,将WAF拖动到被防护VM,此时安全应用做了什么事情呢?
Suppose we have a SDN controller, and Openstack (Floodlight, ODL…) security control platform integration, and developed a Web application security. So users only need to log on to the Openstack platform, click on the security application, WAF will drag the protected VM, at this time what security application?
首先,安全应用通过控制平台,快速部署了若干个虚拟WAF,然后通过SDN控制器将原来直接到VM的流量牵引到了相应的虚拟WAF,并将WAF输出口的流量牵引到相应的目标VM,最后安全应用向防护虚拟WAF下发防护策略,告知其部署模式、防护网站等一系列信息。
First of all, through the application of security control platform, the rapid deployment of a number of virtual WAF, and then through the SDN controller will be the original directly to the VM flow traction to the virtual WAF corresponding to WAF, and output flow traction to the corresponding target VM, finally to the safe application of virtual WAF protection issued protection strategy, to inform its deployment the protection mode, and a series of information website.
可见,通过自动化的安全控制平面,可以将以前费时费力的安全运营变得高效简单,这与SDN的初衷是一致的。
Obviously, through the security control plane can be automated, safe operation before time-consuming becomes simple and efficient, the original intention is consistent with SDN.
回到我们开头的话题,如果攻击者进行广谱扫描尝试攻击时,用户只需要租用短期的Web防护就能抵御这些攻击,现在大的安全厂商(比如绿盟^_^)能够在小时级做云端应急响应,快速将防护规则推送给在线的WAF,使用在线补丁就能防护住所有利用这个漏洞的恶意攻击。
We go back to the beginning of the topic, if the attacker tries to attack scan spectrum, users only need to rent Web protection can be short-term against these attacks, now major security vendors (such as NSFocus ^_^) can do the cloud in the hour of emergency response, rapid protection rules pushed to the online WAF, online patch can protect lives all the malicious attacks using this vulnerability.
当然这里还有很多问题需要研究,比如要考虑这个设备部署位置的优劣、资源调度、处理性能等一系列问题。
Of course, there are many problems need to be studied, for example, to consider a series of problems of the equipment deployment location advantages, resource scheduling, performance etc..
另外在开头的另一个抗APT的场景中,防守方可以通过多安全设备或安全机制的协同进行快速防护,那么可能多安全应用及多安全设备的编排,除了旁路虚拟流量分析设备外,需要串联一个虚拟IPS,可能还需要再旁路一个文件沙箱,数据包流向序列、安全策略下发什么、下发到哪里,如何保证多个安全应用下发的策略一致,这就涉及到安全服务链。这又是偏学术的大话题了,不做详述。
In another scene at the beginning of the anti APT, collaborative defense can through the safety or security mechanism for rapid protection, so many security applications and security equipment arrangement, in addition to bypass the virtual flow analysis equipment, need a series of virtual IPS, it may still need to bypass a file the sandbox, packet flows sequence, security policy issued, what is sent to where, how to ensure the security application under the same strategy, which relates to the security service chain. This is the hot topic in the academic side, is not discussed in detail.
2.4 落地:安全资源池
2.4 landing: security resource pool
另外一个很经典的问题就是这个虚拟安全设备部署在计算节点里面,靠近被防护VM,还是部署在专用的安全节点上?前者的好处是不需要额外的带宽,可以重用计算资源,缺点是需要hypervisor层面的服务链和引流API,并且可能将安全运营和业务运营搞在一起,容易出问题;后者的好处是给安全划分了独立的区域,安全运营相对独立一些,只要将流量牵引出来,就可以在安全节点内部做按需的服务编排,安全厂商是完全可控的,但坏处是流量外引和回注需要额外的带宽,安全节点拓扑上不能部署太远。具体使用哪种方式,跟云服务商的安全集成难度有关,跟云服务商的安全需求有关,跟安全厂商的方案也有关。
Another classic problem is the virtual security devices deployed in the computing node, VM is close to the door, or on the special nodes deployed in security? The advantage of the former does not require additional bandwidth, computing resources can be reused, the disadvantage is the need to hypervisor the level of service chain and drainage API, and may be the safe operation and business operations together, easy problems; the latter is to divide the security benefits of independent regional security operations, relatively independent, as long as the it can do traction flow, arrangement of on-demand service in the security nodes, security vendors is completely controllable, but the downside is the external flow and injection require additional bandwidth, security node topology not deployed too far. Which of the specific ways, related to the security integration difficulty of cloud service providers, related to the security requirements of cloud service providers, with security vendors also concerned.
不过如上面的软件定义安全架构图所示,我们使用的是资源池方案,也就是说不管你的安全设备是物理的还是虚拟的,是硬件虚拟化还是VM,对上体现的都是安全能力. 举个例子,安全应用需要的对某个VM1的向外流量做控制,那么它将安全策略下发后,安全控制平台寻找满足要求的安全资源,最后可能找到了绿盟的下一代防火墙NF,也可能找到了天融信的防火墙,也可能找到了SDN控制器在某个虚拟交换机上下发流表,也可能找到Openstack启用安全组或FWaaS,等等。只要最终能满足对流量做访问控制,目的就达到了,这就是软件定义安全的思想:控制和数据分离、逻辑和实现分离。

谋篇开局 奋发有为 核与辐射安全监管走过关键一年

However, such as software defined security architecture shown in the diagram above, we use the resource pool plan, that is to say whether the safety equipment is your physical or virtual, hardware virtualization or VM, is the ability to reflect the safety. For example, the security requirements for a VM1 the outward flow control, then it will be issued after the security strategy, security control platform to meet the safety requirements of resources, finally may have found NSFocus next-generation firewall NF, may also find the talent of the firewall, may also find the SDN controller flow table in a virtual switch, may find Openstack security enabled or FWaaS, etc.. As long as the end can meet the access control of the flow, the purpose is achieved, which is the software defined security idea: control and data separation, separation of logic and implementation.
理想情况下,安全应用几乎不需要改变,就能适配各种云平台(当然要解决安全控制平台与云平台的API对接问题)。根据过去两年与各种主流云服务商集成的经验,我们认为在计算节点中部署虚拟安全设备是有难度的,涉及到VM驱动硬盘QGA接口等问题、二层三层流量牵引问题。要知道VMWare NSX和华为Fushionsphere的方案都是将安全设备部署在计算节点内部,但NSX历经两年才完成与Checkpoint、PANW的对接,在去年Q3以后才ready,可想而知其中艰难。所以很抱歉,我在前面说的软件定义安全架构通过松耦合对接云平台和SDN控制器的推论似乎被打脸了,现实却是很骨感:网络架构师不明白为啥安全应用要这样那样控制流量,正如网络运维团队不理解安全运维团队的各种需求一样,所以在API层面的磨合会是一个短期痛苦、长期向好的过程。
Ideally, security applications almost do not need to be changed to fit a variety of cloud platform (of course, to solve the problem of joint API control platform and cloud platform security). According to the past two years with a variety of mainstream cloud service integration experience, we believe that the nodes in the deployment of virtual safety equipment is difficult, involving problems, to VM hard disk drive QGA interface two layer three layer flow problem of traction. You know VMWare NSX and HUAWEI Fushionsphere are security devices deployed in the internal nodes, but after two years of NSX to complete the docking with the Checkpoint, PANW, ready in Q3 last year after the tough as can be imagined. I am sorry, software defined security architecture in front of me through the inference coupling joint cloud platform and SDN controller appears to be the face, the reality is very skinny: network architects do not understand why the security application to such needs as control flow, network operation and maintenance team do not understand the security operation and maintenance team, so in API the level of running will be a short-term pain, good long-term process.
企业毕竟要赚钱,安全毕竟在业务之后,所以权衡之后我们更倾向于硬件资源池的方案,做出这个选择是比较艰难的。当然在一些开放的云平台上,如Openstack/KVM/Openvswitch环境中,特别是部署如漏扫、流量分析这样偏软件层面的安全设备技术上可以说是毫无压力,所以虚拟化资源池也是OK的。
After all, the enterprise should make money, after all, in the security business, so we tend to balance the hardware resource pool, is difficult to make this choice. Of course, in some open cloud platform, such as Openstack\/KVM\/Openvswitch environment, especially the deployment of such as leak sweep, traffic analysis safety equipment and technology level of the software that is can be said that there is no pressure, so the virtual resource pool is OK.
在硬件资源池的方案中,南北向流量可以如下图所示进行处理:
In the hardware resource pool, the north-south traffic can be treated as shown below:
流量进入资源池后,根据安全需要,可以依次经过多个安全节点的虚拟防火墙、虚拟WAF和虚拟IPS等,处理完毕后进入云计算系统。东西向也是类似的,不过安全节点可以部署在每个机架上,处理该机架或邻近机架中VM的业务流量。
Flow into the pool of resources, according to the requirement of safety, can through the virtual firewall, security multi node virtual WAF and virtual IPS, processed into cloud computing system. To what is similar, but the security nodes can be deployed in each frame, the frame or traffic adjacent frame VM.
安全应用编排这部分跟SDN关系不太大了,我们现在在做一个应用商店的事情,可以将应用托管到云上,用户需要时可购买、快速部署和生效。感兴趣的群友可私聊。
Safe application of this part with SDN arrangement is not too large, we are now doing a store things, can be applied to the cloud hosting, users may need to purchase, rapid deployment and effective. Interested friends can chat.
3 To sum up:
3 sum up To:
软件定义安全不等于SDN安全,但两者有千丝万缕的关系
Software defined security is not equal to SDN security, but the two are inextricably linked
软件定义安全可以重构整个安全防护体系,特别是与大数据分析、机器学习等技术结合后,可做到对安全威胁的快速防护、快速检测、快速响应
Software defined security can reconstruct the whole security protection system, especially with large data analysis, combined with the technology of machine learning, can achieve fast protection of security threats, rapid detection, rapid response
安全资源池不仅仅适用于云环境,还可以部署在传统IT环境,其弹性、敏捷的特性可能会诞生出新的安全防护手段
Safety is not only applicable to the resource pool of cloud environment, can also be deployed in a traditional IT environment, its flexibility and agility characteristics may be born out of new security means
软件定义安全是理念,最后可能融合到NG-SOC中
Software defined security is the idea, and finally may be integrated into the NG-SOC
Q&A:
Q
Q1:这个要专用的安全设备吗?还是一般服务器就可以?
Q1: is this a dedicated security device? Or the general server?
A1:在绿盟的实现中,技术上不需要专有的安全设备,因为目前大部分都可以跑在x86平台上
A1: in the implementation of the Green League, safety equipment need not proprietary technology, because the majority can run on the X86 platform

近年的攻击趋势不再是突破网络,网络安全相对比较成熟稳定了,而是从高管下手,社交工程防范难,所以得加强高管的安全防范意识。

猜您喜欢

珲春市召开道路交通春运暨安全生产工作动员会
安全基础理论课程助力培养全民网络安全意识
安全月安全生产教育动画片——小李的一天
【健康】不可轻视疲劳!你的疲劳或许就是“慢性疲劳综合征”?
EAGLETREESYSTEMS TUMGAZETELER
信息安全基础测试

清远市安全监管局召开全市安全培训工作会议

网络信息安全工程师、主管、经理和总监们,为何在年底时写个人业绩报告很发愁呢?
为进一步加强全市安全生产培训工作,提高我市全民安全生产素质,夯实我市安全生产基础,1月5日至6日,清远市安全生产监督管理局在连南县三江镇新岩村广东省应急救援清远基地召开全市安全生产培训工作会议。
图为会议现场
会议主要传达国家安全生产培训工作文件精神,简要总结2016年全市安全生产培训工作,重点安排部署2017年安全生产培训工作。市安全监管局副局长、调研员唐宁出席会议,各县(市、区)安全监管局,连山县、连南县经济发展促进局分管宣教工作的局领导和具体负责宣教工作的同志,分管安全生产培训工作的校领导、培训机构负责人和相关人员参加了会议。
会议认为,我市近年来始终把安全培训作为安全生产工作的重要内容之一,作为安全生产提供思想保证、智力支持和能力保障的基础,不断强化认识,营造安全教育培训氛围;完善安全培训体系,基本形成培训网络体系;加强师资队伍建设,确保安全培训质量;采取灵活机动的培训方式,全面提高服务意识。

江苏冬云荣获2016年度云计算最佳安全奖

图为会议现场
会议强调,我市安全培训工作取得一定成绩的同时,也存在问题与不足:一些企业和监管部门依法培训的观念淡薄,安全培训责任落实不够到位;安全培训的工作基础还比较薄弱;安全培训的监督检查力度还不够。
会议要求,各地区、各单位要结合实际,切实有效地搞好各项培训工作,强化安全培训管理,全面提高安全培训工作的整体水平。一是适应安全生产工作需要,强化主体责任,认真落实各项培训工作。二是以严格把好安全生产考试关为手段,全面提升安全生产培训工作水平。三是认真搞好安全资格年度再培训。四是加大安全生产培训工作的行政执法检查工作力度。

特朗普称俄罗斯黑客入侵简报会将推迟

该文章作者已设置需关注才可以留言

云计算市场规模将超5000亿 厂商遭遇安全和专业性挑战

微信扫一扫关注该公众号
小南国CEO康捷:餐饮业度过低迷逐步回暖

社会大众越来越重视隐私保护,服务商为了改进服务可能会收集您的个人消费和使用习惯、位置信息等,您也要小心移动设备泄露的位置信息被坏人利用,进而给组织、家庭或个人带来不利损失。

猜您喜欢

移动金融服务中的信息安全问题实录
全民网络安全意识教育策略与资源
海外安全培训动画课件,助力国外从业人员轻松应对爆炸及恐怖事件:
马云特朗普纽约会谈小企业和消费者唱了主角
MUTLUMUTFAKLAR VAPERFEXION
刻不容缓地提升金融保险业信息安全意识