Cloud & Telecom Security

转载一篇网络世界黄海峰先生关于网络安全跨入云时代的文章，介绍了最近的电信网络安全论坛上极为演讲者的最新观点。->

据了解，截止到今年九月末，我国的互联网网民数已经达到了3.6亿，其中互联网宽带用户达到了近1亿，互联网应用已经广泛地渗透到社会生活的各个领域，互联网安全的重要性日益突出。而3G时代的到来、全业务的到来，网络安全需求全面提升。

在11月初的“2009第四届通信行业网络信息安全峰会”上，政府相关主管部门、各大运营商、产业界人士共同探讨2009通信行业网络信息安全最新趋势、分享最新实践和思考，共同促进通信行业网络信息安全工作，保障和支撑3G与全业务运营深入发展，进一步提升通信信息服务品质、安全性与客户体验。 Read more…

美国NationalJournal发表文章，总结描述了美国政府官员关于网络战的很多意见。摘录如下，供大家参考。

McConnell，前任美国情报局长，网络战权威，提出“计算机网络攻击”是一个技术词汇，而实际上它造成的杀伤力远远不止计算机网络，而是针对敌方的现实世界。他还强调说网络战的威力甚至可以与核弹相比，针对电力、交通、银行金融系统等的网络攻击造成的杀伤力不亚于核弹。

渗透电话系统只是网络战武库中的一小部分，或许也是最轻量级的。美国国家安全官员还有总统本人都比以往更加关注能够摧毁敌方电力系统、金融系统、或者劫持空中交通控制系统等计算机病毒或恶意软件。

虽然都在抱怨网络战专家人手不足，但是陆军、海军、空军以及海军陆战部队都有自己的网络空间作战小组，他们能够处理攻击和防守任务，互相竞争，都想控制军方的整体战略。现在看来，他们可能都要想新履任的网络战司令部司令Alexander汇报了。
文章提到令亚历山大认为，非常需要像“门罗主义战略”那样清楚地定义一组利益和行动步骤，并由政府执行来保护美国。

美国国防情报局首席技术官Bob Gourley说：“我们已经有美国自己的网络空间勇士部署在海外，并和海外的对手保持直接的接触。这些专家生活在对手的网络中，不用交换计算机破坏指令而侦察外国网络。就像同一水域的两艘船，彼此知晓对方的存在，但并一定碰撞或相互开火”。

McAfee Labs的安全研究和通信总监Dave Marcus提出：“你可以分析攻击代码，改变它，然后你自己可以使用它或者用以对付下一次攻击。” 从这个谈话角度理解，McAfee Labs应该参与了至少部分网络空间战的研究或开发等项目。 Read more…

By this acquisition, HP enters enterprise networking market with strong threat management product line from Tippingpoint.

The vulnerability and threats research of DVLabs will greatly improve HP’s capability and image at these areas, so that HP’s competition against IBM will become more effective.  X-Force of ISS is one of the critical advantages of IBM over HP, at overall one-stop IT arena.

Historically, after the acquisition of an independent security company, their selling model and focus will change to more aligned with major businesses.  As for HP’s scenario, their security product lines, including the IPS/UTM, focuses on their global enterprise customers and outsourcing partners.  The security department, mostly, will lose some momentum to find and obtain new customers, instead, they will be more interested at existing customers, bundled within other bigger IT/service orders. Read more…

Actually, the whole thread was originated with a message at discuss@securitymetrics.org “Request for ideas” by Dimitrios Stergiou. Dimitrios likes to have some recommendations for his master program. By a sudden idea, I dropped him a message to recommend him to work on this true or false problem at security metrics.

It’s true or false: 70% of security incidents are due to insider threats?
I just read one book, “The New School of Information Security”, by Adam Shostack, Andrew Stewart, Addison-Wesley, 2008, where I found one interesting argument by the authors. The authors doubt the statement that 70% of security incidents are due to insider threats. You know, many consultants and books, articles regard this statement as one basic hypothesis at security. What’s your idea about it?

Completely a surprise, I found Adam, Andew, Dan and many experts jumped in to this discussion thereafter. A lot of fresh ideas emerged at discussion threads. In order to get more experts into this topic, I submitted a discussion at SecurityMetrics group, LinkedIn.

This RSA/IDC report has some information related to this topic – Insider Risk Management: A Framework Approach to Internal Security(Thanks to Hammud).  It is a good reference. In summary it told us two things that: Read more…

That’s an excellent post on the vision of WAF and vulnerability assessment. I agree to the points that “accuracy” should be the top priority of remote web assessment and integration between VM and WAF.

However, this gives us another hint – we need a commonly adopted standard format to exchange the message – similarly what the industry did on IDMEF before. It’s not an optimistic goal from historical perspective. So in short term, before that standards, integration inside one single vendor and product alliance will be the pioneer on the automation/ integration between VM+WAF.

导读：国外媒体今天载文称，尽管百度在中国互联网搜索市场具有主导地位，但在国际市场的份额却小得多。其面临的挑战之一是，如何在国际市场取得一席之地。百度希望首先在亚洲市场挑战谷歌和雅虎。以下为文章全文： Read more…

今天我们来关注一起令人难以置信的事情，一位北京大学的医学教授，因为种种蹊跷的原因，最后竟然死在了北京大学第一医院的手术室里。

死者就是照片上这位女士，她叫熊卓为，是北京大学的一位医学教授，在北京大学第一医院心血管研究所任研究员，她关于脂蛋白的研究，获得了2个国家自然科学基金。这位研究成果丰硕的北大医学教授，可能从来不会想到，她的生命竟然因为许多人为原因终结在北大第一医院，而这里正是她生前从事研究和工作的地方。 Read more…