Two basic kinds of online websites are online banks and online games. Unlike what we were doing for traditional system security, we must take care of both front-end servers and customers’ applications. Yeah, customer’s desktops and applications! A lot different!
No matter what mode is, C/S or B/C, we need to make sure both careless users and vulnerable applications are in good security posture. This brings by far tough challenges to security team. Un-registered game server(SiFu in Chinese), phishing website , Cheating Program(WaiGua in Chinese ), variable trojans, leaked password, or compromised users’ system , lots of servers reside in distribute IDCs , different operating systems and applications , all of this make security mess up .
Here is an economic way for your reference. Read more…
The traditional security products, including firewall, IDS, and anti-virus are very familiar to us. They are occupying most of security market share. And we know the UTM, IPS, and SOC are the ongoing stars. However, what’s about the future? From the view of ISO/OSI model, we know we have done too much on the network layer; we had focused on this layer and developed lots of products based on it.
Maybe the reason is like this: in the past, we implement the IT infrastructure without security built in it. Internet spread widely in few years as security just can’t keep up with it. This has brought a lot of breaches or exposure at the networking layer. Read more…
In general, security market has a wide range of products and services. It consists of products (FW,IDS/IPS,VPN,UTM,SOC,4A,etc.) and services, e.g. Risk Assessment, Managed Security Services(including monitoring,etc.) , consulting services for Cobit/ITIL/ISO/IATF, solutions, system hardening, penetration testing, management , training etc.
We have a hard time selling our services. Because Chinese customers have a low recognition of the services unlike the westerners do. In their mind, services should be free if I have bought your product and you should do the rest of that. On the other hand, services aren’t unified and standardized. Customers won’t pay much money for it . That’s the problem.
Howerver security services are a promising market. No one is willing to lose this market, you’d better keep an eye on this always. Some day in the near future some kinds of services will come up. Security services will end up in the form of products in China market. Actually lots of company have done this in advance.
Recently, the famous networking website Facebook changed its policy which threatens the users’ privacy. While this seems to be an isolated case, however, it sends us strong message on how to protect our own privacy in such an information society.
Generally,we sign up a bunch of accounts at too many websites. For example, we create accounts on financial website for investing, and create another account on the other websites for emailing purpose. One month or one year later, we turned our attention to a new hot subject for one reason or another, say we like playing online game now, so we continue to create accounts, and setup another password for security purpose. We do the same things over and over again. Eventually we have created so many accounts without actually using it. So much of your personal data online without any care! (Even if you are very vigilant about the information, but it’s too long to remember the password to close your account accurately) Read more…
When we think of security ,we all think about security such as security products, security functions, control mechanism, privacy protection, implementation, maintenance, configuration, etc separately ,this causes many problems and adds up the overheads . Read more…
The world is changing quickly. It’s pleasure to see that China is now regarded as a major influence force of the whole world. That’s also true at the IT industry.
According to the report ,China is the fast-growing smartphone market. Furthermore, China has much more mobile phone subscribers than any other country in the world. Read more…
According to lots of publicly released reports ,there is conclusive evidence that security tools are used for attack purpose rather than their original purposes (proof of concept or education purpose ).
A lot of incidents of information system are related to a serious offense, especially in violation of security tools in a criminal manner.It’s easy to downlad the tools for the young guys and lots of tools are designed to be automatic.Even for a newbie,he or she is able to become a “super” hacker in cyberspace. They are attempting to shield themselves from the internet and arbitrarily attack anyone around the world they don’t like. Any viewpoints that it deems harmful to their images, they attack them too, however in nowadays, this action is more related to profit than ever. That’s the notorious Cyber Terrorism and underground economy.
It’s a common practice to deploy honeypot and snort to protect intranet by detecting the potential threats. Both of honeypot and snort are open source tools. During the global financial crisis, it’s becoming more attactive to build the information security management system (ISMS) with them when we are lack of enough budget to protect the intranet or LAN. Read more…
Long time ago, I would like to write something on web security, as lots of business being transferred to web infrastructure. The threat has become more severe in a short period of time. Web insecurity becomes a big problem today. We have no choice but to confront the issues. Read more…
Symantec unveils top internet security trends in 2008 and outlook for 2009. According to the trends of 2008 and predictions for 2009, trends that Symantec has seen in 2008 include:
- New Malware Variants or Families of Threats,
- Fake and Misleading Applications, Web-based Attacks.
Besides the three key trends above, Symantec also observes the following security trends: Read more…
What we need is moderate security and what we should do is moderate protection. We don’t need to put lots of money on something we actually don’t want. We should learn to accept the risk which we always have to confront!
Use the power of deterrent! Implement the (PDR)2 model, the macro level is Policy-Deterrent- Recovery(PDR) and the micro level is Protection-Detection-Response . we can do lots of things with a little budget, that is all we except.
P.S.:Any comments would be appricated, if you got any new ideas ,please let us me know!
As an IT security professional,we always hear that“I have the strongest mechanism and have lots of firewalls and IDS’s work together, I’m confident on my company’s information security” .Is that true ?
Are you sure that your security product or policy really works as they are designed ? How do you know they will be working in the right way ? Information security is a true world which base on reality – facts and numbers. No piece of complex software can be 100% secure out of the box. So ,what is the most cost-effective way to test your safety or security? Penetration testing, surely, is what exactly you need . Read more…
The title is very abstractive, isn’t it ? But that’s what we should confront. What does it mean? It means that we have a little budget to buy the security products and services, as well as employing talent guys to help us. The following points will help you out as you set out to secure your company.
1. Enforce the security policy and raise the staff awareness. Let all the employees know what they are entitled to while the rest is forbidden, if they are attempt to do something bad ,let they know we are watch on that , that is the power of deterrent . By this way, we can use 20% effort to prevent or discourage the occurrence of 80% incidents. Read more…
Recent Comments