How to actively defend personal information in "streaking" big data
Since June 1, the Cyber Security Law of the People's Republic of China has officially come into force, but even if there is a law to follow, the shadow of "blackmail virus" has not disappeared in the industry. On June 9, the 2017 China Network Information Security Summit was held in Beijing, and how to build a solid network security defense line became a hot topic.
Just bought the house, opened the mobile phone, decoration information instantly "screen"; Buying tickets through websites and promoting travel insurance come one after another... With the "Internet" of daily life such as shopping, online payment and information acquisition, the frequency of privacy security violations is increasing, and the "naked running" of citizens' personal information seems to have become the norm.
Since June 1, the Cyber Security Law of the People's Republic of China (hereinafter referred to as the Cyber Security Law) has come into force. The Cyber Security Law has made clear provisions on cyber fraud, the operational security of key information infrastructure, and the establishment of cyber security monitoring, early warning and emergency response systems.
But even if there are laws to follow, the shadow of "blackmail virus" has not disappeared in the industry. On June 9, the 2017 China Network Information Security Summit was held in Beijing, and how to build a solid network security defense line became a hot topic.
Personal information is "streaking"
In the Internet era, the personal information collection mode of "leaving traces" on the Internet is everywhere. The leakage and abuse of personal information has become an unavoidable problem. Even biometric technologies such as iris recognition, fingerprint recognition and face recognition have not been spared.
"Only by finding high-definition images through Google search, you can use some iris scanning tools to attack." Zheng Fang, director of the Speech and Language Technology Center of Tsinghua University, said this, and the audience was in an uproar. He said that fingerprint recognition and face recognition are also weak in resisting attacks.
"At the World Mobile Communication Conference held in Barcelona, Spain, the reporter of the Wall Street Journal pressed the fingerprint on the soft plastic film for five minutes. After the mold was formed, a layer of plasticine was pressed to form a fingerprint film, and the iPhone fingerprint was broken after a few times of unlocking," Zheng Fang said, "Stanford University has also developed a face tracking software, which can capture users' actions and facial expressions through the camera, and then drive the target characters in the video to make identical actions and expressions, with extremely realistic effects."
Even biometrics failed to add a "security lock" to personal information, which had to remind people of the blackmail virus incident in the past, and brought lessons and reflections to network security protection.
Zuo Yingnan, Vice President of 360 Enterprise Security Group, deeply realized that China's terminal security management and vulnerability patch operation capabilities still need to be strengthened; The intranet isolation cannot be separated from each other, and the intranet also needs to establish an in-depth protection system; Network security monitoring, early warning, analysis and response lack of effective technical means and systematic emergency response mechanism
Li Jingchun, the executive deputy director and chief engineer of the National Information Technology Security Research Center, also said that at present, the network security defense technology is relatively traditional, the development of intelligent equipment is lagging behind, the real integration of network security and big data has not been fully realized, and the protection of key information infrastructure also needs to solve a series of bottlenecks.
For example, in this blackmail virus incident, "the attack chain at the attack end has been formed, but the defense end has not really formed resource integration, including the integration and sharing of data resources and intelligence resources." Li Jingchun said.
In the opinion of Shen Changxiang, an academician of the Chinese Academy of Engineering, "due to the limitations of people's understanding of IT logic, we cannot exhaust all combinations. We can only design IT systems by completing computing tasks. There must be defects in logic, which makes it difficult to respond to attacks made by people using defects."
Trusted Computing Opens the Era of Active Defense
In the field of Internet, security is an eternal theme. In Shen Changxiang's view, the passive defense of "the old three" blocking, checking and killing has become outdated, and network security protection must take active immune protection measures, and carry out technological innovation from logical correct verification, computing architecture and computing mode to solve the problem that logical defects are not used by attackers, thus forming a unity of defense and attack contradictions.
Shen Changxiang said that big data is a trusted computing environment with password protection. It needs trusted boundary and secure and trusted protection, and more importantly, it needs a management center for security management. Only by building such a security management system can we deal with various vulnerabilities.
He believes that just like a newborn baby, if it has no immune system, it is easy to get sick. Big data loopholes can never be completely blocked, and using trusted computing to increase independent immunity is the way out for big data security in the future.
"Only using trusted computing can not be used by attackers, that is, using China's trusted technology to solve security problems with its own innovative technology for core key facilities." Shen Changxiang said, "This can achieve the effect that attackers can't get in, even if they get in, they can't get things, even if they get them, they can't understand and change them."
Trusted computing means that security protection is carried out while computing, so that the whole process of computing can be measured and controlled without interference. Only in this way can we change the one-sided computing mode that only focuses on computing efficiency, not security protection.
Shen Changxiang said that the computing model and structure of credible immunity is a new computing model of active immunity with both computing and protection. It uses passwords as genes, implements identity recognition, status measurement, confidential storage and other functions, timely identifies "self" and "non self" components, thereby destroying and rejecting harmful substances entering the mechanism, It is equivalent to cultivating immunity for computer information system.
"To implement the architecture of a secure and trusted system, we must conduct trusted measurement, identification and control to ensure that the architecture, resource allocation, operational behavior, data storage and policy management are credible." Shen Changxiang added that to solve big data security problems from the root, we must build a defense system supported by security management. For example, if the data source does not collect the garbage data according to the agreement, it will dispose of the previously discarded data; Then conduct logical operation, mining, and evaluation of its laws, face applications, support expression, and produce products.
Situation awareness becomes the focus of network security construction
For the foundation and technology of security big data, Li Jingchun pointed out several research directions, such as threat intelligence and information sharing, situation awareness and early warning, threat analysis based on machine learning, Internet public opinion intelligence early warning, etc.
Among them, situational awareness is considered to be the focus of network security construction. Zuo Yingnan said that active defense emphasizes the participation of people. Through continuous detection, people actively consume threat intelligence to obtain the current security situation, so as to take action against attackers.
Network security situational awareness is an environment based, dynamic, and overall ability to understand security risks. It is a way to improve the ability to discover, identify, understand, analyze, and respond to security threats from a global perspective based on security big data. It is ultimately for decision-making and action, and is the landing of security capabilities.
Zuo Yingnan believes that in the early stage of development, due to the misunderstanding of situational awareness, data and security analysis capabilities, many situational awareness are reduced to "map cannons" for presentation and reporting. Users found that there is still a big gap between the capabilities and expectations of these systems in the process of use, and did not really solve the security problem.
In the second half of last year, through the joint efforts of the industry, enterprise users and network security enterprises, users gradually had some common understanding of the implementation of situational awareness in security operations, and such systems and systems based on situational awareness began to gradually become practical.
Zuo Yingnan also proposed three elements for the implementation of situational awareness: data is the basis, disposal is the key, and personnel are the guarantee. The experts at the meeting also pointed out that on the one hand, the situation awareness system should have the ability to collect all element data as much as possible. In addition to asset information, system logs, and security equipment logs, it should also collect terminal data and network traffic data. On the other hand, threat intelligence should also be used in large quantities. The use of threat intelligence is also critical to reduce the noise generated by garbage data and improve the efficiency of threat detection.
